Add InsomniHack Teaser 2015 Interview RE stuff

This commit is contained in:
q3k 2015-01-11 13:56:10 +01:00
parent 830da262a5
commit 4f4af8e3d1
3 changed files with 83 additions and 0 deletions

View file

@ -0,0 +1,36 @@
import socket
import hashlib
import os
USERS = {
'foo': 'bar'
}
SOCKET = '/tmp/authserver.sock'
if os.path.exists(SOCKET):
os.remove(SOCKET)
s = socket.socket(1, socket.SOCK_STREAM)
s.bind(SOCKET)
s.listen(100)
while True:
c, _ = s.accept()
line = c.recv(1024)
magic, username, nonce, password = line.split(':')
if magic != 'check_auth':
print "Invalid request"
c.send(chr(0))
c.close()
else:
print "Auth request from {}, {}:{}".format(nonce, username, password)
if username in USERS:
h = hashlib.sha256(nonce+USERS[username]).hexdigest()
print "OK"
c.send(chr(1))
c.close()
else:
print "Invalid username or password."
c.send(chr(0))
c.close()

View file

@ -0,0 +1,47 @@
import pwn
import hashlib
def sendmail(f, t, d):
data = "From: %s%sTo %s%s%s" % (f, "\r\n", t, "\r\n\r\n", d)
h = hashlib.sha256(data).hexdigest()
f = open('/tmp/mails/foo/%s' % h, 'w')
f.write(data)
f.close()
for i in range(10):
sendmail('q3k@dragonsector.pl', 'foo@insomni.hack', ('%i'%i + pwn.cyclic(200)+'\r\n')*20)
USERNAME = 'foo'
PASSWORD = 'bar'
s = pwn.remote('localhost', 42110)
nonce = s.recvline().split('<')[1].split('>')[0]
h = hashlib.sha256('<{}>{}'.format(nonce, PASSWORD)).hexdigest()
s.send('APOP {} {}\n'.format(USERNAME, h))
print '[d]', s.recvline(),
def list():
s.send('LIST\n')
line = s.recvline()
count = line.split()[1]
for _ in range(int(count)):
print '[d]', s.recvline(),
list()
s.send('TOP 0 10\n')
print '[d]', s.recvuntil('\r\n.\r\n')
s.send('DELE 0\n')
print '[d]', s.recvline(),
s.send('DELE 1\n')
print '[d]', s.recvline(),
s.send('RSET\n')
print '[d]', s.recvline(),
s.send('TOP 2 2\n')
print '[d]', s.recvuntil('\r\n.\r\n')
s.send('TOP 1 2\n')
print '[d]', s.recvuntil('\r\n.\r\n')

Binary file not shown.