Add InsomniHack Teaser 2015 Interview RE stuff
This commit is contained in:
parent
830da262a5
commit
4f4af8e3d1
3 changed files with 83 additions and 0 deletions
36
ISHTeaser2015/interview/authsrv.py
Normal file
36
ISHTeaser2015/interview/authsrv.py
Normal file
|
@ -0,0 +1,36 @@
|
|||
import socket
|
||||
import hashlib
|
||||
import os
|
||||
|
||||
USERS = {
|
||||
'foo': 'bar'
|
||||
}
|
||||
|
||||
SOCKET = '/tmp/authserver.sock'
|
||||
|
||||
if os.path.exists(SOCKET):
|
||||
os.remove(SOCKET)
|
||||
s = socket.socket(1, socket.SOCK_STREAM)
|
||||
s.bind(SOCKET)
|
||||
s.listen(100)
|
||||
|
||||
while True:
|
||||
c, _ = s.accept()
|
||||
line = c.recv(1024)
|
||||
magic, username, nonce, password = line.split(':')
|
||||
if magic != 'check_auth':
|
||||
print "Invalid request"
|
||||
c.send(chr(0))
|
||||
c.close()
|
||||
else:
|
||||
print "Auth request from {}, {}:{}".format(nonce, username, password)
|
||||
if username in USERS:
|
||||
h = hashlib.sha256(nonce+USERS[username]).hexdigest()
|
||||
print "OK"
|
||||
c.send(chr(1))
|
||||
c.close()
|
||||
else:
|
||||
print "Invalid username or password."
|
||||
c.send(chr(0))
|
||||
c.close()
|
||||
|
47
ISHTeaser2015/interview/client.py
Normal file
47
ISHTeaser2015/interview/client.py
Normal file
|
@ -0,0 +1,47 @@
|
|||
import pwn
|
||||
import hashlib
|
||||
|
||||
def sendmail(f, t, d):
|
||||
data = "From: %s%sTo %s%s%s" % (f, "\r\n", t, "\r\n\r\n", d)
|
||||
h = hashlib.sha256(data).hexdigest()
|
||||
f = open('/tmp/mails/foo/%s' % h, 'w')
|
||||
f.write(data)
|
||||
f.close()
|
||||
|
||||
for i in range(10):
|
||||
sendmail('q3k@dragonsector.pl', 'foo@insomni.hack', ('%i'%i + pwn.cyclic(200)+'\r\n')*20)
|
||||
|
||||
USERNAME = 'foo'
|
||||
PASSWORD = 'bar'
|
||||
|
||||
s = pwn.remote('localhost', 42110)
|
||||
|
||||
nonce = s.recvline().split('<')[1].split('>')[0]
|
||||
h = hashlib.sha256('<{}>{}'.format(nonce, PASSWORD)).hexdigest()
|
||||
s.send('APOP {} {}\n'.format(USERNAME, h))
|
||||
print '[d]', s.recvline(),
|
||||
|
||||
def list():
|
||||
s.send('LIST\n')
|
||||
line = s.recvline()
|
||||
count = line.split()[1]
|
||||
for _ in range(int(count)):
|
||||
print '[d]', s.recvline(),
|
||||
|
||||
list()
|
||||
|
||||
s.send('TOP 0 10\n')
|
||||
print '[d]', s.recvuntil('\r\n.\r\n')
|
||||
|
||||
s.send('DELE 0\n')
|
||||
print '[d]', s.recvline(),
|
||||
s.send('DELE 1\n')
|
||||
print '[d]', s.recvline(),
|
||||
|
||||
s.send('RSET\n')
|
||||
print '[d]', s.recvline(),
|
||||
|
||||
s.send('TOP 2 2\n')
|
||||
print '[d]', s.recvuntil('\r\n.\r\n')
|
||||
s.send('TOP 1 2\n')
|
||||
print '[d]', s.recvuntil('\r\n.\r\n')
|
BIN
ISHTeaser2015/interview/pop3ret.i64
Normal file
BIN
ISHTeaser2015/interview/pop3ret.i64
Normal file
Binary file not shown.
Loading…
Add table
Reference in a new issue