-
Notifications
You must be signed in to change notification settings - Fork 42
/
challenge26.py
29 lines (25 loc) · 970 Bytes
/
challenge26.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
from Cryptodome.Cipher import AES
from Cryptodome.Random import get_random_bytes
from Cryptodome.Random.random import getrandbits
import challenge15
import challenge18
import util
key = get_random_bytes(16)
nonce = getrandbits(64)
def encryptParams(userdata):
userdata = userdata.replace(';', '%3B').replace('=', '%3D')
x1 = b'comment1=cooking%20MCs;userdata='
x2 = b';comment2=%20like%20a%20pound%20of%20bacon'
params = x1 + userdata.encode('ascii') + x2
cipher = challenge18.CTR(AES.new(key, AES.MODE_ECB), nonce)
return cipher.encrypt(util.padPKCS7(params, 16))
def decryptParamsAndCheckAdmin(encryptedParams):
cipher = challenge18.CTR(AES.new(key, AES.MODE_ECB), nonce)
paddedParams = cipher.decrypt(encryptedParams)
params = challenge15.unpadPKCS7(paddedParams)
return params.find(b';admin=true;') != -1
x = list(encryptParams(':admin<true:'))
x[32] ^= 1
x[38] ^= 1
x[43] ^= 1
print(decryptParamsAndCheckAdmin(bytes(x)))