Home Explore Help
Register Sign In
Roman
/
Hackvent_2023
1
0
Fork 0
Files
Browse Source

Day 20

Roman Hergenreder 4 months ago
parent
c3399c89ef
commit
14a2b0f4ad
4 changed files with 668 additions and 0 deletions
Split View Show Diff Stats
  1. BIN
      Day 20/CandyCaneLicensing.dll
  2. 465 0
      Day 20/candy_maps.py
  3. 156 0
      Day 20/exploit.py
  4. 47 0
      Day 20/machine

BIN
Day 20/CandyCaneLicensing.dll
View File


+ 465 - 0
Day 20/candy_maps.py
View File 

@@ -0,0 +1,465 @@
 
+
 
+CANDY_MAP = [
 
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	0, 1, 2, 3, 4, 5, 6, 7, 255, 255,
 
+	255, 255, 255, 255, 255, 8, 9, 10, 11, 12,
 
+	13, 14, 15, 255, 16, 17, 18, 19, 20, 255,
 
+	21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
 
+	31, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 
+	255, 255, 255, 255, 255, 255
 
+]
 
+
 
+SHUFFLER = [
 
+    26, 1, 5, 20, 15, 2, 21, 25, 27, 3,
 
+	13, 31, 20, 27, 27, 11, 18, 27, 26, 11,
 
+	0, 23, 3, 26
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_00 = [
 
+	26, 27, 6, 4, 31, 15, 20, 2, 28, 12,
 
+	0, 23, 24, 18, 5, 8, 10, 25, 3, 21,
 
+	7, 9, 22, 13, 14, 1, 16, 30, 17, 19,
 
+	29, 11
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_01 = [
 
+	9, 6, 30, 22, 20, 28, 5, 31, 0, 24,
 
+	21, 2, 4, 27, 16, 12, 29, 18, 25, 17,
 
+	11, 26, 1, 19, 10, 8, 3, 14, 15, 13,
 
+	7, 23
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_02 = [
 
+	6, 8, 19, 7, 16, 23, 20, 12, 28, 21,
 
+	1, 5, 14, 3, 13, 29, 9, 11, 10, 31,
 
+	27, 26, 4, 30, 18, 17, 15, 24, 22, 25,
 
+	0, 2
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_03 = [
 
+	10, 23, 5, 15, 21, 18, 25, 11, 31, 19,
 
+	16, 20, 12, 22, 8, 26, 17, 24, 4, 30,
 
+	0, 14, 6, 13, 2, 9, 28, 27, 1, 29,
 
+	7, 3
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_04 = [
 
+	26, 14, 11, 18, 24, 8, 17, 6, 31, 23,
 
+	28, 9, 3, 1, 7, 16, 15, 19, 13, 2,
 
+	29, 10, 22, 27, 30, 0, 12, 25, 5, 4,
 
+	21, 20
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_05 = [
 
+	30, 16, 3, 0, 6, 24, 18, 14, 22, 26,
 
+	29, 27, 8, 10, 1, 31, 25, 13, 12, 7,
 
+	15, 23, 5, 20, 17, 19, 11, 21, 2, 4,
 
+	28, 9
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_06 = [
 
+	1, 31, 17, 27, 16, 4, 5, 10, 15, 20,
 
+	14, 2, 22, 21, 23, 25, 0, 12, 13, 28,
 
+	6, 3, 11, 29, 9, 18, 24, 30, 26, 7,
 
+	8, 19
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_07 = [
 
+	15, 31, 18, 25, 1, 21, 3, 29, 6, 2,
 
+	27, 11, 24, 28, 0, 30, 4, 19, 20, 23,
 
+	7, 12, 22, 14, 16, 9, 26, 10, 5, 17,
 
+	13, 8
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_08 = [
 
+	19, 2, 17, 9, 31, 11, 4, 30, 29, 13,
 
+	0, 25, 15, 23, 26, 1, 21, 20, 6, 22,
 
+	27, 16, 7, 24, 10, 18, 28, 14, 8, 5,
 
+	3, 12
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_09 = [
 
+	28, 24, 4, 13, 18, 12, 23, 7, 5, 30,
 
+	19, 3, 2, 17, 27, 15, 16, 25, 21, 14,
 
+	31, 10, 8, 22, 11, 1, 20, 29, 0, 9,
 
+	6, 26
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_0A = [
 
+	8, 13, 14, 31, 21, 11, 16, 25, 28, 5,
 
+	2, 1, 22, 24, 17, 15, 10, 23, 7, 9,
 
+	19, 29, 20, 18, 4, 30, 27, 6, 0, 3,
 
+	26, 12
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_0B = [
 
+	24, 27, 29, 31, 21, 30, 18, 12, 13, 0,
 
+	9, 26, 2, 6, 19, 23, 16, 11, 28, 5,
 
+	1, 14, 7, 15, 10, 4, 25, 20, 3, 22,
 
+	17, 8
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_0C = [
 
+	15, 9, 19, 27, 6, 30, 22, 17, 24, 14,
 
+	31, 10, 25, 16, 18, 12, 29, 20, 4, 7,
 
+	3, 8, 1, 26, 11, 0, 23, 28, 5, 21,
 
+	13, 2
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_0D = [
 
+	5, 13, 1, 23, 31, 18, 27, 12, 20, 15,
 
+	14, 8, 7, 29, 24, 11, 30, 3, 26, 17,
 
+	19, 25, 21, 22, 0, 10, 4, 28, 2, 16,
 
+	6, 9
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_0E = [
 
+	29, 27, 15, 12, 30, 0, 4, 9, 14, 7,
 
+	22, 19, 5, 31, 8, 18, 6, 11, 23, 24,
 
+	2, 17, 3, 26, 21, 16, 1, 10, 20, 25,
 
+	13, 28
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_0F = [
 
+	27, 1, 10, 15, 3, 21, 11, 9, 2, 25,
 
+	12, 30, 31, 29, 22, 28, 6, 17, 20, 7,
 
+	8, 5, 19, 13, 0, 16, 14, 4, 18, 23,
 
+	24, 26
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_10 = [
 
+	27, 26, 5, 20, 17, 25, 15, 10, 9, 28,
 
+	21, 7, 2, 8, 0, 23, 6, 24, 31, 3,
 
+	4, 11, 22, 13, 1, 12, 16, 30, 19, 14,
 
+	18, 29
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_11 = [
 
+	6, 14, 27, 13, 29, 22, 11, 19, 18, 4,
 
+	21, 16, 30, 17, 8, 26, 0, 25, 12, 7,
 
+	28, 3, 10, 20, 9, 24, 2, 23, 5, 15,
 
+	1, 31
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_12 = [
 
+	1, 29, 9, 0, 20, 5, 18, 4, 27, 6,
 
+	24, 30, 15, 2, 25, 13, 7, 14, 19, 8,
 
+	17, 3, 11, 21, 12, 31, 23, 10, 22, 28,
 
+	26, 16
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_13 = [
 
+	16, 30, 24, 5, 28, 1, 27, 29, 11, 21,
 
+	14, 26, 8, 4, 13, 3, 2, 6, 9, 25,
 
+	23, 7, 10, 20, 0, 17, 22, 18, 12, 15,
 
+	19, 31
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_14 = [
 
+	0, 28, 15, 30, 31, 3, 24, 16, 23, 17,
 
+	1, 11, 4, 2, 7, 13, 19, 12, 25, 27,
 
+	20, 10, 18, 8, 14, 6, 21, 29, 26, 22,
 
+	5, 9
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_15 = [
 
+	24, 0, 19, 15, 22, 11, 14, 28, 12, 8,
 
+	25, 17, 26, 23, 3, 31, 18, 13, 5, 7,
 
+	30, 4, 27, 1, 16, 2, 21, 10, 9, 20,
 
+	29, 6
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_16 = [
 
+	14, 25, 1, 15, 28, 26, 27, 10, 13, 22,
 
+	19, 9, 3, 18, 23, 2, 21, 0, 6, 16,
 
+	4, 12, 8, 24, 29, 17, 11, 30, 20, 31,
 
+	5, 7
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_17 = [
 
+	16, 12, 31, 17, 13, 28, 9, 4, 1, 10,
 
+	27, 30, 5, 26, 21, 6, 15, 7, 24, 11,
 
+	8, 14, 29, 22, 19, 20, 0, 3, 2, 25,
 
+	18, 23
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_18 = [
 
+	18, 19, 30, 15, 29, 11, 16, 26, 1, 25,
 
+	8, 9, 31, 3, 13, 20, 6, 23, 4, 28,
 
+	12, 10, 21, 5, 17, 14, 24, 22, 2, 27,
 
+	0, 7
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_19 = [
 
+	26, 15, 13, 22, 21, 0, 16, 17, 28, 8,
 
+	29, 20, 4, 14, 27, 3, 19, 24, 23, 30,
 
+	9, 5, 25, 10, 6, 31, 18, 11, 2, 7,
 
+	1, 12
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_1A = [
 
+	10, 4, 11, 25, 1, 12, 14, 21, 16, 26,
 
+	31, 27, 20, 5, 24, 17, 19, 0, 28, 15,
 
+	7, 8, 29, 23, 3, 2, 22, 30, 9, 18,
 
+	13, 6
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_1B = [
 
+	13, 12, 29, 0, 1, 28, 30, 20, 5, 27,
 
+	8, 7, 19, 18, 16, 17, 10, 2, 15, 22,
 
+	21, 31, 4, 6, 23, 9, 11, 14, 24, 3,
 
+	26, 25
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_1C = [
 
+	21, 23, 19, 28, 1, 10, 6, 17, 9, 16,
 
+	13, 8, 3, 29, 26, 2, 7, 0, 27, 22,
 
+	15, 5, 14, 12, 20, 25, 18, 24, 4, 31,
 
+	30, 11
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_1D = [
 
+	26, 15, 18, 21, 0, 22, 6, 11, 24, 29,
 
+	14, 2, 31, 23, 1, 30, 25, 3, 5, 12,
 
+	13, 17, 19, 28, 4, 7, 16, 9, 8, 27,
 
+	10, 20
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_1E = [
 
+	14, 25, 27, 8, 24, 17, 2, 11, 1, 12,
 
+	19, 16, 0, 30, 29, 6, 22, 3, 21, 15,
 
+	13, 18, 20, 28, 7, 31, 26, 5, 9, 4,
 
+	23, 10
 
+]
 
+
 
+CANDY_MIX_HORIZONTAL_1F = [
 
+	12, 10, 11, 20, 19, 8, 18, 6, 0, 28,
 
+	29, 26, 15, 23, 27, 31, 1, 5, 30, 13,
 
+	25, 16, 7, 2, 4, 17, 14, 22, 24, 9,
 
+	21, 3
 
+]
 
+
 
+CANDY_MIX_HORIZONTALS = [
 
+    CANDY_MIX_HORIZONTAL_00, CANDY_MIX_HORIZONTAL_01, CANDY_MIX_HORIZONTAL_02, CANDY_MIX_HORIZONTAL_03, CANDY_MIX_HORIZONTAL_04, CANDY_MIX_HORIZONTAL_05, CANDY_MIX_HORIZONTAL_06, CANDY_MIX_HORIZONTAL_07, CANDY_MIX_HORIZONTAL_08, CANDY_MIX_HORIZONTAL_09,
 
+    CANDY_MIX_HORIZONTAL_0A, CANDY_MIX_HORIZONTAL_0B, CANDY_MIX_HORIZONTAL_0C, CANDY_MIX_HORIZONTAL_0D, CANDY_MIX_HORIZONTAL_0E, CANDY_MIX_HORIZONTAL_0F, CANDY_MIX_HORIZONTAL_10, CANDY_MIX_HORIZONTAL_11, CANDY_MIX_HORIZONTAL_12, CANDY_MIX_HORIZONTAL_13,
 
+    CANDY_MIX_HORIZONTAL_14, CANDY_MIX_HORIZONTAL_15, CANDY_MIX_HORIZONTAL_16, CANDY_MIX_HORIZONTAL_17, CANDY_MIX_HORIZONTAL_18, CANDY_MIX_HORIZONTAL_19, CANDY_MIX_HORIZONTAL_1A, CANDY_MIX_HORIZONTAL_1B, CANDY_MIX_HORIZONTAL_1C, CANDY_MIX_HORIZONTAL_1D,
 
+    CANDY_MIX_HORIZONTAL_1E, CANDY_MIX_HORIZONTAL_1F
 
+]
 
+
 
+CANDY_MIX_VERTICAL_00 = [
 
+	23, 9, 22, 21, 11, 15, 13, 16, 17, 4,
 
+	10, 3, 19, 7, 18, 1, 5, 6, 20, 12,
 
+	2, 0, 14, 8
 
+]
 
+
 
+CANDY_MIX_VERTICAL_01 = [
 
+	10, 13, 9, 18, 12, 7, 2, 22, 16, 0,
 
+	23, 17, 4, 19, 15, 6, 8, 20, 1, 5,
 
+	14, 21, 11, 3
 
+]
 
+
 
+CANDY_MIX_VERTICAL_02 = [
 
+	21, 6, 19, 15, 5, 0, 17, 18, 3, 22,
 
+	7, 16, 8, 14, 1, 23, 9, 10, 11, 12,
 
+	13, 4, 2, 20
 
+]
 
+
 
+CANDY_MIX_VERTICAL_03 = [
 
+	22, 8, 15, 7, 1, 14, 2, 16, 3, 12,
 
+	21, 4, 19, 20, 10, 5, 18, 11, 17, 0,
 
+	6, 9, 23, 13
 
+]
 
+
 
+CANDY_MIX_VERTICAL_04 = [
 
+	18, 19, 1, 2, 6, 20, 5, 14, 23, 22,
 
+	21, 17, 8, 4, 10, 11, 3, 9, 0, 7,
 
+	16, 12, 13, 15
 
+]
 
+
 
+CANDY_MIX_VERTICAL_05 = [
 
+	22, 15, 23, 12, 7, 1, 11, 2, 17, 10,
 
+	3, 16, 14, 0, 21, 8, 13, 5, 6, 9,
 
+	19, 4, 18, 20
 
+]
 
+
 
+CANDY_MIX_VERTICAL_06 = [
 
+	11, 18, 21, 8, 20, 23, 17, 3, 2, 22,
 
+	7, 10, 0, 4, 1, 19, 13, 9, 12, 5,
 
+	16, 6, 15, 14
 
+]
 
+
 
+CANDY_MIX_VERTICAL_07 = [
 
+	7, 2, 6, 15, 12, 11, 10, 21, 8, 18,
 
+	19, 23, 17, 20, 0, 9, 4, 13, 1, 22,
 
+	5, 14, 16, 3
 
+]
 
+
 
+CANDY_MIX_VERTICAL_08 = [
 
+	16, 4, 20, 15, 1, 8, 0, 2, 17, 5,
 
+	3, 12, 10, 18, 7, 21, 23, 6, 9, 13,
 
+	22, 19, 14, 11
 
+]
 
+
 
+CANDY_MIX_VERTICAL_09 = [
 
+	12, 4, 22, 2, 10, 14, 6, 20, 3, 16,
 
+	1, 9, 18, 0, 15, 5, 11, 13, 19, 17,
 
+	23, 7, 8, 21
 
+]
 
+
 
+CANDY_MIX_VERTICAL_0A = [
 
+	0, 16, 6, 13, 7, 15, 17, 23, 21, 22,
 
+	4, 19, 1, 9, 11, 20, 8, 3, 12, 2,
 
+	14, 5, 10, 18
 
+]
 
+
 
+CANDY_MIX_VERTICAL_0B = [
 
+	10, 21, 6, 16, 8, 4, 5, 0, 3, 9,
 
+	7, 2, 13, 12, 11, 20, 1, 18, 17, 19,
 
+	22, 14, 23, 15
 
+]
 
+
 
+CANDY_MIX_VERTICAL_0C = [
 
+	19, 6, 17, 13, 8, 1, 4, 21, 2, 11,
 
+	7, 9, 5, 16, 14, 10, 0, 12, 20, 23,
 
+	3, 22, 15, 18
 
+]
 
+
 
+CANDY_MIX_VERTICAL_0D = [
 
+	22, 1, 8, 4, 11, 2, 18, 13, 10, 7,
 
+	14, 0, 19, 23, 20, 9, 16, 15, 17, 3,
 
+	21, 6, 5, 12
 
+]
 
+
 
+CANDY_MIX_VERTICAL_0E = [
 
+	20, 18, 3, 19, 4, 6, 0, 15, 13, 17,
 
+	16, 22, 9, 23, 14, 2, 12, 1, 10, 8,
 
+	7, 11, 21, 5
 
+]
 
+
 
+CANDY_MIX_VERTICAL_0F = [
 
+	15, 13, 9, 12, 1, 16, 3, 0, 23, 21,
 
+	17, 6, 19, 8, 22, 11, 14, 5, 20, 2,
 
+	18, 10, 4, 7
 
+]
 
+
 
+CANDY_MIX_VERTICAL_10 = [
 
+	13, 18, 4, 14, 9, 19, 2, 5, 16, 17,
 
+	10, 3, 7, 15, 21, 20, 8, 22, 11, 23,
 
+	1, 6, 0, 12
 
+]
 
+
 
+CANDY_MIX_VERTICAL_11 = [
 
+	21, 14, 10, 11, 13, 0, 3, 23, 17, 7,
 
+	15, 5, 12, 19, 22, 6, 9, 1, 2, 8,
 
+	18, 16, 20, 4
 
+]
 
+
 
+CANDY_MIX_VERTICAL_12 = [
 
+	17, 22, 0, 20, 8, 12, 15, 13, 10, 2,
 
+	9, 14, 11, 4, 5, 18, 19, 16, 23, 1,
 
+	21, 6, 7, 3
 
+]
 
+
 
+CANDY_MIX_VERTICAL_13 = [
 
+	5, 15, 17, 2, 13, 1, 11, 23, 10, 22,
 
+	4, 20, 8, 6, 16, 18, 9, 0, 14, 12,
 
+	7, 3, 21, 19
 
+]
 
+
 
+CANDY_MIX_VERTICAL_14 = [
 
+	1, 6, 22, 14, 3, 21, 4, 17, 2, 0,
 
+	9, 13, 10, 11, 23, 16, 15, 7, 19, 18,
 
+	8, 12, 5, 20
 
+]
 
+
 
+CANDY_MIX_VERTICAL_15 = [
 
+	21, 7, 6, 17, 9, 11, 14, 16, 2, 10,
 
+	5, 8, 22, 19, 15, 23, 4, 20, 18, 12,
 
+	1, 13, 0, 3
 
+]
 
+
 
+CANDY_MIX_VERTICAL_16 = [
 
+	11, 18, 9, 12, 17, 13, 10, 22, 0, 1,
 
+	20, 16, 7, 19, 15, 3, 5, 8, 14, 21,
 
+	2, 23, 6, 4
 
+]
 
+
 
+CANDY_MIX_VERTICAL_17 = [
 
+	15, 12, 5, 22, 23, 4, 8, 18, 16, 11,
 
+	0, 14, 7, 6, 20, 17, 2, 19, 21, 10,
 
+	1, 9, 13, 3
 
+]
 
+
 
+CANDY_MIX_VERTICAL_18 = [
 
+	16, 22, 2, 14, 11, 8, 7, 1, 17, 4,
 
+	13, 23, 12, 5, 21, 10, 9, 15, 0, 6,
 
+	3, 19, 20, 18
 
+]
 
+
 
+CANDY_MIX_VERTICAL_19 = [
 
+	20, 14, 5, 10, 12, 1, 8, 7, 13, 2,
 
+	6, 16, 22, 23, 4, 11, 9, 3, 15, 17,
 
+	19, 18, 0, 21
 
+]
 
+
 
+CANDY_MIX_VERTICAL_1A = [
 
+	5, 14, 0, 23, 18, 16, 11, 1, 20, 2,
 
+	8, 10, 15, 6, 22, 19, 9, 4, 21, 17,
 
+	3, 7, 13, 12
 
+]
 
+
 
+CANDY_MIX_VERTICAL_1B = [
 
+	13, 7, 17, 18, 14, 0, 22, 21, 10, 12,
 
+	3, 5, 8, 23, 6, 20, 15, 4, 9, 19,
 
+	1, 16, 2, 11
 
+]
 
+
 
+CANDY_MIX_VERTICAL_1C = [
 
+	6, 11, 4, 2, 20, 7, 22, 13, 3, 18,
 
+	14, 15, 5, 10, 17, 16, 21, 1, 0, 12,
 
+	19, 8, 9, 23
 
+]
 
+
 
+CANDY_MIX_VERTICAL_1D = [
 
+	7, 4, 10, 2, 8, 23, 19, 12, 6, 5,
 
+	9, 13, 0, 22, 11, 16, 21, 1, 14, 3,
 
+	17, 20, 15, 18
 
+]
 
+
 
+CANDY_MIX_VERTICAL_1E = [
 
+	14, 22, 21, 16, 10, 4, 17, 15, 13, 12,
 
+	9, 0, 20, 11, 5, 7, 2, 19, 3, 18,
 
+	23, 8, 1, 6
 
+]
 
+
 
+CANDY_MIX_VERTICAL_1F = [
 
+	18, 21, 4, 13, 17, 15, 1, 11, 10, 6,
 
+	20, 9, 7, 5, 19, 0, 2, 3, 12, 23,
 
+	14, 8, 22, 16
 
+]
 
+
 
+CANDY_MIX_VERTICALS = [
 
+    CANDY_MIX_VERTICAL_00, CANDY_MIX_VERTICAL_01, CANDY_MIX_VERTICAL_02, CANDY_MIX_VERTICAL_03, CANDY_MIX_VERTICAL_04, CANDY_MIX_VERTICAL_05, CANDY_MIX_VERTICAL_06, CANDY_MIX_VERTICAL_07, CANDY_MIX_VERTICAL_08, CANDY_MIX_VERTICAL_09,
 
+	CANDY_MIX_VERTICAL_0A, CANDY_MIX_VERTICAL_0B, CANDY_MIX_VERTICAL_0C, CANDY_MIX_VERTICAL_0D, CANDY_MIX_VERTICAL_0E, CANDY_MIX_VERTICAL_0F, CANDY_MIX_VERTICAL_10, CANDY_MIX_VERTICAL_11, CANDY_MIX_VERTICAL_12, CANDY_MIX_VERTICAL_13,
 
+	CANDY_MIX_VERTICAL_14, CANDY_MIX_VERTICAL_15, CANDY_MIX_VERTICAL_16, CANDY_MIX_VERTICAL_17, CANDY_MIX_VERTICAL_18, CANDY_MIX_VERTICAL_19, CANDY_MIX_VERTICAL_1A, CANDY_MIX_VERTICAL_1B, CANDY_MIX_VERTICAL_1C, CANDY_MIX_VERTICAL_1D,
 
+	CANDY_MIX_VERTICAL_1E, CANDY_MIX_VERTICAL_1F
 
+]

+ 156 - 0
Day 20/exploit.py
View File 

@@ -0,0 +1,156 @@
 
+#!/usr/bin/env python
 
+
 
+# THE BASE OF THIS FILE WAS AUTOMATICALLY GENERATED BY template.py, for more information, visit
 
+# https://git.romanh.de/Roman/HackingScripts
 
+
 
+import os
 
+import io
 
+import re
 
+import sys
 
+import json
 
+import time
 
+import base64
 
+import requests
 
+import subprocess
 
+import urllib.parse
 
+from bs4 import BeautifulSoup
 
+from hackingscripts import util, rev_shell
 
+from hackingscripts.fileserver import HttpFileServer
 
+from urllib3.exceptions import InsecureRequestWarning
 
+requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
 
+
 
+import struct
 
+from candy_maps import *
 
+
 
+IP_ADDRESS = util.get_address()
 
+BASE_URL = "https://603f2fa6-8131-45da-b831-f0bc598e4b4a.idocker.vuln.land" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
 
+PROXIES = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
 
+
 
+def request(method, uri, **kwargs):
 
+    if not uri.startswith("/") and uri != "":
 
+        uri = "/" + uri
 
+
 
+    client = requests
 
+    if "session" in kwargs:
 
+        client = kwargs["session"]
 
+        del kwargs["session"]
 
+    
+    if "allow_redirects" not in kwargs:
 
+        kwargs["allow_redirects"] = False
 
+    
+    if "verify" not in kwargs:
 
+        kwargs["verify"] = False
 
+    
+    if "proxies" not in kwargs:
 
+        kwargs["proxies"] = PROXIES
 
+
 
+    url = BASE_URL + uri
 
+    return client.request(method, url, **kwargs)
 
+
 
+def get_license():
 
+    res = request("GET", "/license")
 
+    util.assert_status_code(res, 200)
 
+    util.assert_content_type(res, "application/json")
 
+    return json.loads(res.text)
 
+
 
+def put_license(license_key):
 
+    res = request("POST", "/license", json={"LicenseKey": license_key})
 
+    util.assert_status_code(res, 200)
 
+    util.assert_content_type(res, "application/json")
 
+    util.assert_json_path(res, ".isValid", True)
 
+    return json.loads(res.text)
 
+
 
+def num_to_chr(num):
 
+    assert num >= 0 and num < 32
 
+    i = CANDY_MAP.index(num)
 
+    assert i != -1
 
+    return chr(i)
 
+
 
+def compute_shuffle(arr):
 
+    value = 0
 
+    for i in range(24):        
+        value += arr[i] + SHUFFLER[i]
 
+    return value % 32
 
+
 
+def arr_to_license(arr):
 
+    license_key = ""
 
+    for i, num in enumerate(arr):
 
+        license_key += num_to_chr(num)
 
+        if len(license_key) in [5, 11, 17, 23]:
 
+            license_key += "-"
 
+
 
+    assert len(license_key) == 29
 
+    assert license_key[5] == '-'
 
+    assert license_key[11] == '-'
 
+    assert license_key[17] == '-'
 
+    assert license_key[23] == '-'
 
+    return license_key
 
+
 
+def shuffle_array(byte_arr):
 
+
 
+    shuffle_num_2 = byte_arr[24]
 
+    assert shuffle_num_2 < 32
 
+
 
+    for shuffle_num_1 in range(0, 32):
 
+        shuffled_arr = list(None for i in range(25))
 
+        for i in range(24):
 
+            value = CANDY_MIX_HORIZONTALS[shuffle_num_2].index(byte_arr[i])
 
+            destination = CANDY_MIX_VERTICALS[shuffle_num_1].index(i)
 
+            shuffled_arr[destination] = value
 
+        
+        if shuffle_num_1 == compute_shuffle(shuffled_arr):
 
+            break
 
+    
+    shuffled_arr[24] = byte_arr[24]
 
+    return shuffled_arr
 
+
 
+
 
+def binary_to_array(byte_arr):
 
+    arr = []
 
+    
+    for i in range(0, 15, 5):
 
+        num = struct.unpack(">Q", util.lpad(byte_arr[i:i+5], 8, b"\x00"))[0]
 
+        arr.append((num >> 35) & 0x1F)
 
+        arr.append((num >> 30) & 0x1F)
 
+        arr.append((num >> 25) & 0x1F)
 
+        arr.append((num >> 20) & 0x1F)
 
+        arr.append((num >> 15) & 0x1F)
 
+        arr.append((num >> 10) & 0x1F)
 
+        arr.append((num >> 5) & 0x1F)
 
+        arr.append(num & 0x1F)
 
+
 
+    arr.append(byte_arr[-1] >> 3)
 
+    assert len(arr) == 25
 
+    return arr
 
+
 
+def create_license_block(product_name, time_gen, time_exp):
 
+    byte_arr = b""
 
+    byte_arr += struct.pack("<I", time_exp)
 
+    byte_arr += struct.pack("<I", time_gen)
 
+    byte_arr += struct.pack("B", product_name) # product_name = CandyCaneMachine2000
 
+    byte_arr += struct.pack("B", 0) # flags
 
+    byte_arr += struct.pack("<H", 0) # count
 
+    byte_arr += struct.pack("<H", 0) # premium
 
+    byte_arr += struct.pack("B", 2) # product_type = Premium
 
+    byte_arr += struct.pack("B", 0) # shuffle
 
+    assert len(byte_arr) == 16
 
+    return byte_arr
 
+
 
+def generate_license_key(product_name):
 
+    now = int(time.time())
 
+    license_block = create_license_block(product_name, now, now + 1000)
 
+    arr = binary_to_array(license_block)
 
+    arr = shuffle_array(arr)
 
+    license_key = arr_to_license(arr)
 
+    return license_key
 
+
 
+if __name__ == "__main__":
 
+
 
+    key_1 = generate_license_key(0)
 
+    flag = put_license(key_1)["flag"]
 
+    print("[+] Flag:", flag)
 
+
 
+    key_2 = generate_license_key(1)
 
+    flag = put_license(key_2)["flag"]
 
+    print("[+] Flag:", flag)
 
+

+ 47 - 0
Day 20/machine
View File 

@@ -0,0 +1,47 @@
 
+PORT      STATE    SERVICE    VERSION
 
+22/tcp    filtered ssh
 
+80/tcp    open     http
 
+|_http-title: Did not follow redirect to https://6934ea68-c11e-4965-a48c-0fb21ec78960.idocker.vuln.land:443/
 
+111/tcp   open     rpcbind    2-4 (RPC #100000)
 
+| rpcinfo: 
+|   program version    port/proto  service
 
+|   100000  2,3,4        111/tcp   rpcbind
 
+|   100000  2,3,4        111/udp   rpcbind
 
+|   100000  3,4          111/tcp6  rpcbind
 
+|_  100000  3,4          111/udp6  rpcbind
 
+443/tcp   open     ssl/http   Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
 
+|_http-title: Santa's Candy Cane Machine
 
+| http-methods: 
+|_  Supported Methods: GET HEAD
 
+|_http-server-header: Kestrel
 
+| ssl-cert: Subject: commonName=*.idocker.vuln.land
 
+| Subject Alternative Name: DNS:*.idocker.vuln.land, DNS:idocker.vuln.land
 
+| Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
 
+| Public Key type: rsa
 
+| Public Key bits: 3072
 
+| Signature Algorithm: sha256WithRSAEncryption
 
+| Not valid before: 2023-09-04T00:00:00
 
+| Not valid after:  2024-09-08T23:59:59
 
+| MD5:   80d7:8bfe:9544:857d:d5ab:3419:4283:4228
 
+|_SHA-1: 7a7c:1086:65bb:52dd:6c97:238f:a29d:c680:1b8b:5a73
 
+8080/tcp  open     http-proxy
 
+| http-auth: 
+| HTTP/1.1 401 Unauthorized\x0D
 
+|_  Basic realm=traefik
 
+|_http-title: Site doesn't have a title (text/plain).
 
+| fingerprint-strings: 
+|   FourOhFourRequest, GetRequest, HTTPOptions: 
+|     HTTP/1.0 401 Unauthorized
 
+|     Content-Type: text/plain
 
+|     Www-Authenticate: Basic realm="traefik"
 
+|     Date: Tue, 19 Dec 2023 23:10:21 GMT
 
+|     Content-Length: 17
 
+|     Unauthorized
 
+|   GenericLines, Help, Kerberos, LPDString, RTSPRequest, SSLSessionReq, Socks5, TLSSessionReq, TerminalServerCookie: 
+|     HTTP/1.1 400 Bad Request
 
+|     Content-Type: text/plain; charset=utf-8
 
+|     Connection: close
 
+|_    Request
 
+9100/tcp  open     jetdirect?
 
+42810/tcp open     fmproduct  1-4 (RPC #1073741824)
 
+55555/tcp open     http       Golang net/http server (Go-IPFS json-rpc or InfluxDB API)