#!/usr/bin/env python3 from hashlib import md5, sha1 import sys from secret import salt, pepper from flag import flag assert len(salt) == len(pepper) == 19 assert md5(salt).hexdigest() == '5f72c4360a2287bc269e0ccba6fc24ba' assert sha1(pepper).hexdigest() == '3e0d000a4b0bd712999d730bc331f400221008e0' def auth_check(salt, pepper, username, password, h): return sha1(pepper + password + md5(salt + username).hexdigest().encode('utf-8')).hexdigest() == h def die(*args): pr(*args) quit() def pr(*args): s = " ".join(map(str, args)) sys.stdout.write(s + "\n") sys.stdout.flush() def sc(): return sys.stdin.readline().strip() def main(): border = "+" pr(border*72) pr(border, " welcome to hash killers battle, your mission is to login into the ", border) pr(border, " ultra secure authentication server with provided information!! ", border) pr(border*72) USERNAME = b'n3T4Dm1n' PASSWORD = b'P4s5W0rd' while True: pr("| Options: \n|\t[L]ogin to server \n|\t[Q]uit") ans = sc().lower() if ans == 'l': pr('| send your username, password as hex string separated with comma: ') inp = sc() try: inp_username, inp_password = [bytes.fromhex(s) for s in inp.split(',')] except: die('| your input is not valid, bye!!') pr('| send your authentication hash: ') inp_hash = sc() if USERNAME in inp_username and PASSWORD in inp_password: if auth_check(salt, pepper, inp_username, inp_password, inp_hash): die(f'| Congrats, you are master in hash killing, and it is the flag: {flag}') else: die('| your credential is not valid, Bye!!!') else: die('| Kidding me?! Bye!!!') elif ans == 'q': die("Quitting ...") else: die("Bye ...") if __name__ == '__main__': main()
sha1とmd5のLength Extension Attack
from ptrlib import Socket, lenext, SHA1, MD5 len_salt = 19 salt_digest = '5f72c4360a2287bc269e0ccba6fc24ba' pepper_digest = '3e0d000a4b0bd712999d730bc331f400221008e0' USERNAME = b'n3T4Dm1n' PASSWORD = b'P4s5W0rd' username_hash, username_data = lenext(MD5, len_salt, salt_digest, b"", USERNAME) new_hash, password_data = lenext(SHA1, len_salt, pepper_digest, b"", PASSWORD + username_hash.encode()) payload = username_data.hex() + "," + password_data[:-32].hex() sock = Socket("nc 02.cr.yp.toc.tf 28010") sock.sendlineafter("[Q]uit\n", "l") sock.sendlineafter("comma: ", payload) sock.sendlineafter("hash: ", new_hash) sock.sh()