[CodeEngn] Basic RCE – Level 13
http://codeengn.com/challenges/basic/13
Find the answer
Kiểm tra bằng PEiD thấy viết bằng .Net, dùng Reflector để mở:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
public class RijndaelSimple { // Methods public static string Decrypt(string cipherText, string passPhrase, string saltValue, string hashAlgorithm, int passwordIterations, string initVector, int keySize) { byte[] bytes = Encoding.ASCII.GetBytes(initVector); byte[] rgbSalt = Encoding.ASCII.GetBytes(saltValue); byte[] buffer = Convert.FromBase64String(cipherText); byte[] rgbKey = new PasswordDeriveBytes(passPhrase, rgbSalt, hashAlgorithm, passwordIterations).GetBytes(keySize / 8); ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateDecryptor(rgbKey, bytes); MemoryStream stream = new MemoryStream(buffer); CryptoStream stream2 = new CryptoStream(stream, transform, CryptoStreamMode.Read); byte[] buffer5 = new byte[buffer.Length]; int count = stream2.Read(buffer5, 0, buffer5.Length); stream.Close(); stream2.Close(); return Encoding.UTF8.GetString(buffer5, 0, count); } public static string Encrypt(string plainText, string passPhrase, string saltValue, string hashAlgorithm, int passwordIterations, string initVector, int keySize) { byte[] bytes = Encoding.ASCII.GetBytes(initVector); byte[] rgbSalt = Encoding.ASCII.GetBytes(saltValue); byte[] buffer = Encoding.UTF8.GetBytes(plainText); byte[] rgbKey = new PasswordDeriveBytes(passPhrase, rgbSalt, hashAlgorithm, passwordIterations).GetBytes(keySize / 8); ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(rgbKey, bytes); MemoryStream stream = new MemoryStream(); CryptoStream stream2 = new CryptoStream(stream, transform, CryptoStreamMode.Write); stream2.Write(buffer, 0, buffer.Length); stream2.FlushFinalBlock(); byte[] inArray = stream.ToArray(); stream.Close(); stream2.Close(); return Convert.ToBase64String(inArray); } } public class RijndaelSimpleTest { // Methods [STAThread] private static void Main(string[] args) { string plainText = ""; string cipherText = "BnCxGiN4aJDE+qUe2yIm8Q=="; string passPhrase = "^F79ejk56$x00a3"; string saltValue = "DHj47&*)$h"; string hashAlgorithm = "MD5"; int passwordIterations = 0x400; string initVector = "&!x00a3$%^&*()CvHgE!"; int keySize = 0x100; RijndaelSimple.Encrypt(plainText, passPhrase, saltValue, hashAlgorithm, passwordIterations, initVector, keySize); plainText = RijndaelSimple.Decrypt(cipherText, passPhrase, saltValue, hashAlgorithm, passwordIterations, initVector, keySize); Label_0056: Console.WriteLine("Please enter the password: "); if (Console.ReadLine() == plainText) { Console.WriteLine("Well Done! You cracked it!"); Console.ReadLine(); } else { Console.WriteLine("Bad Luck! Try again!"); goto Label_0056; } } } |
Dùng Visual Studio để chạy, thấy plainText = Leteminman.
→ flag = Leteminman.
![[CodeEngn] Basic RCE – Level 14](https://ctf.yeuchimse.com/wp-content/themes/hueman/assets/front/img/thumb-medium-empty.png)
Recent comments