[CodeEngn] Basic RCE – Level 13
http://codeengn.com/challenges/basic/13
Find the answer
Kiểm tra bằng PEiD thấy viết bằng .Net, dùng Reflector để mở:
[csharp]public class RijndaelSimple
{
// Methods
public static string Decrypt(string cipherText, string passPhrase, string saltValue, string hashAlgorithm, int passwordIterations, string initVector, int keySize)
{
byte[] bytes = Encoding.ASCII.GetBytes(initVector);
byte[] rgbSalt = Encoding.ASCII.GetBytes(saltValue);
byte[] buffer = Convert.FromBase64String(cipherText);
byte[] rgbKey = new PasswordDeriveBytes(passPhrase, rgbSalt, hashAlgorithm, passwordIterations).GetBytes(keySize / 8);
ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateDecryptor(rgbKey, bytes);
MemoryStream stream = new MemoryStream(buffer);
CryptoStream stream2 = new CryptoStream(stream, transform, CryptoStreamMode.Read);
byte[] buffer5 = new byte[buffer.Length];
int count = stream2.Read(buffer5, 0, buffer5.Length);
stream.Close();
stream2.Close();
return Encoding.UTF8.GetString(buffer5, 0, count);
}
public static string Encrypt(string plainText, string passPhrase, string saltValue, string hashAlgorithm, int passwordIterations, string initVector, int keySize)
{
byte[] bytes = Encoding.ASCII.GetBytes(initVector);
byte[] rgbSalt = Encoding.ASCII.GetBytes(saltValue);
byte[] buffer = Encoding.UTF8.GetBytes(plainText);
byte[] rgbKey = new PasswordDeriveBytes(passPhrase, rgbSalt, hashAlgorithm, passwordIterations).GetBytes(keySize / 8);
ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(rgbKey, bytes);
MemoryStream stream = new MemoryStream();
CryptoStream stream2 = new CryptoStream(stream, transform, CryptoStreamMode.Write);
stream2.Write(buffer, 0, buffer.Length);
stream2.FlushFinalBlock();
byte[] inArray = stream.ToArray();
stream.Close();
stream2.Close();
return Convert.ToBase64String(inArray);
}
}
public class RijndaelSimpleTest
{
// Methods
[STAThread]
private static void Main(string[] args)
{
string plainText = “”;
string cipherText = “BnCxGiN4aJDE+qUe2yIm8Q==”;
string passPhrase = “^F79ejk56$x00a3”;
string saltValue = “DHj47&*)$h”;
string hashAlgorithm = “MD5”;
int passwordIterations = 0x400;
string initVector = “&!x00a3$%^&*()CvHgE!”;
int keySize = 0x100;
RijndaelSimple.Encrypt(plainText, passPhrase, saltValue, hashAlgorithm, passwordIterations, initVector, keySize);
plainText = RijndaelSimple.Decrypt(cipherText, passPhrase, saltValue, hashAlgorithm, passwordIterations, initVector, keySize);
Label_0056:
Console.WriteLine(“Please enter the password: “);
if (Console.ReadLine() == plainText)
{
Console.WriteLine(“Well Done! You cracked it!”);
Console.ReadLine();
}
else
{
Console.WriteLine(“Bad Luck! Try again!”);
goto Label_0056;
}
}
}
[/csharp]
Dùng Visual Studio để chạy, thấy plainText = Leteminman.
→ flag = Leteminman.
![[CodeEngn] Basic RCE – Level 07](https://ctf.yeuchimse.com/wp-content/themes/hueman/assets/front/img/thumb-medium-empty.png)
Recent comments