This commit is contained in:
Roman Hergenreder 2019-12-29 19:05:19 +01:00
parent 45862b6590
commit 18c8bd9075
7 changed files with 168 additions and 0 deletions

BIN
Day 23/Santa-data.zip Normal file

Binary file not shown.

62
Day 23/decode.php Normal file

@ -0,0 +1,62 @@
#!/usr/bin/php
<?php
if(count($argv) < 4) {
die("Wrong Usage: " . $argv[0] . " <proc num> <start> <end>");
}
$PROC_NUM = $argv[1];
if(!is_numeric($argv[2])) {
die("NaN: start");
}
if(!is_numeric($argv[3])) {
die("NaN: end");
}
$start = intval($argv[2]);
$end = intval($argv[3]);
if($end < $start) {
die("Invalid interval: end < start");
}
$charset = 'abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789';
$zip = new ZipArchive();
$zip_status = $zip->open("Santa-data.zip");
if ($zip_status !== true) {
die("Could not open zip file");
}
for($t = $start; $t <= $end; $t++) {
srand($t);
$rand_str = "";
// if(($t-$start) % 10000000 == 0) {
// $progress = (($t-$start) / ($end - $start)) * 100;
// print("[$PROC_NUM] Progress: $progress%\n");
// }
for($j = 0; $j < 12; $j++) {
$rand_key = rand(0, 54 - 1);
$rand_str .= $charset[$rand_key];
}
// stdout for john
// if(strcmp($rand_str, "Kwmq3Sqmc5sA") == 0) {
// die("Done: $t\n");
// }
// 4160000
// print("$rand_str\n");
//
if ($zip->setPassword($rand_str)) {
if ($zip->extractTo(__DIR__)) {
die("PASSWORD: $rand_str");
}
}
}
?>

84
Day 23/decode.py Normal file

@ -0,0 +1,84 @@
#!/usr/bin/python
import subprocess
import re
import datetime
import hashlib
import base64
import requests
import random
import time
# charset = [chr(ord("0")+x) for x in range(10)] + \
# [chr(ord("A")+x) for x in range(26)] + \
# [chr(ord("a")+x) for x in range(26)]
# import BeautifulSoup4 as bs4
# def encode(sec):
# md5 = hashlib.md5(sec.encode("UTF-8")).digest()
# b64 = base64.b64encode(md5).decode("UTF-8")
# return b64
#
# password = "cswpWQfUu8fL"
# timestamp = "2019-12-23 11:43"
#
# d = datetime.datetime.strptime(timestamp, "%Y-%m-%d %H:%M" )
# seconds = int(d.timestamp())
# print()
#
# charset = "abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789";
# random.seed(0)
# print("".join([random.choice(charset) for i in range(12)])) # [charset[random.randint(0,len(charset) - 1)] for x in range(12)]))
# for s in range(60):
# for j in range(1000):
# random.seed(seconds + s)
# rand_indices = [random.randint(0,len(charset) - 1) for i in range(12)]
# rand_str = "".join([charset[i] for i in rand_indices])
# if rand_str == password or rand_str.lower() == password.lower():
# print(rand_str, rand_indices)
# for i in range(60):
# for j in range(100):
# b64 = encode("%d.%02d" % (seconds + i, j))
# if password in b64:
# print(b64)
# def getPassword():
# pass
# charset = []
# pattern = re.compile("<strong>(.*)<\/strong>")
# #
# for i in range(100):
# res = requests.post("http://whale.hacking-lab.com:23023/archive.php", data={"req[]":"blindball", "username":"test"})
# if res.status_code == 200:
# pw = pattern.search(res.text).group(1)
# print(time.time(), pw)
# for x in pw:
# if x not in charset:
# charset.append(x)
#
# print("".join(sorted(charset)))
min = 0
max = 2**32 - 1
num_processes = 4
steps = (max-min+1) // num_processes
start = min
procs = []
for i in range(num_processes):
end = start + steps
args = ["php", "decode.php", str(i+1), str(start), str(end)]
print("Starting subprocess:", " ".join(args))
procs.append(subprocess.Popen(args))
start = end + 1
break
# break
for proc in procs:
proc.wait()

BIN
Day 23/flag.txt Normal file

Binary file not shown.

2
Day 23/hash Normal file

@ -0,0 +1,2 @@
Santa-data.zip/flag.txt:$zip2$*0*1*0*d75ebd89add5cf76*75ca*25*8249d36387bf723d66085cb4334858bc69989550a643c4a614645d505889e91bdbd269787a*fe232081a44c398eeab9*$/zip2$:flag.txt:Santa-data.zip:Santa-data.zip
Santa-data.zip:$pkzip2$3*1*1*0*63*24*5e20*7c67*69e5d5637af3005ba4c1061964f8037c23d4d912fd8dd6bc59e65eadfc791a5c163461bc*1*0*63*24*8994*4eaf*99dc5ea6d837c104740f6d9e883d8b4c44028b2c0eed3f575925352e966cbe3c96c49176*2*0*39*25*b31e19ff*0*31*63*39*b31e*83ea*d75ebd89add5cf7675ca8249d36387bf723d66085cb4334858bc69989550a643c4a614645d505889e91bdbd269787afe232081a44c398eeab9*$/pkzip2$::Santa-data.zip:flag.txt, ball15.png, pearl.png:Santa-data.zip

2
Day 23/machine Normal file

@ -0,0 +1,2 @@
seed=4333287
pw=Kwmq3Sqmc5sA

18
Day 23/test.php Normal file

@ -0,0 +1,18 @@
<?php
// for($i = 0; $i < 1000; $i++)
// print(microtime(true) . "\n");
srand(1);
$alphabet = 'abcdefghijkmpqrstuvwxyzABCDEFGHJKLMPQRSTUVWXYZ23456789';
$out = "";
for($j = 0; $j < 12; $j++) {
$rand_key = rand(0, 54 - 1);
// var_dump($rand_key);
$out .= $alphabet[$rand_key];
}
var_dump($out);
?>