#!/usr/local/bin/python2
import sys
import signal
from random import randint
# Time allowed to answer (seconds)
DELAY = 10
def handler(signum, frame):
raise Exception("Time is up!\n")
def p(s):
sys.stdout.write(s)
sys.stdout.flush()
def challenge():
for _ in range(10):
p("[+] Generating a 128-bit random secret (a, b)\n")
secret_a = randint(0, 2**64 - 1)
secret_b = randint(0, 2**64 - 1)
secret = "{:016x}{:016x}".format(secret_a, secret_b)
p("[+] Done! Now, try go guess it!\n")
p(">>> a = ")
a = int(input())
p(">>> b = ")
b = int(input())
check = "{:016x}{:016x}".format(a, b)
p("[-] Trying {}\n".format(check))
if check == secret:
flag = open("flag.txt").read()
p("[+] Well done! Here is the flag: {}\n".format(flag))
break
else:
p("[!] Nope, it started by {}. Please try again.\n".format(secret[:5]))
if __name__ == "__main__":
signal.alarm(DELAY)
signal.signal(signal.SIGALRM, handler)
try:
challenge()
except Exception, e:
exit(0)
else:
exit(0)
Le script génère deux secrets, secret_a et secret_b Ils contiennent un nombre compris entre 1 et 2^64-1
On voit aussi qu'il y a un délais pour trouver le secret
DELAY = 10
if __name__ == "__main__":
signal.alarm(DELAY)
signal.signal(signal.SIGALRM, handler)
Debug
J'ai ajouté un délais plus large + print des secrets
#!/usr/local/bin/python2
import sys
import signal
from random import randint
# Time allowed to answer (seconds)
DELAY = 1000000000
def handler(signum, frame):
raise Exception("Time is up!\n")
def p(s):
sys.stdout.write(s)
sys.stdout.flush()
def challenge():
for _ in range(10):
p("[+] Generating a 128-bit random secret (a, b)\n")
secret_a = randint(0, 2**64 - 1)
print(secret_a)
secret_b = randint(0, 2**64 - 1)
print(secret_b)
secret = "{:016x}{:016x}".format(secret_a, secret_b)
print(secret)
p("[+] Done! Now, try go guess it!\n")
p(">>> a = ")
a = int(input())
p(">>> b = ")
b = int(input())
check = "{:016x}{:016x}".format(a, b)
p("[-] Trying {}\n".format(check))
if check == secret:
#flag = open("flag.txt").read()
flag = "OK FLAG"
p("[+] Well done! Here is the flag: {}\n".format(flag))
break
else:
p("[!] Nope, it started by {}. Please try again.\n".format(secret[:5]))
if __name__ == "__main__":
signal.alarm(DELAY)
signal.signal(signal.SIGALRM, handler)
try:
challenge()
except Exception, e:
exit(0)
else:
exit(0)
Si on test une éxécution :
onosh@kali:/home/onosh/FCSC/MISC# python randomito.py
[+] Generating a 128-bit random secret (a, b)
16141621770963719195
12208871211096206965
e0028f7a8d01141ba96e9fae5de1ee75
[+] Done! Now, try go guess it!
>>> a = 16141621770963719195
>>> b = 12208871211096206965
[-] Trying e0028f7a8d01141ba96e9fae5de1ee75
[+] Well done! Here is the flag: OK FLAG
Mais alors comment trouver le secret en 10 secondes ? Simplement en lui donnant ce qu'il attend :
onosh@kali:/home/onosh/FCSC/MISC# python randomito.py
[+] Generating a 128-bit random secret (a, b)
6141270817308741848
5049640784231285106
553a2d453f2910d84613ed8a036e4172
[+] Done! Now, try go guess it!
>>> a = secret_a
>>> b = secret_b
[-] Trying 553a2d453f2910d84613ed8a036e4172
[+] Well done! Here is the flag: OK FLAG
Il n'y a plus qu'à tester en réel :
onosh@kali:/home/onosh/FCSC/MISC# nc challenges2.france-cybersecurity-challenge.fr 6001
[+] Generating a 128-bit random secret (a, b)
[+] Done! Now, try go guess it!
>>> a = secret_a
>>> b = secret_b
[-] Trying d955218681608306fc0e9b492dbdda1c
[+] Well done! Here is the flag: FCSC{4496d11d19db92ae53e0b9e9415d99d877ebeaeab99e9e