-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathchallenge31.py
More file actions
54 lines (50 loc) · 1.89 KB
/
challenge31.py
File metadata and controls
54 lines (50 loc) · 1.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/usr/bin/env python3
# Implement and break HMAC-SHA1 with an artificial timing leak
import requests
import time
hexdigits = '0123456789abcdef'
# --------------------------------------------------------
# ---------------------- functions -----------------------
# --------------------------------------------------------
def attack(URL, filename, tolerance = 0.01):
signature = ""
start_time = time.time()
requests.get(url = URL, params={'file':filename, 'signature': signature + 'a'})
end_time = time.time()
last_time = end_time - start_time
while True:
for c in hexdigits:
# create new signature
payload = signature + c + (40-1-len(signature))*'_'
PARAMS = {
'file': filename,
'signature': payload
}
# time attack
start_time = time.time()
r = requests.get(url = URL, params=PARAMS)
end_time = time.time()
execution_time = end_time - start_time
print(f"Attempting: {payload}")
# break if status code 200
if r.status_code == 200:
print(f"Found signature! : {signature}")
return payload
# time tolerance in seconds
if execution_time > last_time + tolerance:
signature += c
print(f"{signature = }")
last_time = execution_time
break
# --------------------------------------------------------
# ------------------------- main -------------------------
# --------------------------------------------------------
def main():
URL = 'http://localhost:8888/test'
filename = "flag.txt"
timer_start = time.time()
attack(URL, filename, tolerance = 0.005)
solve_time = time.time() - timer_start
print(f"solved in {solve_time:.0f} seconds")
if __name__ == "__main__":
main()