Last active
May 24, 2017 04:39
-
-
Save intrd/d7a0c03fc50b4d30a7ba9945555712a7 to your computer and use it in GitHub Desktop.
Solution for SHX10 : web200-Read_My_eMail (recover the stream cipher key and create a valid session for every username)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution for SHX10 : web200-Read_My_eMail (recover the stream cipher key and create a valid session for every username) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| import hashlib | |
| def xor_bytearray(d, k): | |
| return bytearray(a^b for a, b in zip(*map(bytearray, [d, k]))) | |
| def generate_sessionid(given_username,anyusername): | |
| billy_user_hash = hashlib.sha1(given_username).hexdigest() | |
| print billy_user_hash | |
| nealcaffrey_user_hash = hashlib.sha1(anyusername).hexdigest() | |
| print nealcaffrey_user_hash | |
| billy_sessionid = "6405552caf11c7b1aa5b18a3346ae1f13eafa516" | |
| print billy_sessionid | |
| # Just for note, you can replace the xor_bytearray() and all this code below | |
| # by a simple hex(hex1 ^ hex2), because Python do a xor byte-wise by default in hex values! | |
| key = xor_bytearray(billy_user_hash.decode("hex"), billy_sessionid.decode("hex")) | |
| key = ''.join(format(x, '02x') for x in key) | |
| sessionid = xor_bytearray(nealcaffrey_user_hash.decode("hex"), key.decode("hex")) | |
| sessionid = ''.join(format(x, '02x') for x in sessionid) | |
| print anyusername+":"+sessionid | |
| generate_sessionid("billy","nealcaffrey") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment