-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathchallenge32.py
More file actions
56 lines (53 loc) · 1.97 KB
/
challenge32.py
File metadata and controls
56 lines (53 loc) · 1.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/env python3
# Break HMAC-SHA1 with a slightly less artificial timing leak
import requests
import time
hexdigits = '0123456789abcdef'
# --------------------------------------------------------
# ---------------------- functions -----------------------
# --------------------------------------------------------
def attack(URL, filename, tolerance = 0.01):
signature = ""
start_time = time.time()
requests.get(url = URL, params={'file':filename, 'signature': signature + 'a'})
end_time = time.time()
last_time = end_time - start_time
counter = 0
while True:
for c in hexdigits:
# create new signature
payload = signature + c + (40-1-len(signature))*'_'
PARAMS = {
'file': filename,
'signature': payload
}
# time attack
start_time = time.time()
r = requests.get(url = URL, params=PARAMS)
end_time = time.time()
execution_time = end_time - start_time
if counter > len(hexdigits)*3:
signature = signature[:-1]
counter = 0
last_time = execution_time - tolerance
print(f"Attempting: {payload}")
counter += 1
# break if status code 200
if r.status_code == 200:
print(f"Found signature! : {signature}")
return payload
# time tolerance in seconds
if execution_time > last_time + tolerance:
counter = 0
signature += c
print(f"{signature = }")
last_time = execution_time
# --------------------------------------------------------
# ------------------------- main -------------------------
# --------------------------------------------------------
def main():
URL = 'http://localhost:8888/test'
filename = "flag.txt"
attack(URL, filename, tolerance = 0.0025)
if __name__ == "__main__":
main()