반응형
from Crypto.Cipher import DES
from pwn import *
import binascii
p = remote("host3.dreamhack.games", 12520)
p.recvuntil(b"> ")
hint = bytes.fromhex(p.recvline().strip().decode("utf-8"))
r1 = {}
for i in range(0xFFFF + 1):
k = b'Dream_' + i.to_bytes(2, 'big')
enc = DES.new(k, DES.MODE_ECB).encrypt(b'DreamHack_blocks')
r1[enc] = k
for i in range(0xFFFF + 1):
k = i.to_bytes(2, 'big') + b'Hacker'
dec = DES.new(k, DES.MODE_ECB).decrypt(hint)
if dec in r1:
k1 = r1[dec]
k2 = k
break
payload = DES.new(k2, DES.MODE_ECB).encrypt(DES.new(k1, DES.MODE_ECB).encrypt(b'give_me_the_flag'))
payload = binascii.hexlify(payload)
p.recvuntil(b"> ")
p.sendline(payload)
print(p.recvline().decode())반응형