Compress and Attack
This commit is contained in:
Maxime Vorwerk
35
compress_and_attack/compress_and_attack.py
Executable file
35
compress_and_attack/compress_and_attack.py
Executable file
@@ -0,0 +1,35 @@
|
|||||||
|
#!python3
|
||||||
|
|
||||||
|
import zlib
|
||||||
|
from random import randint
|
||||||
|
import os
|
||||||
|
from Crypto.Cipher import Salsa20
|
||||||
|
|
||||||
|
flag = open("./flag").read()
|
||||||
|
|
||||||
|
|
||||||
|
def compress(text):
|
||||||
|
return zlib.compress(bytes(text.encode("utf-8")))
|
||||||
|
|
||||||
|
def encrypt(plaintext):
|
||||||
|
secret = os.urandom(32)
|
||||||
|
cipher = Salsa20.new(key=secret)
|
||||||
|
return cipher.nonce + cipher.encrypt(plaintext)
|
||||||
|
|
||||||
|
def main():
|
||||||
|
while True:
|
||||||
|
usr_input = input("Enter your text to be encrypted: ")
|
||||||
|
compressed_text = compress(flag + usr_input)
|
||||||
|
encrypted = encrypt(compressed_text)
|
||||||
|
|
||||||
|
nonce = encrypted[:8]
|
||||||
|
encrypted_text = encrypted[8:]
|
||||||
|
print(nonce)
|
||||||
|
print(encrypted_text)
|
||||||
|
print(len(encrypted_text))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
1
compress_and_attack/flag
Normal file
1
compress_and_attack/flag
Normal file
@@ -0,0 +1 @@
|
|||||||
|
picoCTF{flagFLAG}
|
||||||
45
compress_and_attack/sol.py
Executable file
45
compress_and_attack/sol.py
Executable file
@@ -0,0 +1,45 @@
|
|||||||
|
#!python3
|
||||||
|
from pwn import *
|
||||||
|
import string
|
||||||
|
import ast
|
||||||
|
|
||||||
|
#conn = process(["python3", "compress_and_attack.py"])
|
||||||
|
conn = remote("mercury.picoctf.net", 2431)
|
||||||
|
conn.recvuntil(b": ")
|
||||||
|
|
||||||
|
def encrypt(text):
|
||||||
|
conn.sendline(text)
|
||||||
|
nonce = ast.literal_eval(conn.recvline().decode())
|
||||||
|
encrypted = ast.literal_eval(conn.recvline().decode())
|
||||||
|
length = int(conn.recvline())
|
||||||
|
conn.recvuntil(b": ")
|
||||||
|
|
||||||
|
return nonce, encrypted, length
|
||||||
|
|
||||||
|
CHARACTERSET = string.ascii_lowercase + string.digits + " }_"
|
||||||
|
|
||||||
|
prefix = "picoCTF{"
|
||||||
|
pre_known = "sheriff_you_solved_"
|
||||||
|
|
||||||
|
max_chars = 20
|
||||||
|
sol_char = prefix[-1]
|
||||||
|
sol_string = prefix+pre_known
|
||||||
|
while sol_char != '}':
|
||||||
|
P = log.progress("trying characters... ")
|
||||||
|
min_char = ""
|
||||||
|
min_size = 1000000000000000000000000000000000
|
||||||
|
for c in CHARACTERSET:
|
||||||
|
P.status(sol_string+c)
|
||||||
|
s = 0
|
||||||
|
n = 1
|
||||||
|
for _ in range(n):
|
||||||
|
_, encrypted, _ = encrypt((sol_string+c).encode())
|
||||||
|
s += len(encrypted)
|
||||||
|
if s < min_size:
|
||||||
|
min_char = c
|
||||||
|
min_size = s
|
||||||
|
|
||||||
|
sol_char = min_char
|
||||||
|
sol_string += min_char
|
||||||
|
P.success(sol_string)
|
||||||
|
|
||||||
Reference in New Issue
Block a user