You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
1.5 KiB
60 lines
1.5 KiB
import socket
|
|
import re
|
|
|
|
host = '110.41.145.99'
|
|
port = 8005
|
|
def Tostr(st):
|
|
return st.encode(encoding='UTF8')
|
|
|
|
def connect():
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
s.connect((host,port))
|
|
return s
|
|
|
|
def getCliphertext(data):
|
|
p1 = r"(>)(.*?)(\r\n)"
|
|
pattern1 = re.compile(p1)
|
|
data = pattern1.findall(data)[0][1]
|
|
return data
|
|
|
|
def get_pad_len(s):
|
|
s.recv(1024)
|
|
for i in range(1,16):
|
|
payload1 = "encrypt "+'a'*i
|
|
s.send(Tostr(payload1))
|
|
data = (s.recv(1024)).decode('utf-8')
|
|
data = getCliphertext(data)
|
|
if i==1:
|
|
slen = len(data)
|
|
if len(data)>slen:
|
|
break
|
|
return i-1
|
|
|
|
def forcerFlag(s,slen):
|
|
padd = 'a'*(slen+1)
|
|
plaintext = ""
|
|
print("start...")
|
|
array = "`1234567890-=+qwertyuiop[]asdfghjkl;'zxcvbnm,./?<>!@#$%^&*()QWERTYUIOP{}ASDFGHJKLZXCVBNM:"
|
|
for i in range(19):
|
|
for ch in array:
|
|
payload2 = "encrypt "+ch+plaintext+'*'*15+padd
|
|
s.send(Tostr(payload2))
|
|
data = (s.recv(1024)).decode('utf-8')
|
|
data = getCliphertext(data)
|
|
bp = data[:32]
|
|
sec = data[96:128]
|
|
if bp==sec:
|
|
plaintext = ch +plaintext
|
|
print(plaintext)
|
|
break
|
|
return plaintext
|
|
|
|
def exp():
|
|
s = connect()
|
|
slen = get_pad_len(s)
|
|
plaintext = forcerFlag(s,slen)
|
|
print(plaintext)
|
|
|
|
if __name__ == '__main__':
|
|
exp()
|