captain-woof · July 13, 2021 19:43 · lorschy · Feb 12, 2022
diff --git a/htb-flippin-bank-solution.py b/htb-flippin-bank-solution.py
 from pwn.toplevel import remote, log

 # Get ciphertext from encryption oracle for chosen username and password, and submit
 # ciphertext as solution optionally
 def get_username_password_ciphertext(username,password,ciphertext_to_submit = None):
    r = remote(host,port)
    r.sendafter("username: ",username)
    r.sendafter("password: ",password)
    r.recvuntil("Leaked ciphertext: ")
    ciphertext = r.recvline().decode().rstrip()
    if ciphertext_to_submit is None:
        r.close()
        return ciphertext
    else:
        r.sendafter("enter ciphertext: ",ciphertext_to_submit)
        return r.recvall()

 # Get n-th block from ciphertext hex string
 def get_n_block(s,n):
    return bytes.fromhex(s[(n-1)*32:(32*n)])

 # MAIN
 # Target host
 # BLOCKS -> b"logged_username=",b"admin&password=g",b"0ld3n_b0y"+b"\x07"*7

 host,port = "46.101.89.127",32216
 real_username,incorrect_username,password = "admin","bdmin","g0ld3n_b0y" # Username starts where second block starts; Usernames differ only by first character

 # Ciphertext for fake username
 log.info("Getting ciphertext for {}:{}".format(incorrect_username,password))
 incorrect_ciphertext = get_username_password_ciphertext(incorrect_username,password)
 log.info("Fake ciphertext -> {}".format(incorrect_ciphertext))

 # Flip 1st byte of block 2 by flipping 1st byte of b1 to get a correct ciphertext
 b1 = get_n_block(incorrect_ciphertext,1)
 b2 = get_n_block(incorrect_ciphertext,2)
 b3 = get_n_block(incorrect_ciphertext,3)

 b1_new = []
 flipped_byte = (b1[0] ^ ord(real_username[0]) ^ ord(incorrect_username[0])).to_bytes(1,"big")
 b1_new = flipped_byte + b1[1:]

 correct_ciphertext = (bytes(b1_new) + b2 + b3).hex()
 log.info("Correct ciphertext -> {}".format(correct_ciphertext))

 # Make new connection
 log.info("Submitting correct ciphertext and getting flag...")
 log.info(get_username_password_ciphertext(incorrect_username,password,correct_ciphertext))
	from pwn.toplevel import remote, log

	# Get ciphertext from encryption oracle for chosen username and password, and submit
	# ciphertext as solution optionally
	def get_username_password_ciphertext(username,password,ciphertext_to_submit = None):
	r = remote(host,port)
	r.sendafter("username: ",username)
	r.sendafter("password: ",password)
	r.recvuntil("Leaked ciphertext: ")
	ciphertext = r.recvline().decode().rstrip()
	if ciphertext_to_submit is None:
	r.close()
	return ciphertext
	else:
	r.sendafter("enter ciphertext: ",ciphertext_to_submit)
	return r.recvall()

	# Get n-th block from ciphertext hex string
	def get_n_block(s,n):
	return bytes.fromhex(s[(n-1)32:(32n)])

	# MAIN
	# Target host
	# BLOCKS -> b"logged_username=",b"admin&password=g",b"0ld3n_b0y"+b"\x07"*7

	host,port = "46.101.89.127",32216
	real_username,incorrect_username,password = "admin","bdmin","g0ld3n_b0y" # Username starts where second block starts; Usernames differ only by first character

	# Ciphertext for fake username
	log.info("Getting ciphertext for {}:{}".format(incorrect_username,password))
	incorrect_ciphertext = get_username_password_ciphertext(incorrect_username,password)
	log.info("Fake ciphertext -> {}".format(incorrect_ciphertext))

	# Flip 1st byte of block 2 by flipping 1st byte of b1 to get a correct ciphertext
	b1 = get_n_block(incorrect_ciphertext,1)
	b2 = get_n_block(incorrect_ciphertext,2)
	b3 = get_n_block(incorrect_ciphertext,3)

	b1_new = []
	flipped_byte = (b1[0] ^ ord(real_username[0]) ^ ord(incorrect_username[0])).to_bytes(1,"big")
	b1_new = flipped_byte + b1[1:]

	correct_ciphertext = (bytes(b1_new) + b2 + b3).hex()
	log.info("Correct ciphertext -> {}".format(correct_ciphertext))

	# Make new connection
	log.info("Submitting correct ciphertext and getting flag...")
	log.info(get_username_password_ciphertext(incorrect_username,password,correct_ciphertext))
No results found