Created
August 26, 2012 15:27
-
-
Save devongovett/3481112 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # first, download the code from http://www.vnsecurity.net/2010/03/codegate_challenge15_sha1_padding_attack/ | |
| import json | |
| import sys | |
| import urllib | |
| import requests | |
| import hashlib | |
| from shaext import shaext | |
| orig_msg = 'count=10&lat=37.351&user_id=1&long=-119.827&waffle=eggo' | |
| orig_sig = 'e1104d4d0aa626ba7cb05c50a9c08054e5cb497e' | |
| keylen = 14 | |
| add_msg = '&waffle=liege' | |
| ext = shaext(orig_msg, keylen, orig_sig) | |
| ext.add(add_msg) | |
| (new_msg, new_sig) = ext.final() | |
| print "new msg: " + repr(new_msg) | |
| print "new sig: " + new_sig | |
| query = new_msg + '|sig:' + new_sig | |
| print '\n' + repr(query) | |
| resp = requests.post('https://level07-2.stripe-ctf.com/user-kgkxohwels/orders', data=query) | |
| print resp | |
| print resp.text |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I can't seem to understand how to get this solution to work. I've been trying all sorts of positioning with length expansion and passing in the string, but my signature does not match each time.