Home Explore Help
Register Sign In
Roman
/
Hackvent_2019
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Day 23

Roman Hergenreder 4 years ago
parent
45862b6590
commit
18c8bd9075
7 changed files with 168 additions and 0 deletions
Split View Show Diff Stats
  1. BIN
      Day 23/Santa-data.zip
  2. 62 0
      Day 23/decode.php
  3. 84 0
      Day 23/decode.py
  4. BIN
      Day 23/flag.txt
  5. 2 0
      Day 23/hash
  6. 2 0
      Day 23/machine
  7. 18 0
      Day 23/test.php

BIN
Day 23/Santa-data.zip
View File


+ 62 - 0
Day 23/decode.php
View File 

@@ -0,0 +1,62 @@
 
+#!/usr/bin/php
 
+<?php
 
+
 
+if(count($argv) < 4) {
 
+  die("Wrong Usage: " . $argv[0] . " <proc num> <start> <end>");
 
+}
 
+
 
+$PROC_NUM = $argv[1];
 
+
 
+if(!is_numeric($argv[2])) {
 
+  die("NaN: start");
 
+}
 
+
 
+if(!is_numeric($argv[3])) {
 
+  die("NaN: end");
 
+}
 
+
 
+$start = intval($argv[2]);
 
+$end   = intval($argv[3]);
 
+
 
+if($end < $start) {
 
+  die("Invalid interval: end < start");
 
+}
 
+
 
+$charset = 'abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789';
 
+$zip = new ZipArchive();
 
+$zip_status = $zip->open("Santa-data.zip");
 
+if ($zip_status !== true) {
 
+  die("Could not open zip file");
 
+}
 
+
 
+for($t = $start; $t <= $end; $t++) {
 
+
 
+  srand($t);
 
+  $rand_str = "";
 
+
 
+  // if(($t-$start) % 10000000 == 0) {
 
+  //   $progress = (($t-$start) / ($end - $start)) * 100;
 
+  //   print("[$PROC_NUM] Progress: $progress%\n");
 
+  // }
 
+
 
+  for($j = 0; $j < 12; $j++) {
 
+    $rand_key = rand(0, 54 - 1);
 
+    $rand_str .= $charset[$rand_key];
 
+  }
 
+
 
+  // stdout for john
 
+  // if(strcmp($rand_str, "Kwmq3Sqmc5sA") == 0) {
 
+  //   die("Done: $t\n");
 
+  // }
 
+
 
+  // 4160000
 
+  // print("$rand_str\n");
 
+  //
 
+  if ($zip->setPassword($rand_str)) {
 
+    if ($zip->extractTo(__DIR__)) {
 
+      die("PASSWORD: $rand_str");
 
+    }
 
+  }
 
+}
 
+
 
+?>

+ 84 - 0
Day 23/decode.py
View File 

@@ -0,0 +1,84 @@
 
+#!/usr/bin/python
 
+
 
+import subprocess
 
+import re
 
+import datetime
 
+import hashlib
 
+import base64
 
+import requests
 
+import random
 
+import time
 
+
 
+# charset = [chr(ord("0")+x) for x in range(10)] + \
 
+#           [chr(ord("A")+x) for x in range(26)] + \
 
+#           [chr(ord("a")+x) for x in range(26)]
 
+
 
+
 
+# import BeautifulSoup4 as bs4
 
+
 
+# def encode(sec):
 
+#     md5 = hashlib.md5(sec.encode("UTF-8")).digest()
 
+#     b64 = base64.b64encode(md5).decode("UTF-8")
 
+#     return b64
 
+#
 
+# password = "cswpWQfUu8fL"
 
+# timestamp = "2019-12-23 11:43"
 
+#
 
+# d = datetime.datetime.strptime(timestamp, "%Y-%m-%d %H:%M" )
 
+# seconds = int(d.timestamp())
 
+# print()
 
+#
 
+# charset = "abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789";
 
+# random.seed(0)
 
+# print("".join([random.choice(charset) for i in range(12)])) # [charset[random.randint(0,len(charset) - 1)] for x in range(12)]))
 
+
 
+# for s in range(60):
 
+#     for j in range(1000):
 
+#         random.seed(seconds + s)
 
+#         rand_indices = [random.randint(0,len(charset) - 1) for i in range(12)]
 
+#         rand_str = "".join([charset[i] for i in rand_indices])
 
+#         if rand_str == password or rand_str.lower() == password.lower():
 
+#             print(rand_str, rand_indices)
 
+
 
+# for i in range(60):
 
+#     for j in range(100):
 
+#         b64 = encode("%d.%02d" % (seconds + i, j))
 
+#         if password in b64:
 
+#             print(b64)
 
+
 
+# def getPassword():
 
+#     pass
 
+
 
+# charset = []
 
+# pattern = re.compile("<strong>(.*)<\/strong>")
 
+# #
 
+# for i in range(100):
 
+#     res = requests.post("http://whale.hacking-lab.com:23023/archive.php", data={"req[]":"blindball", "username":"test"})
 
+#     if res.status_code == 200:
 
+#         pw = pattern.search(res.text).group(1)
 
+#         print(time.time(), pw)
 
+#         for x in pw:
 
+#             if x not in charset:
 
+#                 charset.append(x)
 
+#
 
+# print("".join(sorted(charset)))
 
+
 
+min = 0
 
+max = 2**32 - 1
 
+num_processes = 4
 
+steps = (max-min+1) // num_processes
 
+start = min
 
+
 
+procs = []
 
+
 
+for i in range(num_processes):
 
+    end = start + steps
 
+    args = ["php", "decode.php", str(i+1), str(start), str(end)]
 
+    print("Starting subprocess:", " ".join(args))
 
+    procs.append(subprocess.Popen(args))
 
+    start = end + 1
 
+    break
 
+    # break
 
+
 
+for proc in procs:
 
+    proc.wait()

BIN
Day 23/flag.txt
View File


+ 2 - 0
Day 23/hash
View File 

@@ -0,0 +1,2 @@
 
+Santa-data.zip/flag.txt:$zip2$*0*1*0*d75ebd89add5cf76*75ca*25*8249d36387bf723d66085cb4334858bc69989550a643c4a614645d505889e91bdbd269787a*fe232081a44c398eeab9*$/zip2$:flag.txt:Santa-data.zip:Santa-data.zip
 
+Santa-data.zip:$pkzip2$3*1*1*0*63*24*5e20*7c67*69e5d5637af3005ba4c1061964f8037c23d4d912fd8dd6bc59e65eadfc791a5c163461bc*1*0*63*24*8994*4eaf*99dc5ea6d837c104740f6d9e883d8b4c44028b2c0eed3f575925352e966cbe3c96c49176*2*0*39*25*b31e19ff*0*31*63*39*b31e*83ea*d75ebd89add5cf7675ca8249d36387bf723d66085cb4334858bc69989550a643c4a614645d505889e91bdbd269787afe232081a44c398eeab9*$/pkzip2$::Santa-data.zip:flag.txt, ball15.png, pearl.png:Santa-data.zip

+ 2 - 0
Day 23/machine
View File 

@@ -0,0 +1,2 @@
 
+seed=4333287
 
+pw=Kwmq3Sqmc5sA

+ 18 - 0
Day 23/test.php
View File 

@@ -0,0 +1,18 @@
 
+<?php
 
+
 
+// for($i = 0; $i < 1000; $i++)
 
+//   print(microtime(true) . "\n");
 
+
 
+srand(1);
 
+$alphabet = 'abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789';
 
+$out = "";
 
+
 
+for($j = 0; $j < 12; $j++) {
 
+  $rand_key = rand(0, 54 - 1);
 
+  // var_dump($rand_key);
 
+  $out .= $alphabet[$rand_key];
 
+}
 
+
 
+var_dump($out);
 
+
 
+?>