Tags: cpa
Rating:
Just default CPA
import requests as r
import sys
import re
import base64
URL = "http://167.71.246.232:8080/crypto.php"
flag = ''
b = 16
data = 'a'*15
while True:
d = {'text_to_encrypt': data, 'do_encrypt':'Encrypt'}
block = r.post(URL, data=d).text
block = re.search(r'<b>(.*?)</b>', block).group(1)
base64_bytes = block.encode('ascii')
block = base64.b64decode(base64_bytes)
for i in range(0x20, 0x80):
if chr(i) in '&#': continue
d = {'text_to_encrypt': data+flag+chr(i), 'do_encrypt':'Encrypt'}
resp = r.post(URL, data=d).text
resp = re.search(r'<b>(.*?)</b>', resp).group(1)
base64_bytes = resp.encode('ascii')
resp = base64.b64decode(base64_bytes)
sys.stdout.write('\r'+flag+chr(i))
sys.stdout.flush()
if block[:b] == resp[:b]:
data = data[1:]
flag += chr(i)
if len(flag) == 16:
b += 16
data = 'a'*15
break
else:
print "\r" + flag + " \nDONE"
break
flag{b4d_bl0cks_for_g0nks}
