ctf/open_pit
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change admin password and encryption key

Browse Source
This commit is contained in:
Manuel Vögele
2019-10-15 20:17:51 +02:00
parent 8875e75439
commit 452a07d593
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
break_script/automated_attack.py
View File

@@ -144,7 +144,7 @@ while len(key) < 16:
else:
break
encrypted_adminpw = bytes([0xe3, 0x07, 0x2e, 0x9f, 0x5b, 0xe8, 0xed, 0xd6, 0x02, 0xab, 0x89, 0xb8, 0xeb, 0x49, 0xcc, 0x56])
encrypted_adminpw = bytes([0x95, 0x22, 0x28, 0xf3, 0x90, 0xa6, 0x0b, 0xd2, 0x5d, 0x61, 0xdd, 0x1e, 0xdf, 0x39, 0x44, 0x7b])
aes = AES.new(bytes(key), AES.MODE_ECB)
adminpw = aes.decrypt(encrypted_adminpw)
remotes[0].send("login\nadmin\n")

2
key.txt
View File

@@ -1 +1 @@
A0 7C 3D 99 FA 00 02 46 97 33 73 50 31 7C D3 DC
8f 31 d2 39 c9 7f 5d 60 ac 29 91 ec 6b 8e df 54

2
main.cpp
View File

@@ -63,7 +63,7 @@ void login()
encrypted_password[i] = password[i];
}
AES::encrypt_ecb(encrypted_password, key);
uint8_t rootpw[16] = {0xe3, 0x07, 0x2e, 0x9f, 0x5b, 0xe8, 0xed, 0xd6, 0x02, 0xab, 0x89, 0xb8, 0xeb, 0x49, 0xcc, 0x56};
uint8_t rootpw[16] = {0x95, 0x22, 0x28, 0xf3, 0x90, 0xa6, 0x0b, 0xd2, 0x5d, 0x61, 0xdd, 0x1e, 0xdf, 0x39, 0x44, 0x7b};
for (int i = 0;i < 16;i++)
{
if (encrypted_password[i] != rootpw[i])