-
Notifications
You must be signed in to change notification settings - Fork 39
/
index.js
45 lines (35 loc) · 1.24 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
var CryptoJS = require("crypto-js");
var base64_iv = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
var iv = CryptoJS.enc.Hex.parse(base64_iv);
var AESKey = '2B7E151628AED2A6ABF7158809CF4F3C';
var key = CryptoJS.enc.Hex.parse(AESKey);
var message = "username:password";
const password = AESKey;
console.log(password); // added vulnerability
// ENCRYPT /////////////////////////////////////////////////////////////////////
// Encrypt
iv = CryptoJS.enc.Hex.parse(base64_iv); // resets IV back to initial state
var ebytes = CryptoJS.AES.encrypt( message, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.ZeroPadding
});
var ciphertext = ebytes.toString();
console.log("ciphertext: ", ciphertext);
// DECRYPT /////////////////////////////////////////////////////////////////////
// Decrypt
var bytes = CryptoJS.AES.decrypt( ciphertext, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.ZeroPadding
});
var plaintext = bytes.toString(CryptoJS.enc.Base64);
var decoded_b64msg = new Buffer(plaintext, 'base64').toString('ascii');
console.log("Decrypted message: ", decoded_b64msg);
if (decoded_b64msg == message) {
console.log("Test passed.\n");
process.exit(0);
} else {
console.log("Test failed.\n");
process.exit(1);
}