在本练习中,我将根据我的用户名(在本例中为vdeppe)找出一个标志。我得到的代码如下:
#!/usr/bin/env python2
import os
from Crypto.Cipher import AES
from Crypto.Util import Counter
def encrypt(msg):
nonce = os.urandom(16)
key = os.urandom(32)
aes = AES.new(key, AES.MODE_CTR, counter=lambda: nonce)
return aes.encrypt(msg)
Plaintext:
GET / HTTP/1.1
Host: its-exercise.cs.upb.de
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: flag=**FLAG_REDACTED**
Please input your username
> vdeppe
Ciphertext:
a88aff3902704c8662b7ceee82142ff9a7a0d86d17706da645ca84a7c957419a9caa857a5e7e71a254c985baa12f77808abd86584a356aa60cc7acb0d64c4e9f8ee09e371d702c8a07d6dafff947579d9bba903961396aa74ec799e79a7a14c7d4efd96f176636fc06cec198c946499cc0fd9b281d6035e207c7a7b6de40449c97e09d2b036009d8778482badc5118d39baad36d023870bf5acb80afdc494b908ebbc276437f7cba428a8df4d4484edf8ebfdb75443365a65f888ff0d4484ec89ef29b37147c2efd1cdc90e29c0b1afee58ec87a482070ff7a868fb8d9444596d5efce77000557fe5389daae91150cc6e2c5ea7a4e3574a61ba28fbcc3414b9d88f58b7e573974fe168384b9c0445696c3efc96b205a47bd588984bcd84c4d9dd5efc07c482029b35a8e97baa12f619c80a4c27c177062be5780dcb6d85659a087a0de75490f6cb34082bebecf51579283a3d2464e3f71bc428285f1820b12cad7ac9f2d496179
那是演习所预料的。当我输入用户名(vdeppe)时,将输出上述密文。根据我的用户名,是否有可能获得该标志?我唯一的信息是,它基于带有计数器模式的aes128和以下描述: 我发现发给https://its-exercise.cs.upb.de的消息是如何加密的,然后再修复漏洞并实施可重现该漏洞的服务器。您可以在下面找到该漏洞以及使用其方法加密邮件的选项。使用Linux终端中“访问点”下给出的命令进行进一步的操作。
访问点状态(最近更新)
nc its-exercise.cs.upb.de 1337 不适用
我已经尝试过了,但是根本不起作用,我完全不知道。
#!/usr/bin/env python2
import os
from Crypto.Cipher import AES
from Crypto.Util import Counter
def encrypt(msg):
nonce = os.urandom(16)
key = os.urandom(32)
aes = AES.new(key, AES.MODE_CTR, counter=lambda: nonce)
ass = aes
return aes.encrypt(msg)
chiffre = encrypt("vdeppe")
print(chiffre)
def decrypt(msg):
return aes.decrypt(msg)
print(decrypt(chiffre))
预先感谢和亲切问候