dongho/netsec
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crack hash

Browse Source
This commit is contained in:
Dongho Kim
2024-11-22 15:42:22 +09:00
parent 09b70ebea1
commit cfbf398137
10 changed files with 17754 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.python-version Normal file
View File

@ -0,0 +1 @@
3.11.9

1
week04/hard/.python-version Normal file
View File

@ -0,0 +1 @@
3.11.9

BIN
week04/hard/__pycache__/pwn_utils.cpython-311.pyc Normal file
View File

Binary file not shown.

67
week04/hard/client.py
View File

@ -1,22 +1,73 @@
import socket
import json
import base64
# Fill in the right target here
HOST = 'this.is.not.a.valid.domain' # TODO
PORT = 0 # TODO
HOST = "netsec.net.in.tum.de" # TODO
# HOST = "localhost"
PORT = 20204 # TODO
def parse_list_string(string_list):
# Remove brackets and split
return [item.strip().strip("'\"") for item in string_list.strip("[]").split(",")]
def decode_hash(hash_encode):
ddata = {}
for key, value in hash_encode.items():
ddata[key] = base64.b64decode(value).hex()
return ddata
def search_password(target_pass, rainbow_dict):
for key, value in rainbow_dict.items():
if value == target_pass:
return key
return None
def crack_hash(targets):
rainbow_dict = None
with open("rainbow_table.json", "r") as f:
rainbow_dict = json.load(f)
hash_dict = decode_hash(rainbow_dict)
found_dict = {}
for target in targets:
found_dict[search_password(target, hash_dict)] = target
return found_dict
def get_flag():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
sf = s.makefile('rw') # we use a file abstraction for the sockets
message1 = sf.readline().rstrip('\n')
# TODO
sf = s.makefile("rw") # we use a file abstraction for the sockets
print(sf.readline().rstrip("\n"))
sf.write("GET_SECRET\n")
sf.flush()
print(sf.readline().rstrip("\n"))
sf.write("admin\n")
sf.flush()
print(sf.readline().rstrip("\n"))
sf.write("ran123\n")
sf.flush()
output = sf.readline().rstrip("\n").split("Passwords do not match hashes ")[1]
pos_pas = parse_list_string(output)
passwords = crack_hash(pos_pas)
print(passwords)
for password in passwords:
print(sf.readline().rstrip("\n"))
sf.write("admin\n")
sf.flush()
print(sf.readline().rstrip("\n"))
sf.write(f"{password}\n")
sf.flush()
print(sf.readline().rstrip("\n"))
print(sf.readline().rstrip("\n"))
sf.close()
s.close()
if __name__ == '__main__':
if __name__ == "__main__":
get_flag()

22
week04/hard/client_demo.py Normal file
View File

@ -0,0 +1,22 @@
import socket
# Fill in the right target here
HOST = "localhost" # TODO
PORT = 20204 # TODO
def get_flag():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
sf = s.makefile("rw") # we use a file abstraction for the sockets
message1 = sf.readline().rstrip("\n")
# TODO
sf.close()
s.close()
if __name__ == "__main__":
get_flag()

39
week04/hard/decrypt_hash.py Normal file
View File

@ -0,0 +1,39 @@
import json
import base64
def decode_hash(hash_encode):
ddata = {}
for key, value in hash_encode.items():
ddata[key] = base64.b64decode(value).hex()
return ddata
def search_password(target_pass, rainbow_dict):
for key, value in rainbow_dict.items():
if value == target_pass:
return key
return None
# Original passwords
ori_pwd = ["was123", "gil123", "wgp123", "vut123", "lrz123"]
# Stored hashes
hashp = [
"e0ac26da8755c76127cc12356577f11e2e6ab72071c27678fd2fb1b19fb6190307587de24f7b00d4e1d0115733453a5310f3968d151b13106a45bbde8e76558e",
"da8a0ac4a5577d2bbe5c605597c43339db0a6516ebb942b09510eb8a52d78c764744db60f9fcd8c98db0ddef8fda71bcf9a4454847382475b9efafc65ccf74a7",
"bbe347565bd9f575f3d48dce800f73d1e7e70cd5f103b335ab487271645fe4ee399cd1c7af6334ddeaae0c1e561ecb85770961a4b73e5092788a7d6665ec9f35",
"b3e5879bf0f340793eb2a3be23d64afd5c75d2318e7a4a74b9dd06e97c01ce2564ea57b97bad17273c0e82787d19b07f5619323b011c93066d8dc6d0951bf89f",
"39e8a47bdd6a67340269c0fcffedc38786abcdbfd748bb6419fb3697c3d1cbdf1c7fe9a5bc9972b0931a5511fd6b1cdfb5e28f922b2525dc8d1b0d51ecfdc2a3",
]
rainbow_dict = None
with open("rainbow_table.json", "r") as f:
rainbow_dict = json.load(f)
hash_dict = decode_hash(rainbow_dict)
for key, value in hash_dict.items():
print(key, value)
break
print(search_password(hashp[0], hash_dict))

26
week04/hard/gen_rainbow_table.py Normal file
View File

@ -0,0 +1,26 @@
import itertools
from hashlib import scrypt
import base64
def calc_hash(password: str, username: str) -> list[bytes]:
return base64.b64encode(
scrypt(password.encode(), salt=username.encode(), n=16384, r=4, p=1)
).decode()
# return scrypt(password.encode(), salt=username.encode(), n=16384, r=4, p=1)
def generate_passwords():
letters = "abcdefghijklmnopqrstuvwxyz"
with open("rainbow_table.json", "w") as f:
f.write("{\n")
for prefix in itertools.product(letters, repeat=3):
password = "".join(prefix + "123")
hashed = calc_hash(password, "admin")
f.write(f'"{password}":"{hashed}",\n')
print("".join(prefix) + "".join("123"))
f.write("\n}")
if __name__ == "__main__":
generate_passwords()

27
week04/hard/pwn_utils.py Normal file
View File

@ -0,0 +1,27 @@
import asyncio
class utils:
@staticmethod
async def read_line_safe(reader):
"""
Simple implementation to read a line from an async reader
Mimics the original read_line_safe functionality
"""
try:
line = await reader.readline()
return line.decode().strip()
except Exception:
return None
def log_error(e, client_writer=None):
"""
Basic error logging function
"""
print(f"Error occurred: {e}")
if client_writer:
try:
client_writer.write(f"Error: {str(e)}\n".encode())
except Exception:
print("Could not send error to client")

17578
week04/hard/rainbow_table.json Normal file
View File

File diff suppressed because it is too large Load Diff

2
week04/hard/server.py
View File

@ -7,7 +7,7 @@ import subprocess
from hashlib import scrypt
from pwn_utils import utils
from pwn_utils.utils import log_error
from pwn_utils import log_error
log = logging.getLogger(__name__)
clients = {} # task -> (reader, writer)