From dee1d17d4746170c2633971189d831891c1cba4c Mon Sep 17 00:00:00 2001 From: pcfkh8sw5 Date: Sun, 25 Dec 2022 17:42:17 +0800 Subject: [PATCH] ADD file via upload --- ECB_attrack.py | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 ECB_attrack.py diff --git a/ECB_attrack.py b/ECB_attrack.py new file mode 100644 index 0000000..ac6e54c --- /dev/null +++ b/ECB_attrack.py @@ -0,0 +1,59 @@ +import socket +import re + +host = '110.41.145.99' +port = 8005 +def Tostr(st): + return st.encode(encoding='UTF8') + +def connect(): + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect((host,port)) + return s + +def getCliphertext(data): + p1 = r"(>)(.*?)(\r\n)" + pattern1 = re.compile(p1) + data = pattern1.findall(data)[0][1] + return data + +def get_pad_len(s): + s.recv(1024) + for i in range(1,16): + payload1 = "encrypt "+'a'*i + s.send(Tostr(payload1)) + data = (s.recv(1024)).decode('utf-8') + data = getCliphertext(data) + if i==1: + slen = len(data) + if len(data)>slen: + break + return i-1 + +def forcerFlag(s,slen): + padd = 'a'*(slen+1) + plaintext = "" + print("start...") + array = "`1234567890-=+qwertyuiop[]asdfghjkl;'zxcvbnm,./?<>!@#$%^&*()QWERTYUIOP{}ASDFGHJKLZXCVBNM:" + for i in range(19): + for ch in array: + payload2 = "encrypt "+ch+plaintext+'*'*15+padd + s.send(Tostr(payload2)) + data = (s.recv(1024)).decode('utf-8') + data = getCliphertext(data) + bp = data[:32] + sec = data[96:128] + if bp==sec: + plaintext = ch +plaintext + print(plaintext) + break + return plaintext + +def exp(): + s = connect() + slen = get_pad_len(s) + plaintext = forcerFlag(s,slen) + print(plaintext) + +if __name__ == '__main__': + exp()