This commit is contained in:
Roman Hergenreder 2023-12-20 15:12:59 +01:00
parent c3399c89ef
commit 14a2b0f4ad
4 changed files with 668 additions and 0 deletions

Binary file not shown.

465
Day 20/candy_maps.py Normal file

@ -0,0 +1,465 @@
CANDY_MAP = [
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
0, 1, 2, 3, 4, 5, 6, 7, 255, 255,
255, 255, 255, 255, 255, 8, 9, 10, 11, 12,
13, 14, 15, 255, 16, 17, 18, 19, 20, 255,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
31, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
255, 255, 255, 255, 255, 255
]
SHUFFLER = [
26, 1, 5, 20, 15, 2, 21, 25, 27, 3,
13, 31, 20, 27, 27, 11, 18, 27, 26, 11,
0, 23, 3, 26
]
CANDY_MIX_HORIZONTAL_00 = [
26, 27, 6, 4, 31, 15, 20, 2, 28, 12,
0, 23, 24, 18, 5, 8, 10, 25, 3, 21,
7, 9, 22, 13, 14, 1, 16, 30, 17, 19,
29, 11
]
CANDY_MIX_HORIZONTAL_01 = [
9, 6, 30, 22, 20, 28, 5, 31, 0, 24,
21, 2, 4, 27, 16, 12, 29, 18, 25, 17,
11, 26, 1, 19, 10, 8, 3, 14, 15, 13,
7, 23
]
CANDY_MIX_HORIZONTAL_02 = [
6, 8, 19, 7, 16, 23, 20, 12, 28, 21,
1, 5, 14, 3, 13, 29, 9, 11, 10, 31,
27, 26, 4, 30, 18, 17, 15, 24, 22, 25,
0, 2
]
CANDY_MIX_HORIZONTAL_03 = [
10, 23, 5, 15, 21, 18, 25, 11, 31, 19,
16, 20, 12, 22, 8, 26, 17, 24, 4, 30,
0, 14, 6, 13, 2, 9, 28, 27, 1, 29,
7, 3
]
CANDY_MIX_HORIZONTAL_04 = [
26, 14, 11, 18, 24, 8, 17, 6, 31, 23,
28, 9, 3, 1, 7, 16, 15, 19, 13, 2,
29, 10, 22, 27, 30, 0, 12, 25, 5, 4,
21, 20
]
CANDY_MIX_HORIZONTAL_05 = [
30, 16, 3, 0, 6, 24, 18, 14, 22, 26,
29, 27, 8, 10, 1, 31, 25, 13, 12, 7,
15, 23, 5, 20, 17, 19, 11, 21, 2, 4,
28, 9
]
CANDY_MIX_HORIZONTAL_06 = [
1, 31, 17, 27, 16, 4, 5, 10, 15, 20,
14, 2, 22, 21, 23, 25, 0, 12, 13, 28,
6, 3, 11, 29, 9, 18, 24, 30, 26, 7,
8, 19
]
CANDY_MIX_HORIZONTAL_07 = [
15, 31, 18, 25, 1, 21, 3, 29, 6, 2,
27, 11, 24, 28, 0, 30, 4, 19, 20, 23,
7, 12, 22, 14, 16, 9, 26, 10, 5, 17,
13, 8
]
CANDY_MIX_HORIZONTAL_08 = [
19, 2, 17, 9, 31, 11, 4, 30, 29, 13,
0, 25, 15, 23, 26, 1, 21, 20, 6, 22,
27, 16, 7, 24, 10, 18, 28, 14, 8, 5,
3, 12
]
CANDY_MIX_HORIZONTAL_09 = [
28, 24, 4, 13, 18, 12, 23, 7, 5, 30,
19, 3, 2, 17, 27, 15, 16, 25, 21, 14,
31, 10, 8, 22, 11, 1, 20, 29, 0, 9,
6, 26
]
CANDY_MIX_HORIZONTAL_0A = [
8, 13, 14, 31, 21, 11, 16, 25, 28, 5,
2, 1, 22, 24, 17, 15, 10, 23, 7, 9,
19, 29, 20, 18, 4, 30, 27, 6, 0, 3,
26, 12
]
CANDY_MIX_HORIZONTAL_0B = [
24, 27, 29, 31, 21, 30, 18, 12, 13, 0,
9, 26, 2, 6, 19, 23, 16, 11, 28, 5,
1, 14, 7, 15, 10, 4, 25, 20, 3, 22,
17, 8
]
CANDY_MIX_HORIZONTAL_0C = [
15, 9, 19, 27, 6, 30, 22, 17, 24, 14,
31, 10, 25, 16, 18, 12, 29, 20, 4, 7,
3, 8, 1, 26, 11, 0, 23, 28, 5, 21,
13, 2
]
CANDY_MIX_HORIZONTAL_0D = [
5, 13, 1, 23, 31, 18, 27, 12, 20, 15,
14, 8, 7, 29, 24, 11, 30, 3, 26, 17,
19, 25, 21, 22, 0, 10, 4, 28, 2, 16,
6, 9
]
CANDY_MIX_HORIZONTAL_0E = [
29, 27, 15, 12, 30, 0, 4, 9, 14, 7,
22, 19, 5, 31, 8, 18, 6, 11, 23, 24,
2, 17, 3, 26, 21, 16, 1, 10, 20, 25,
13, 28
]
CANDY_MIX_HORIZONTAL_0F = [
27, 1, 10, 15, 3, 21, 11, 9, 2, 25,
12, 30, 31, 29, 22, 28, 6, 17, 20, 7,
8, 5, 19, 13, 0, 16, 14, 4, 18, 23,
24, 26
]
CANDY_MIX_HORIZONTAL_10 = [
27, 26, 5, 20, 17, 25, 15, 10, 9, 28,
21, 7, 2, 8, 0, 23, 6, 24, 31, 3,
4, 11, 22, 13, 1, 12, 16, 30, 19, 14,
18, 29
]
CANDY_MIX_HORIZONTAL_11 = [
6, 14, 27, 13, 29, 22, 11, 19, 18, 4,
21, 16, 30, 17, 8, 26, 0, 25, 12, 7,
28, 3, 10, 20, 9, 24, 2, 23, 5, 15,
1, 31
]
CANDY_MIX_HORIZONTAL_12 = [
1, 29, 9, 0, 20, 5, 18, 4, 27, 6,
24, 30, 15, 2, 25, 13, 7, 14, 19, 8,
17, 3, 11, 21, 12, 31, 23, 10, 22, 28,
26, 16
]
CANDY_MIX_HORIZONTAL_13 = [
16, 30, 24, 5, 28, 1, 27, 29, 11, 21,
14, 26, 8, 4, 13, 3, 2, 6, 9, 25,
23, 7, 10, 20, 0, 17, 22, 18, 12, 15,
19, 31
]
CANDY_MIX_HORIZONTAL_14 = [
0, 28, 15, 30, 31, 3, 24, 16, 23, 17,
1, 11, 4, 2, 7, 13, 19, 12, 25, 27,
20, 10, 18, 8, 14, 6, 21, 29, 26, 22,
5, 9
]
CANDY_MIX_HORIZONTAL_15 = [
24, 0, 19, 15, 22, 11, 14, 28, 12, 8,
25, 17, 26, 23, 3, 31, 18, 13, 5, 7,
30, 4, 27, 1, 16, 2, 21, 10, 9, 20,
29, 6
]
CANDY_MIX_HORIZONTAL_16 = [
14, 25, 1, 15, 28, 26, 27, 10, 13, 22,
19, 9, 3, 18, 23, 2, 21, 0, 6, 16,
4, 12, 8, 24, 29, 17, 11, 30, 20, 31,
5, 7
]
CANDY_MIX_HORIZONTAL_17 = [
16, 12, 31, 17, 13, 28, 9, 4, 1, 10,
27, 30, 5, 26, 21, 6, 15, 7, 24, 11,
8, 14, 29, 22, 19, 20, 0, 3, 2, 25,
18, 23
]
CANDY_MIX_HORIZONTAL_18 = [
18, 19, 30, 15, 29, 11, 16, 26, 1, 25,
8, 9, 31, 3, 13, 20, 6, 23, 4, 28,
12, 10, 21, 5, 17, 14, 24, 22, 2, 27,
0, 7
]
CANDY_MIX_HORIZONTAL_19 = [
26, 15, 13, 22, 21, 0, 16, 17, 28, 8,
29, 20, 4, 14, 27, 3, 19, 24, 23, 30,
9, 5, 25, 10, 6, 31, 18, 11, 2, 7,
1, 12
]
CANDY_MIX_HORIZONTAL_1A = [
10, 4, 11, 25, 1, 12, 14, 21, 16, 26,
31, 27, 20, 5, 24, 17, 19, 0, 28, 15,
7, 8, 29, 23, 3, 2, 22, 30, 9, 18,
13, 6
]
CANDY_MIX_HORIZONTAL_1B = [
13, 12, 29, 0, 1, 28, 30, 20, 5, 27,
8, 7, 19, 18, 16, 17, 10, 2, 15, 22,
21, 31, 4, 6, 23, 9, 11, 14, 24, 3,
26, 25
]
CANDY_MIX_HORIZONTAL_1C = [
21, 23, 19, 28, 1, 10, 6, 17, 9, 16,
13, 8, 3, 29, 26, 2, 7, 0, 27, 22,
15, 5, 14, 12, 20, 25, 18, 24, 4, 31,
30, 11
]
CANDY_MIX_HORIZONTAL_1D = [
26, 15, 18, 21, 0, 22, 6, 11, 24, 29,
14, 2, 31, 23, 1, 30, 25, 3, 5, 12,
13, 17, 19, 28, 4, 7, 16, 9, 8, 27,
10, 20
]
CANDY_MIX_HORIZONTAL_1E = [
14, 25, 27, 8, 24, 17, 2, 11, 1, 12,
19, 16, 0, 30, 29, 6, 22, 3, 21, 15,
13, 18, 20, 28, 7, 31, 26, 5, 9, 4,
23, 10
]
CANDY_MIX_HORIZONTAL_1F = [
12, 10, 11, 20, 19, 8, 18, 6, 0, 28,
29, 26, 15, 23, 27, 31, 1, 5, 30, 13,
25, 16, 7, 2, 4, 17, 14, 22, 24, 9,
21, 3
]
CANDY_MIX_HORIZONTALS = [
CANDY_MIX_HORIZONTAL_00, CANDY_MIX_HORIZONTAL_01, CANDY_MIX_HORIZONTAL_02, CANDY_MIX_HORIZONTAL_03, CANDY_MIX_HORIZONTAL_04, CANDY_MIX_HORIZONTAL_05, CANDY_MIX_HORIZONTAL_06, CANDY_MIX_HORIZONTAL_07, CANDY_MIX_HORIZONTAL_08, CANDY_MIX_HORIZONTAL_09,
CANDY_MIX_HORIZONTAL_0A, CANDY_MIX_HORIZONTAL_0B, CANDY_MIX_HORIZONTAL_0C, CANDY_MIX_HORIZONTAL_0D, CANDY_MIX_HORIZONTAL_0E, CANDY_MIX_HORIZONTAL_0F, CANDY_MIX_HORIZONTAL_10, CANDY_MIX_HORIZONTAL_11, CANDY_MIX_HORIZONTAL_12, CANDY_MIX_HORIZONTAL_13,
CANDY_MIX_HORIZONTAL_14, CANDY_MIX_HORIZONTAL_15, CANDY_MIX_HORIZONTAL_16, CANDY_MIX_HORIZONTAL_17, CANDY_MIX_HORIZONTAL_18, CANDY_MIX_HORIZONTAL_19, CANDY_MIX_HORIZONTAL_1A, CANDY_MIX_HORIZONTAL_1B, CANDY_MIX_HORIZONTAL_1C, CANDY_MIX_HORIZONTAL_1D,
CANDY_MIX_HORIZONTAL_1E, CANDY_MIX_HORIZONTAL_1F
]
CANDY_MIX_VERTICAL_00 = [
23, 9, 22, 21, 11, 15, 13, 16, 17, 4,
10, 3, 19, 7, 18, 1, 5, 6, 20, 12,
2, 0, 14, 8
]
CANDY_MIX_VERTICAL_01 = [
10, 13, 9, 18, 12, 7, 2, 22, 16, 0,
23, 17, 4, 19, 15, 6, 8, 20, 1, 5,
14, 21, 11, 3
]
CANDY_MIX_VERTICAL_02 = [
21, 6, 19, 15, 5, 0, 17, 18, 3, 22,
7, 16, 8, 14, 1, 23, 9, 10, 11, 12,
13, 4, 2, 20
]
CANDY_MIX_VERTICAL_03 = [
22, 8, 15, 7, 1, 14, 2, 16, 3, 12,
21, 4, 19, 20, 10, 5, 18, 11, 17, 0,
6, 9, 23, 13
]
CANDY_MIX_VERTICAL_04 = [
18, 19, 1, 2, 6, 20, 5, 14, 23, 22,
21, 17, 8, 4, 10, 11, 3, 9, 0, 7,
16, 12, 13, 15
]
CANDY_MIX_VERTICAL_05 = [
22, 15, 23, 12, 7, 1, 11, 2, 17, 10,
3, 16, 14, 0, 21, 8, 13, 5, 6, 9,
19, 4, 18, 20
]
CANDY_MIX_VERTICAL_06 = [
11, 18, 21, 8, 20, 23, 17, 3, 2, 22,
7, 10, 0, 4, 1, 19, 13, 9, 12, 5,
16, 6, 15, 14
]
CANDY_MIX_VERTICAL_07 = [
7, 2, 6, 15, 12, 11, 10, 21, 8, 18,
19, 23, 17, 20, 0, 9, 4, 13, 1, 22,
5, 14, 16, 3
]
CANDY_MIX_VERTICAL_08 = [
16, 4, 20, 15, 1, 8, 0, 2, 17, 5,
3, 12, 10, 18, 7, 21, 23, 6, 9, 13,
22, 19, 14, 11
]
CANDY_MIX_VERTICAL_09 = [
12, 4, 22, 2, 10, 14, 6, 20, 3, 16,
1, 9, 18, 0, 15, 5, 11, 13, 19, 17,
23, 7, 8, 21
]
CANDY_MIX_VERTICAL_0A = [
0, 16, 6, 13, 7, 15, 17, 23, 21, 22,
4, 19, 1, 9, 11, 20, 8, 3, 12, 2,
14, 5, 10, 18
]
CANDY_MIX_VERTICAL_0B = [
10, 21, 6, 16, 8, 4, 5, 0, 3, 9,
7, 2, 13, 12, 11, 20, 1, 18, 17, 19,
22, 14, 23, 15
]
CANDY_MIX_VERTICAL_0C = [
19, 6, 17, 13, 8, 1, 4, 21, 2, 11,
7, 9, 5, 16, 14, 10, 0, 12, 20, 23,
3, 22, 15, 18
]
CANDY_MIX_VERTICAL_0D = [
22, 1, 8, 4, 11, 2, 18, 13, 10, 7,
14, 0, 19, 23, 20, 9, 16, 15, 17, 3,
21, 6, 5, 12
]
CANDY_MIX_VERTICAL_0E = [
20, 18, 3, 19, 4, 6, 0, 15, 13, 17,
16, 22, 9, 23, 14, 2, 12, 1, 10, 8,
7, 11, 21, 5
]
CANDY_MIX_VERTICAL_0F = [
15, 13, 9, 12, 1, 16, 3, 0, 23, 21,
17, 6, 19, 8, 22, 11, 14, 5, 20, 2,
18, 10, 4, 7
]
CANDY_MIX_VERTICAL_10 = [
13, 18, 4, 14, 9, 19, 2, 5, 16, 17,
10, 3, 7, 15, 21, 20, 8, 22, 11, 23,
1, 6, 0, 12
]
CANDY_MIX_VERTICAL_11 = [
21, 14, 10, 11, 13, 0, 3, 23, 17, 7,
15, 5, 12, 19, 22, 6, 9, 1, 2, 8,
18, 16, 20, 4
]
CANDY_MIX_VERTICAL_12 = [
17, 22, 0, 20, 8, 12, 15, 13, 10, 2,
9, 14, 11, 4, 5, 18, 19, 16, 23, 1,
21, 6, 7, 3
]
CANDY_MIX_VERTICAL_13 = [
5, 15, 17, 2, 13, 1, 11, 23, 10, 22,
4, 20, 8, 6, 16, 18, 9, 0, 14, 12,
7, 3, 21, 19
]
CANDY_MIX_VERTICAL_14 = [
1, 6, 22, 14, 3, 21, 4, 17, 2, 0,
9, 13, 10, 11, 23, 16, 15, 7, 19, 18,
8, 12, 5, 20
]
CANDY_MIX_VERTICAL_15 = [
21, 7, 6, 17, 9, 11, 14, 16, 2, 10,
5, 8, 22, 19, 15, 23, 4, 20, 18, 12,
1, 13, 0, 3
]
CANDY_MIX_VERTICAL_16 = [
11, 18, 9, 12, 17, 13, 10, 22, 0, 1,
20, 16, 7, 19, 15, 3, 5, 8, 14, 21,
2, 23, 6, 4
]
CANDY_MIX_VERTICAL_17 = [
15, 12, 5, 22, 23, 4, 8, 18, 16, 11,
0, 14, 7, 6, 20, 17, 2, 19, 21, 10,
1, 9, 13, 3
]
CANDY_MIX_VERTICAL_18 = [
16, 22, 2, 14, 11, 8, 7, 1, 17, 4,
13, 23, 12, 5, 21, 10, 9, 15, 0, 6,
3, 19, 20, 18
]
CANDY_MIX_VERTICAL_19 = [
20, 14, 5, 10, 12, 1, 8, 7, 13, 2,
6, 16, 22, 23, 4, 11, 9, 3, 15, 17,
19, 18, 0, 21
]
CANDY_MIX_VERTICAL_1A = [
5, 14, 0, 23, 18, 16, 11, 1, 20, 2,
8, 10, 15, 6, 22, 19, 9, 4, 21, 17,
3, 7, 13, 12
]
CANDY_MIX_VERTICAL_1B = [
13, 7, 17, 18, 14, 0, 22, 21, 10, 12,
3, 5, 8, 23, 6, 20, 15, 4, 9, 19,
1, 16, 2, 11
]
CANDY_MIX_VERTICAL_1C = [
6, 11, 4, 2, 20, 7, 22, 13, 3, 18,
14, 15, 5, 10, 17, 16, 21, 1, 0, 12,
19, 8, 9, 23
]
CANDY_MIX_VERTICAL_1D = [
7, 4, 10, 2, 8, 23, 19, 12, 6, 5,
9, 13, 0, 22, 11, 16, 21, 1, 14, 3,
17, 20, 15, 18
]
CANDY_MIX_VERTICAL_1E = [
14, 22, 21, 16, 10, 4, 17, 15, 13, 12,
9, 0, 20, 11, 5, 7, 2, 19, 3, 18,
23, 8, 1, 6
]
CANDY_MIX_VERTICAL_1F = [
18, 21, 4, 13, 17, 15, 1, 11, 10, 6,
20, 9, 7, 5, 19, 0, 2, 3, 12, 23,
14, 8, 22, 16
]
CANDY_MIX_VERTICALS = [
CANDY_MIX_VERTICAL_00, CANDY_MIX_VERTICAL_01, CANDY_MIX_VERTICAL_02, CANDY_MIX_VERTICAL_03, CANDY_MIX_VERTICAL_04, CANDY_MIX_VERTICAL_05, CANDY_MIX_VERTICAL_06, CANDY_MIX_VERTICAL_07, CANDY_MIX_VERTICAL_08, CANDY_MIX_VERTICAL_09,
CANDY_MIX_VERTICAL_0A, CANDY_MIX_VERTICAL_0B, CANDY_MIX_VERTICAL_0C, CANDY_MIX_VERTICAL_0D, CANDY_MIX_VERTICAL_0E, CANDY_MIX_VERTICAL_0F, CANDY_MIX_VERTICAL_10, CANDY_MIX_VERTICAL_11, CANDY_MIX_VERTICAL_12, CANDY_MIX_VERTICAL_13,
CANDY_MIX_VERTICAL_14, CANDY_MIX_VERTICAL_15, CANDY_MIX_VERTICAL_16, CANDY_MIX_VERTICAL_17, CANDY_MIX_VERTICAL_18, CANDY_MIX_VERTICAL_19, CANDY_MIX_VERTICAL_1A, CANDY_MIX_VERTICAL_1B, CANDY_MIX_VERTICAL_1C, CANDY_MIX_VERTICAL_1D,
CANDY_MIX_VERTICAL_1E, CANDY_MIX_VERTICAL_1F
]

156
Day 20/exploit.py Normal file

@ -0,0 +1,156 @@
#!/usr/bin/env python
# THE BASE OF THIS FILE WAS AUTOMATICALLY GENERATED BY template.py, for more information, visit
# https://git.romanh.de/Roman/HackingScripts
import os
import io
import re
import sys
import json
import time
import base64
import requests
import subprocess
import urllib.parse
from bs4 import BeautifulSoup
from hackingscripts import util, rev_shell
from hackingscripts.fileserver import HttpFileServer
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
import struct
from candy_maps import *
IP_ADDRESS = util.get_address()
BASE_URL = "https://603f2fa6-8131-45da-b831-f0bc598e4b4a.idocker.vuln.land" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
PROXIES = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
def request(method, uri, **kwargs):
if not uri.startswith("/") and uri != "":
uri = "/" + uri
client = requests
if "session" in kwargs:
client = kwargs["session"]
del kwargs["session"]
if "allow_redirects" not in kwargs:
kwargs["allow_redirects"] = False
if "verify" not in kwargs:
kwargs["verify"] = False
if "proxies" not in kwargs:
kwargs["proxies"] = PROXIES
url = BASE_URL + uri
return client.request(method, url, **kwargs)
def get_license():
res = request("GET", "/license")
util.assert_status_code(res, 200)
util.assert_content_type(res, "application/json")
return json.loads(res.text)
def put_license(license_key):
res = request("POST", "/license", json={"LicenseKey": license_key})
util.assert_status_code(res, 200)
util.assert_content_type(res, "application/json")
util.assert_json_path(res, ".isValid", True)
return json.loads(res.text)
def num_to_chr(num):
assert num >= 0 and num < 32
i = CANDY_MAP.index(num)
assert i != -1
return chr(i)
def compute_shuffle(arr):
value = 0
for i in range(24):
value += arr[i] + SHUFFLER[i]
return value % 32
def arr_to_license(arr):
license_key = ""
for i, num in enumerate(arr):
license_key += num_to_chr(num)
if len(license_key) in [5, 11, 17, 23]:
license_key += "-"
assert len(license_key) == 29
assert license_key[5] == '-'
assert license_key[11] == '-'
assert license_key[17] == '-'
assert license_key[23] == '-'
return license_key
def shuffle_array(byte_arr):
shuffle_num_2 = byte_arr[24]
assert shuffle_num_2 < 32
for shuffle_num_1 in range(0, 32):
shuffled_arr = list(None for i in range(25))
for i in range(24):
value = CANDY_MIX_HORIZONTALS[shuffle_num_2].index(byte_arr[i])
destination = CANDY_MIX_VERTICALS[shuffle_num_1].index(i)
shuffled_arr[destination] = value
if shuffle_num_1 == compute_shuffle(shuffled_arr):
break
shuffled_arr[24] = byte_arr[24]
return shuffled_arr
def binary_to_array(byte_arr):
arr = []
for i in range(0, 15, 5):
num = struct.unpack(">Q", util.lpad(byte_arr[i:i+5], 8, b"\x00"))[0]
arr.append((num >> 35) & 0x1F)
arr.append((num >> 30) & 0x1F)
arr.append((num >> 25) & 0x1F)
arr.append((num >> 20) & 0x1F)
arr.append((num >> 15) & 0x1F)
arr.append((num >> 10) & 0x1F)
arr.append((num >> 5) & 0x1F)
arr.append(num & 0x1F)
arr.append(byte_arr[-1] >> 3)
assert len(arr) == 25
return arr
def create_license_block(product_name, time_gen, time_exp):
byte_arr = b""
byte_arr += struct.pack("<I", time_exp)
byte_arr += struct.pack("<I", time_gen)
byte_arr += struct.pack("B", product_name) # product_name = CandyCaneMachine2000
byte_arr += struct.pack("B", 0) # flags
byte_arr += struct.pack("<H", 0) # count
byte_arr += struct.pack("<H", 0) # premium
byte_arr += struct.pack("B", 2) # product_type = Premium
byte_arr += struct.pack("B", 0) # shuffle
assert len(byte_arr) == 16
return byte_arr
def generate_license_key(product_name):
now = int(time.time())
license_block = create_license_block(product_name, now, now + 1000)
arr = binary_to_array(license_block)
arr = shuffle_array(arr)
license_key = arr_to_license(arr)
return license_key
if __name__ == "__main__":
key_1 = generate_license_key(0)
flag = put_license(key_1)["flag"]
print("[+] Flag:", flag)
key_2 = generate_license_key(1)
flag = put_license(key_2)["flag"]
print("[+] Flag:", flag)

47
Day 20/machine Normal file

@ -0,0 +1,47 @@
PORT STATE SERVICE VERSION
22/tcp filtered ssh
80/tcp open http
|_http-title: Did not follow redirect to https://6934ea68-c11e-4965-a48c-0fb21ec78960.idocker.vuln.land:443/
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100000 3,4 111/tcp6 rpcbind
|_ 100000 3,4 111/udp6 rpcbind
443/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
|_http-title: Santa's Candy Cane Machine
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: Kestrel
| ssl-cert: Subject: commonName=*.idocker.vuln.land
| Subject Alternative Name: DNS:*.idocker.vuln.land, DNS:idocker.vuln.land
| Issuer: commonName=Thawte TLS RSA CA G1/organizationName=DigiCert Inc/countryName=US
| Public Key type: rsa
| Public Key bits: 3072
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2023-09-04T00:00:00
| Not valid after: 2024-09-08T23:59:59
| MD5: 80d7:8bfe:9544:857d:d5ab:3419:4283:4228
|_SHA-1: 7a7c:1086:65bb:52dd:6c97:238f:a29d:c680:1b8b:5a73
8080/tcp open http-proxy
| http-auth:
| HTTP/1.1 401 Unauthorized\x0D
|_ Basic realm=traefik
|_http-title: Site doesn't have a title (text/plain).
| fingerprint-strings:
| FourOhFourRequest, GetRequest, HTTPOptions:
| HTTP/1.0 401 Unauthorized
| Content-Type: text/plain
| Www-Authenticate: Basic realm="traefik"
| Date: Tue, 19 Dec 2023 23:10:21 GMT
| Content-Length: 17
| Unauthorized
| GenericLines, Help, Kerberos, LPDString, RTSPRequest, SSLSessionReq, Socks5, TLSSessionReq, TerminalServerCookie:
| HTTP/1.1 400 Bad Request
| Content-Type: text/plain; charset=utf-8
| Connection: close
|_ Request
9100/tcp open jetdirect?
42810/tcp open fmproduct 1-4 (RPC #1073741824)
55555/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)