dongho/netsec
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c4c454770617d55849e43631decbff5fb312d23b
netsec/week04/hard/client.py
Dongho Kim 00b0afd17a solved rainbow
2024-11-22 16:32:02 +09:00

77 lines
2.0 KiB
Python
Raw Blame History

import socket
import json
import base64
# Fill in the right target here
HOST = "netsec.net.in.tum.de" # TODO
# HOST = "localhost"
PORT = 20204 # TODO
def parse_list_string(string_list):
# Remove brackets and split
return [item.strip().strip("'\"") for item in string_list.strip("[]").split(",")]
def decode_hash(hash_encode):
ddata = {}
for key, value in hash_encode.items():
ddata[key] = base64.b64decode(value).hex()
return ddata
def search_password(target_pass, rainbow_dict):
for key, value in rainbow_dict.items():
if value == target_pass:
return key
return None
def crack_hash(targets):
rainbow_dict = None
with open("rainbow_table.json", "r") as f:
rainbow_dict = json.load(f)
hash_dict = decode_hash(rainbow_dict)
password = ""
for target in targets:
password += search_password(target, hash_dict) + ";"
return password
def get_flag():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
sf = s.makefile("rw") # we use a file abstraction for the sockets
print(sf.readline().rstrip("\n"))
print("GET_SECRET Initiated")
sf.write("GET_SECRET\n")
sf.flush()
print(sf.readline().rstrip("\n"))
print("inserted Username admin")
sf.write("admin\n")
sf.flush()
print(sf.readline().rstrip("\n"))
print("inserted password 'rand123'")
sf.write("ran123\n")
sf.flush()
output = sf.readline().rstrip("\n").split("Passwords do not match hashes ")[1]
pos_pas = parse_list_string(output)
password = crack_hash(pos_pas)[:-1]
print(f"accumulated the password as '{password}'")
print(sf.readline().rstrip("\n"))
print("inserted Username admin")
sf.write("admin\n")
sf.flush()
print(sf.readline().rstrip("\n"))
print(f"inserted password '{password}")
sf.write(f"{password}\n")
sf.flush()
print(sf.readline().rstrip("\n"))
sf.close()
s.close()
if __name__ == "__main__":
get_flag()
Reference in New Issue View Git Blame Copy Permalink