Tags: crypto 

Rating: 5.0

```
from base64 import b64decode, b64encode
import hmac as HMAC
import requests

hmac_key = 'A' * 16
user_name = 'B' * 11

role = hmac_key
role += user_name

r = requests.post(
'https://radar-ch01.herokuapp.com/login',
data = '',
headers = {'Role': role},
allow_redirects = False
)
token = r.cookies['token']
ct, hmac = b64decode(token[:-32]), token[-32:]

enc_key = ct[0:16] # A * 16
enc_cred = ct[16:32] # BBBBBBBBBBB:user
enc_pad = ct[48:64] # '\x10' * 16

f = HMAC.new(hmac_key)
f.update(user_name + ':admin')

admin_token = b64encode(enc_cred + enc_key + enc_pad) + f.hexdigest()
while True:
r = requests.get('https://radar-ch01.herokuapp.com/', cookies = {'token': admin_token})
if 'radar{' in r.text:
print r.text
break
print 'Nope'
```