-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexercise_13
executable file
·76 lines (55 loc) · 2.18 KB
/
exercise_13
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/usr/bin/env python3
# Copyright 2014 Carl Winbäck. See the COPYING file at the top-level directory
# of this distribution.
from Crypto.Cipher import AES
from os import urandom
from random import SystemRandom
import re
from libpals.util import pkcs7pad, pkcs7pad_remove
# Some assumptions:
#
# A) The attacker is aware of the ”profile format”. (E.g.
# ”[email protected]&uid=10&role=user”)
#
# B) The attacker-provided string doesn’t have to be a valid e-mail address.
#
# C) The attacker can insert padding. (I.e. non-printable ASCII characters.)
SECRET_KEY = urandom(16)
def parse(input_string):
list_of_pairs = input_string.split(sep="&")
result = {}
for kv_string in list_of_pairs:
kv_pair = kv_string.split(sep="=")
key = kv_pair[0]
value = kv_pair[1]
result[key] = value
return result
def generate_profile(email_address):
sanitized_address = re.sub('[&=]', '', email_address)
uid = SystemRandom().randint(1, 99)
result = """email={}&uid={:0>2d}&role=user""".format(sanitized_address,
uid)
return result
def encrypt(input_string):
cipher = AES.new(SECRET_KEY, AES.MODE_ECB)
input_bytes = input_string.encode('ascii')
plaintext = pkcs7pad(input_bytes, 16)
ciphertext = cipher.encrypt(plaintext)
return ciphertext
def decrypt(ciphertext):
cipher = AES.new(SECRET_KEY, AES.MODE_ECB)
plaintext_bytes = pkcs7pad_remove(cipher.decrypt(ciphertext))
plaintext_string = plaintext_bytes.decode('ascii')
return plaintext_string
attacker_input = ('XXXXXXXXXXadmin\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b'
original_ciphertext = encrypt(generate_profile(attacker_input))
# By rearranging the ciphertext, Mallory can influence the resulting plaintext.
evil_ciphertext = original_ciphertext[0:64] + original_ciphertext[16:32]
# Creating a profile from the modified ciphertext
profile = parse(decrypt(evil_ciphertext))
output_message = """SET 02 CHALLENGE 13: ECB cut-and-paste
Attacker input: {}
Resulting profile: {}"""
print(output_message.format(repr(attacker_input),
profile))