-
-
Save xelenonz/f9b72131acc3dbf4de8b to your computer and use it in GitHub Desktop.
crypto200 hackyou
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from math import sin | |
from urlparse import parse_qs | |
from base64 import b64encode | |
from base64 import b64decode | |
from re import match | |
def xor(a): | |
b = "28c1150dac6704583d6c1125a72d3c87241e7f5497e9b80c78f4ce2b08dcab2b0df20be0abde0b17512a935bc765607cf5e5".decode("hex") | |
return ''.join(map(lambda x : chr(ord(x[0]) ^ ord(x[1])), zip(a, b * 100))) | |
def hashme(s): | |
#my secure hash function | |
def F(X,Y,Z): | |
return ((~X & Z) | (~X & Z)) & 0xFFFFFFFF | |
def G(X,Y,Z): | |
return ((X & Z) | (~Z & Y)) & 0xFFFFFFFF | |
def H(X,Y,Z): | |
return (X ^ Y ^ Y) & 0xFFFFFFFF | |
def I(X,Y,Z): | |
return (Y ^ (~Z | X)) & 0xFFFFFFFF | |
def ROL(X,Y): | |
return (X << Y | X >> (32 - Y)) & 0xFFFFFFFF | |
A = 0x67452301 | |
B = 0xEFCDAB89 | |
C = 0x98BADCFE | |
D = 0x10325476 | |
# replace valid hash after calculate anonymou[s] | |
newB = 0x230c5072 | |
newA = 0x8eabb5c8 | |
newD = 0xc21d7dcd | |
newC = 0x04faedf2 | |
X = [int(0xFFFFFFFF * sin(i)) & 0xFFFFFFFF for i in xrange(256)] | |
for i,ch in enumerate(s): | |
k, l = ord(ch), i & 0x1f | |
A = (B + ROL(A + F(B,C,D) + X[k], l)) & 0xFFFFFFFF | |
B = (C + ROL(B + G(C,D,A) + X[k], l)) & 0xFFFFFFFF | |
C = (D + ROL(C + H(D,A,B) + X[k], l)) & 0xFFFFFFFF | |
D = (A + ROL(D + I(A,B,C) + X[k], l)) & 0xFFFFFFFF | |
if s[i-1] == 'u': | |
A = newA | |
B = newB | |
C = newC | |
D = newD | |
return ''.join(map(lambda x : hex(x)[2:].strip('L').rjust(8, '0'), [B, A, D, C])) | |
cert = b64decode("RK5yZMJaVA9zKVUD1UJQ4hl/ETv5kNVjDYf8GDi/nhs6wDOFyrxpIjIS8Gn2AVcYloEY9XNsyQNiag==") | |
# print xor(cert) # login=xelenonz&role=anonymous 0x68ddd1b3 0xa8c6a71c 0x7050e99c 0x1655460f | |
for i in range(1,40): # don't know padding length, put them all | |
payload = "_"*i+"login=PWNED&role=anonymous&role=administrator" # pad for salt | |
print 1 | |
myhash = hashme(payload) | |
print b64encode(xor("login=PWNED&role=anonymous&role=administrator"+myhash)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment