Exemplo n.º 1
0
        static string function2(byte[] data)
        {
            //Static values for decryption.
            byte[] IV  = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
            byte[] key = new byte[] { 10, 11, 23, 44, 51, 23, 34,
                                      89, 101, 65, 43, 71, 92, 41, 85, 03 };

            //Brute force each possible byte combination until we come up with a valid answer.
            for (int a = 0; a < 255; a++)
            {
                int holder1 = a;
                data[36] = (byte)holder1;
                string holdByte = CryptoHelpers.Base64ToAscii(
                    CryptoHelpers.ByteArrayToBase64String(CryptoHelpers.CbcDecrypt(data, key, IV)));
                if (holdByte.Contains(";admin"))
                {
                    break;
                }
            }


            for (int a = 0; a < 255; a++)
            {
                int holder2 = a;
                data[42] = (byte)holder2;
                string holdByte = CryptoHelpers.Base64ToAscii(
                    CryptoHelpers.ByteArrayToBase64String(CryptoHelpers.CbcDecrypt(data, key, IV)));
                if (holdByte.Contains(";admin=true"))
                {
                    break;
                }
            }

            for (int a = 0; a < 255; a++)
            {
                int holder3 = a;
                data[47] = (byte)holder3;
                string holdByte = CryptoHelpers.Base64ToAscii(
                    CryptoHelpers.ByteArrayToBase64String(CryptoHelpers.CbcDecrypt(data, key, IV)));
                if (holdByte.Contains(";admin=true;"))
                {
                    break;
                }
            }

            return(CryptoHelpers.Base64ToAscii(
                       CryptoHelpers.ByteArrayToBase64String(CryptoHelpers.CbcDecrypt(data, key, IV))));
        }
Exemplo n.º 2
0
        static string challenge13()
        {
            //Static values to be used.
            string keyText = "AAAAAAAAAAAAAAAA";

            //padding so the block starting with admin decrypts correctly.
            byte[] padBytes = new byte[] { 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10 };
            string padding  = Encoding.Default.GetString(padBytes);
            //1's used to ensure "admin" is the start of a
            //block and "role=" is the end of a block
            string email = "1111111111admin" + padding +
                           "[email protected]";

            //Construct cookie string
            string cookieString = profile_for(email);

            //Convert cookie string to bytes
            byte[] key    = Encoding.ASCII.GetBytes(keyText);
            byte[] cookie = Encoding.ASCII.GetBytes(cookieString);


            //Encrypt bytes with key under ecb
            byte[] encryptedCookie = CryptoHelpers.EcbEncrypt(cookie, key);
            byte[] editedCookie    = new byte[encryptedCookie.Length - 16];
            byte[] adminByte       = new byte[16];

            //get encrypted bytes for admin string
            for (int a = 16; a < 32; a++)
            {
                adminByte[a - 16] = encryptedCookie[a];
            }

            //Copy the encrypted bytes in the appropriate order into a new byte array.
            Array.Copy(encryptedCookie, 0, editedCookie, 0, 16);
            Array.Copy(encryptedCookie, 32, editedCookie, 16, encryptedCookie.Length - 32);
            Array.Copy(adminByte, 0, editedCookie, 64, adminByte.Length);

            Console.WriteLine(
                CryptoHelpers.Base64ToAscii(
                    CryptoHelpers.ByteArrayToBase64String(
                        CryptoHelpers.EcbDecrypt(editedCookie, key))));
            return("");
        }