Day 23

2019-12-29 19:05:19 +01:00 · 2019-12-29 19:05:19 +01:00 · 18c8bd9075
commit 18c8bd9075
parent 45862b6590
7 changed files with 168 additions and 0 deletions
--- a/23/Santa-data.zip
+++ b/23/Santa-data.zip
--- a/23/decode.php
+++ b/23/decode.php
@ -0,0 +1,62 @@
+#!/usr/bin/php
+<?php
+
+if(count($argv) < 4) {
+  die("Wrong Usage: " . $argv[0] . " <proc num> <start> <end>");
+}
+
+$PROC_NUM = $argv[1];
+
+if(!is_numeric($argv[2])) {
+  die("NaN: start");
+}
+
+if(!is_numeric($argv[3])) {
+  die("NaN: end");
+}
+
+$start = intval($argv[2]);
+$end   = intval($argv[3]);
+
+if($end < $start) {
+  die("Invalid interval: end < start");
+}
+
+$charset = 'abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789';
+$zip = new ZipArchive();
+$zip_status = $zip->open("Santa-data.zip");
+if ($zip_status !== true) {
+  die("Could not open zip file");
+}
+
+for($t = $start; $t <= $end; $t++) {
+
+  srand($t);
+  $rand_str = "";
+
+  // if(($t-$start) % 10000000 == 0) {
+  //   $progress = (($t-$start) / ($end - $start)) * 100;
+  //   print("[$PROC_NUM] Progress: $progress%\n");
+  // }
+
+  for($j = 0; $j < 12; $j++) {
+    $rand_key = rand(0, 54 - 1);
+    $rand_str .= $charset[$rand_key];
+  }
+
+  // stdout for john
+  // if(strcmp($rand_str, "Kwmq3Sqmc5sA") == 0) {
+  //   die("Done: $t\n");
+  // }
+
+  // 4160000
+  // print("$rand_str\n");
+  //
+  if ($zip->setPassword($rand_str)) {
+    if ($zip->extractTo(__DIR__)) {
+      die("PASSWORD: $rand_str");
+    }
+  }
+}
+
+?>
--- a/23/decode.py
+++ b/23/decode.py
@ -0,0 +1,84 @@
+#!/usr/bin/python
+
+import subprocess
+import re
+import datetime
+import hashlib
+import base64
+import requests
+import random
+import time
+
+# charset = [chr(ord("0")+x) for x in range(10)] + \
+#           [chr(ord("A")+x) for x in range(26)] + \
+#           [chr(ord("a")+x) for x in range(26)]
+
+
+# import BeautifulSoup4 as bs4
+
+# def encode(sec):
+#     md5 = hashlib.md5(sec.encode("UTF-8")).digest()
+#     b64 = base64.b64encode(md5).decode("UTF-8")
+#     return b64
+#
+# password = "cswpWQfUu8fL"
+# timestamp = "2019-12-23 11:43"
+#
+# d = datetime.datetime.strptime(timestamp, "%Y-%m-%d %H:%M" )
+# seconds = int(d.timestamp())
+# print()
+#
+# charset = "abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789";
+# random.seed(0)
+# print("".join([random.choice(charset) for i in range(12)])) # [charset[random.randint(0,len(charset) - 1)] for x in range(12)]))
+
+# for s in range(60):
+#     for j in range(1000):
+#         random.seed(seconds + s)
+#         rand_indices = [random.randint(0,len(charset) - 1) for i in range(12)]
+#         rand_str = "".join([charset[i] for i in rand_indices])
+#         if rand_str == password or rand_str.lower() == password.lower():
+#             print(rand_str, rand_indices)
+
+# for i in range(60):
+#     for j in range(100):
+#         b64 = encode("%d.%02d" % (seconds + i, j))
+#         if password in b64:
+#             print(b64)
+
+# def getPassword():
+#     pass
+
+# charset = []
+# pattern = re.compile("<strong>(.*)<\/strong>")
+# #
+# for i in range(100):
+#     res = requests.post("http://whale.hacking-lab.com:23023/archive.php", data={"req[]":"blindball", "username":"test"})
+#     if res.status_code == 200:
+#         pw = pattern.search(res.text).group(1)
+#         print(time.time(), pw)
+#         for x in pw:
+#             if x not in charset:
+#                 charset.append(x)
+#
+# print("".join(sorted(charset)))
+
+min = 0
+max = 2**32 - 1
+num_processes = 4
+steps = (max-min+1) // num_processes
+start = min
+
+procs = []
+
+for i in range(num_processes):
+    end = start + steps
+    args = ["php", "decode.php", str(i+1), str(start), str(end)]
+    print("Starting subprocess:", " ".join(args))
+    procs.append(subprocess.Popen(args))
+    start = end + 1
+    break
+    # break
+
+for proc in procs:
+    proc.wait()
--- a/23/flag.txt
+++ b/23/flag.txt
--- a/23/hash
+++ b/23/hash
@ -0,0 +1,2 @@
+Santa-data.zip/flag.txt:$zip2$*0*1*0*d75ebd89add5cf76*75ca*25*8249d36387bf723d66085cb4334858bc69989550a643c4a614645d505889e91bdbd269787a*fe232081a44c398eeab9*$/zip2$:flag.txt:Santa-data.zip:Santa-data.zip
+Santa-data.zip:$pkzip2$3*1*1*0*63*24*5e20*7c67*69e5d5637af3005ba4c1061964f8037c23d4d912fd8dd6bc59e65eadfc791a5c163461bc*1*0*63*24*8994*4eaf*99dc5ea6d837c104740f6d9e883d8b4c44028b2c0eed3f575925352e966cbe3c96c49176*2*0*39*25*b31e19ff*0*31*63*39*b31e*83ea*d75ebd89add5cf7675ca8249d36387bf723d66085cb4334858bc69989550a643c4a614645d505889e91bdbd269787afe232081a44c398eeab9*$/pkzip2$::Santa-data.zip:flag.txt, ball15.png, pearl.png:Santa-data.zip
--- a/23/machine
+++ b/23/machine
@ -0,0 +1,2 @@
+seed=4333287
+pw=Kwmq3Sqmc5sA
--- a/23/test.php
+++ b/23/test.php
@ -0,0 +1,18 @@
+<?php
+
+// for($i = 0; $i < 1000; $i++)
+//   print(microtime(true) . "\n");
+
+srand(1);
+$alphabet = 'abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789';
+$out = "";
+
+for($j = 0; $j < 12; $j++) {
+  $rand_key = rand(0, 54 - 1);
+  // var_dump($rand_key);
+  $out .= $alphabet[$rand_key];
+}
+
+var_dump($out);
+
+?>