-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathXASH.py
136 lines (109 loc) · 2.97 KB
/
XASH.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
from pwn import *
import hashlib
conn = remote('106.75.73.28',20000)
conn.recvuntil('such that ')
cm = conn.recvuntil('(')[:-1]
conn.recvuntil(' = ')
cnum = conn.recvline()[:-1]
print cm
print cnum
co = ''
if cm == 'md5':
print '======MD5 Bruteforcing======'
for i in range(100000, 9999999):
if (hashlib.md5(str(i)).hexdigest())[-6:] == cnum:
print str(i)
co = str(i)
break
if cm == 'sha1':
print '======SHA1 Bruteforcing======'
for i in range(100000, 9999999):
if (hashlib.sha1(str(i)).hexdigest())[-6:] == cnum:
print str(i)
co = str(i)
break
if cm == 'sha224':
print '======SHA224 Bruteforcing======'
for i in range(100000, 9999999):
if (hashlib.sha224(str(i)).hexdigest())[-6:] == cnum:
print str(i)
co = str(i)
break
if cm == 'sha256':
print '======SHA256 Bruteforcing======'
for i in range(100000, 99999999):
if (hashlib.sha256(str(i)).hexdigest())[-6:] == cnum:
print str(i)
co = str(i)
break
if cm == 'sha384':
print '======SHA384 Bruteforcing======'
for i in range(100000, 99999999):
if (hashlib.sha384(str(i)).hexdigest())[-6:] == cnum:
print str(i)
co = str(i)
break
if cm == 'sha512':
print '======SHA512 Bruteforcing======'
for i in range(100000, 99999999):
if (hashlib.sha512(str(i)).hexdigest())[-6:] == cnum:
print str(i)
co = str(i)
break
conn.send(co + '\n')
menu = conn.recv()
print menu
conn.send('I' + '\n')
conn.recvuntil(' = ')
sha1key = conn.recv()[:-1]
print 'sha1key: ' + sha1key
str1 = 'aaaaaaaaaaaaaaaa'
str2 = 'bbbbbbbbbbbbbbbb'
conn.send('G' + '\n')
conn.send(str1 + '\n')
conn.recvuntil(' = ')
xash1 = conn.recv()[:-1]
conn.send('G' + '\n')
conn.send(str2 + '\n')
conn.recvuntil(' = ')
xash2 = conn.recv()[:-1]
print 'xash of str1: ' + xash1
print 'xash of str2: ' + xash2
xxash1 = xash1.decode('hex')
xxash2 = xash2.decode('hex')
xkey = ''
for i in range(16):
for c in range(256):
if (ord(xxash1[i]) == ord('a') ^ c) and (ord(xxash2[i]) == ord('b') ^ c):
xkey += chr(c)
break
print 'hex(xkey): ' + xkey
print 'sha1 of calc-xkey: ' + hashlib.sha1(xkey).hexdigest()
str1 = b'\x00'*15 + hashlib.md5(xkey).digest()[:1]
str2 = b'\x00'*15
print str1
print str2
conn.send('G' + '\n')
conn.send(str1 + '\n')
conn.recvuntil(' = ')
xash1 = conn.recv()[:-1]
conn.send('G' + '\n')
conn.send(str2 + '\n')
conn.recvuntil(' = ')
xash2 = conn.recv()[:-1]
print 'xash of str1: ' + xash1
print 'xash of str2: ' + xash2
conn.send('S' + '\n')
conn.send(str1.encode('hex') + ',' + str2.encode('hex') + '\n')
print conn.recv()
print conn.recv()
'''
def xash(data, xkey):
assert len(xkey) == 16
if len(data) < len(xkey):
data += md5(xkey).digest()[:len(xkey) - len(data)]
out = b''
for n in range(len(data)):
out += chr( ord(data[n]) ^ ord(xkey[n]) )
return out.encode('hex')
'''