This repository has been archived by the owner on Mar 24, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 260
/
Copy pathexploit.py
50 lines (45 loc) · 1.55 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
from Crypto.Util.number import *
from pwn import *
def _encrypt(message):
r.recvuntil("choice: ")
r.sendline("1")
r.recvuntil("encrypt (in hex): ")
r.sendline(message.encode("hex"))
ct = r.recvline().strip()[37:].decode("hex")
r.recvline()
r.recvline()
return ct
def extractmod_eunknown(_encrypt, limit=4):
"""
Reference: https://crypto.stackexchange.com/questions/43583/deduce-modulus-n-from-public-exponent-and-encrypted-data
Function to extract the value of modulus without the value of public key exponent
:input parameters:
_encrypt : <type 'function'> : Function interacting with the server for encryption
limit : <type 'int'> : number of values to be sent for encryption
"""
try:
assert limit <= 4
except AssertionError:
print "[+] Limit too big!"
return -1
try:
m_list = [2, 3, 5, 7]
ct_list = [bytes_to_long(_encrypt(long_to_bytes(m_list[i]**2))) for i in range(limit)]
ct_list2 = [bytes_to_long(_encrypt(long_to_bytes(m_list[i]))) for i in range(limit)]
assert len(ct_list) == len(ct_list2)
mod_list = [(ct_list2[i]**2 - ct_list[i]) for i in range(limit)]
_gcd = mod_list[0]
for i in mod_list:
_gcd = GCD(_gcd, i)
return _gcd
except Exception as es:
print "[+] Exception: ", es
return -1
r = process("./run.sh")
N = extractmod_eunknown(_encrypt, 4)
print "N: ", N
assert N != -1
r.sendline("2")
r.recvuntil("modulus: ")
r.sendline(str(N))
print r.recvline().strip()