solved rainbow

2024-11-22 16:32:02 +09:00
parent a9761db4fe
commit 00b0afd17a
8 changed files with 95 additions and 9 deletions
--- a/.DS_Store
+++ b/.DS_Store
--- a/week04/.DS_Store
+++ b/week04/.DS_Store
--- a/week04/hard/.DS_Store
+++ b/week04/hard/.DS_Store
--- a/week04/hard/client.py
+++ b/week04/hard/client.py
@ -3,7 +3,7 @@ import json
 import base64

 # Fill in the right target here
-HOST = "localhost"  # TODO
+HOST = "netsec.net.in.tum.de"  # TODO
 # HOST = "localhost"
 PORT = 20204  # TODO

@ -27,12 +27,15 @@ def search_password(target_pass, rainbow_dict):
    return None


-def crack_hash(target):
+def crack_hash(targets):
    rainbow_dict = None
    with open("rainbow_table.json", "r") as f:
        rainbow_dict = json.load(f)
    hash_dict = decode_hash(rainbow_dict)
-    return search_password(target, hash_dict)
+    password = ""
+    for target in targets:
+        password += search_password(target, hash_dict) + ";"
+    return password


 def get_flag():
@ -54,17 +57,17 @@ def get_flag():
    sf.flush()
    output = sf.readline().rstrip("\n").split("Passwords do not match hashes ")[1]
    pos_pas = parse_list_string(output)
-    password = crack_hash(pos_pas[0])
-    print(f"Password found {password}")
+    password = crack_hash(pos_pas)[:-1]
+    print(f"accumulated the password as '{password}'")
    print(sf.readline().rstrip("\n"))
+    print("inserted Username admin")
    sf.write("admin\n")
    sf.flush()
    print(sf.readline().rstrip("\n"))
-    print(f"inserted password '{password}'")
+    print(f"inserted password '{password}")
    sf.write(f"{password}\n")
    sf.flush()
    print(sf.readline().rstrip("\n"))
-    print(sf.readline().rstrip("\n"))
    sf.close()
    s.close()

--- a/week04/hard/decrypt_hash.py
+++ b/week04/hard/decrypt_hash.py
@ -21,7 +21,7 @@ ori_pwd = ["was123", "gil123", "wgp123", "vut123", "lrz123"]

 # Stored hashes
 hashp = [
-    "e0ac26da8755c76127cc12356577f11e2e6ab72071c27678fd2fb1b19fb6190307587de24f7b00d4e1d0115733453a5310f3968d151b13106a45bbde8e76558e",
+    "1c4aaa88180b3753700b4aef19f9da77d3940237e9d7e512bb3775bbc2a66b6651b4cc69052533abce9e780c3afb373286adc37c5edfeb47bb4078044b7e64f4",
    "da8a0ac4a5577d2bbe5c605597c43339db0a6516ebb942b09510eb8a52d78c764744db60f9fcd8c98db0ddef8fda71bcf9a4454847382475b9efafc65ccf74a7",
    "bbe347565bd9f575f3d48dce800f73d1e7e70cd5f103b335ab487271645fe4ee399cd1c7af6334ddeaae0c1e561ecb85770961a4b73e5092788a7d6665ec9f35",
    "b3e5879bf0f340793eb2a3be23d64afd5c75d2318e7a4a74b9dd06e97c01ce2564ea57b97bad17273c0e82787d19b07f5619323b011c93066d8dc6d0951bf89f",
@ -36,4 +36,9 @@ hash_dict = decode_hash(rainbow_dict)
 for key, value in hash_dict.items():
    print(key, value)
    break
-print(search_password(hashp[0], hash_dict))
+print(
+    search_password(
+        "1c4aaa88180b3753700b4aef19f9da77d3940237e9d7e512bb3775bbc2a66b6651b4cc69052533abce9e780c3afb373286adc37c5edfeb47bb4078044b7e64f4",
+        hash_dict,
+    )
+)
--- a/week04/hard/server.py
+++ b/week04/hard/server.py
@ -56,6 +56,8 @@ def check_passwords(passwords: str, username: str) -> Result:
    passwords = passwords.split(';')
    hashes = calc_hashes(passwords, username)
    stored = random_passwords[asyncio.current_task()]
+    print(random_passwords)
+    print(type(random_passwords))
    if stored != hashes:
        return f'Passwords do not match hashes {[h.hex() for h in password_store[username]]}'
    return True
--- a/week04/hard/solve.py
+++ b/week04/hard/solve.py
@ -0,0 +1,76 @@
+import socket
+import json
+import base64
+
+# Fill in the right target here
+HOST = "netsec.net.in.tum.de"  # TODO
+# HOST = "localhost"
+PORT = 20204  # TODO
+
+
+def parse_list_string(string_list):
+    # Remove brackets and split
+    return [item.strip().strip("'\"") for item in string_list.strip("[]").split(",")]
+
+
+def decode_hash(hash_encode):
+    ddata = {}
+    for key, value in hash_encode.items():
+        ddata[key] = base64.b64decode(value).hex()
+    return ddata
+
+
+def search_password(target_pass, rainbow_dict):
+    for key, value in rainbow_dict.items():
+        if value == target_pass:
+            return key
+    return None
+
+
+def crack_hash(targets):
+    rainbow_dict = None
+    with open("rainbow_table.json", "r") as f:
+        rainbow_dict = json.load(f)
+    hash_dict = decode_hash(rainbow_dict)
+    password = ""
+    for target in targets:
+        password += search_password(target, hash_dict) + ";"
+    return password
+
+
+def get_flag():
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+    s.connect((HOST, PORT))
+    sf = s.makefile("rw")  # we use a file abstraction for the sockets
+    print(sf.readline().rstrip("\n"))
+    print("GET_SECRET Initiated")
+    sf.write("GET_SECRET\n")
+    sf.flush()
+    print(sf.readline().rstrip("\n"))
+    print("inserted Username admin")
+    sf.write("admin\n")
+    sf.flush()
+    print(sf.readline().rstrip("\n"))
+    print("inserted password 'rand123'")
+    sf.write("ran123\n")
+    sf.flush()
+    output = sf.readline().rstrip("\n").split("Passwords do not match hashes ")[1]
+    pos_pas = parse_list_string(output)
+    password = crack_hash(pos_pas)[:-1]
+    print(f"accumulated the password as '{password}'")
+    print(sf.readline().rstrip("\n"))
+    print("inserted Username admin")
+    sf.write("admin\n")
+    sf.flush()
+    print(sf.readline().rstrip("\n"))
+    print(f"inserted password '{password}")
+    sf.write(f"{password}\n")
+    sf.flush()
+    print(sf.readline().rstrip("\n"))
+    sf.close()
+    s.close()
+
+
+if __name__ == "__main__":
+    get_flag()
--- a/week04/hard/solve.zip
+++ b/week04/hard/solve.zip