diff --git a/.DS_Store b/.DS_Store index 2cf2fe0..19affa9 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/week04/.DS_Store b/week04/.DS_Store new file mode 100644 index 0000000..31acb10 Binary files /dev/null and b/week04/.DS_Store differ diff --git a/week04/hard/.DS_Store b/week04/hard/.DS_Store new file mode 100644 index 0000000..5008ddf Binary files /dev/null and b/week04/hard/.DS_Store differ diff --git a/week04/hard/client.py b/week04/hard/client.py index d1f9a31..8595141 100644 --- a/week04/hard/client.py +++ b/week04/hard/client.py @@ -3,7 +3,7 @@ import json import base64 # Fill in the right target here -HOST = "localhost" # TODO +HOST = "netsec.net.in.tum.de" # TODO # HOST = "localhost" PORT = 20204 # TODO @@ -27,12 +27,15 @@ def search_password(target_pass, rainbow_dict): return None -def crack_hash(target): +def crack_hash(targets): rainbow_dict = None with open("rainbow_table.json", "r") as f: rainbow_dict = json.load(f) hash_dict = decode_hash(rainbow_dict) - return search_password(target, hash_dict) + password = "" + for target in targets: + password += search_password(target, hash_dict) + ";" + return password def get_flag(): @@ -54,17 +57,17 @@ def get_flag(): sf.flush() output = sf.readline().rstrip("\n").split("Passwords do not match hashes ")[1] pos_pas = parse_list_string(output) - password = crack_hash(pos_pas[0]) - print(f"Password found {password}") + password = crack_hash(pos_pas)[:-1] + print(f"accumulated the password as '{password}'") print(sf.readline().rstrip("\n")) + print("inserted Username admin") sf.write("admin\n") sf.flush() print(sf.readline().rstrip("\n")) - print(f"inserted password '{password}'") + print(f"inserted password '{password}") sf.write(f"{password}\n") sf.flush() print(sf.readline().rstrip("\n")) - print(sf.readline().rstrip("\n")) sf.close() s.close() diff --git a/week04/hard/decrypt_hash.py b/week04/hard/decrypt_hash.py index 5562266..8867d0d 100644 --- a/week04/hard/decrypt_hash.py +++ b/week04/hard/decrypt_hash.py @@ -21,7 +21,7 @@ ori_pwd = ["was123", "gil123", "wgp123", "vut123", "lrz123"] # Stored hashes hashp = [ - "e0ac26da8755c76127cc12356577f11e2e6ab72071c27678fd2fb1b19fb6190307587de24f7b00d4e1d0115733453a5310f3968d151b13106a45bbde8e76558e", + "1c4aaa88180b3753700b4aef19f9da77d3940237e9d7e512bb3775bbc2a66b6651b4cc69052533abce9e780c3afb373286adc37c5edfeb47bb4078044b7e64f4", "da8a0ac4a5577d2bbe5c605597c43339db0a6516ebb942b09510eb8a52d78c764744db60f9fcd8c98db0ddef8fda71bcf9a4454847382475b9efafc65ccf74a7", "bbe347565bd9f575f3d48dce800f73d1e7e70cd5f103b335ab487271645fe4ee399cd1c7af6334ddeaae0c1e561ecb85770961a4b73e5092788a7d6665ec9f35", "b3e5879bf0f340793eb2a3be23d64afd5c75d2318e7a4a74b9dd06e97c01ce2564ea57b97bad17273c0e82787d19b07f5619323b011c93066d8dc6d0951bf89f", @@ -36,4 +36,9 @@ hash_dict = decode_hash(rainbow_dict) for key, value in hash_dict.items(): print(key, value) break -print(search_password(hashp[0], hash_dict)) +print( + search_password( + "1c4aaa88180b3753700b4aef19f9da77d3940237e9d7e512bb3775bbc2a66b6651b4cc69052533abce9e780c3afb373286adc37c5edfeb47bb4078044b7e64f4", + hash_dict, + ) +) diff --git a/week04/hard/server.py b/week04/hard/server.py index e981e7a..c8f6460 100644 --- a/week04/hard/server.py +++ b/week04/hard/server.py @@ -56,6 +56,8 @@ def check_passwords(passwords: str, username: str) -> Result: passwords = passwords.split(';') hashes = calc_hashes(passwords, username) stored = random_passwords[asyncio.current_task()] + print(random_passwords) + print(type(random_passwords)) if stored != hashes: return f'Passwords do not match hashes {[h.hex() for h in password_store[username]]}' return True diff --git a/week04/hard/solve.py b/week04/hard/solve.py new file mode 100644 index 0000000..8595141 --- /dev/null +++ b/week04/hard/solve.py @@ -0,0 +1,76 @@ +import socket +import json +import base64 + +# Fill in the right target here +HOST = "netsec.net.in.tum.de" # TODO +# HOST = "localhost" +PORT = 20204 # TODO + + +def parse_list_string(string_list): + # Remove brackets and split + return [item.strip().strip("'\"") for item in string_list.strip("[]").split(",")] + + +def decode_hash(hash_encode): + ddata = {} + for key, value in hash_encode.items(): + ddata[key] = base64.b64decode(value).hex() + return ddata + + +def search_password(target_pass, rainbow_dict): + for key, value in rainbow_dict.items(): + if value == target_pass: + return key + return None + + +def crack_hash(targets): + rainbow_dict = None + with open("rainbow_table.json", "r") as f: + rainbow_dict = json.load(f) + hash_dict = decode_hash(rainbow_dict) + password = "" + for target in targets: + password += search_password(target, hash_dict) + ";" + return password + + +def get_flag(): + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + s.connect((HOST, PORT)) + sf = s.makefile("rw") # we use a file abstraction for the sockets + print(sf.readline().rstrip("\n")) + print("GET_SECRET Initiated") + sf.write("GET_SECRET\n") + sf.flush() + print(sf.readline().rstrip("\n")) + print("inserted Username admin") + sf.write("admin\n") + sf.flush() + print(sf.readline().rstrip("\n")) + print("inserted password 'rand123'") + sf.write("ran123\n") + sf.flush() + output = sf.readline().rstrip("\n").split("Passwords do not match hashes ")[1] + pos_pas = parse_list_string(output) + password = crack_hash(pos_pas)[:-1] + print(f"accumulated the password as '{password}'") + print(sf.readline().rstrip("\n")) + print("inserted Username admin") + sf.write("admin\n") + sf.flush() + print(sf.readline().rstrip("\n")) + print(f"inserted password '{password}") + sf.write(f"{password}\n") + sf.flush() + print(sf.readline().rstrip("\n")) + sf.close() + s.close() + + +if __name__ == "__main__": + get_flag() diff --git a/week04/hard/solve.zip b/week04/hard/solve.zip new file mode 100644 index 0000000..c7e61c9 Binary files /dev/null and b/week04/hard/solve.zip differ