Skip to content Skip to navigation

MD5 (crypto 100)

Category: 

Classic Hash Length Extension Attack.

Is is doing like wrote here and here.

The easiest way to perfofm hash-length-extension attack is using HashPump.

Download it, build it and then write a little script to bruteforce secret's length and find the flag:

#!/usr/bin/python
from subprocess import *
import commands
import socket

def horosho(s):
	i = s.find('\\x')
	res = s[0:i]
	while i != -1:
		n = int(s[i+2:i+4], 16)
		res += chr(n)
		s = s[i + 4:]
		i = s.find('\\x')
	res += s
	return res



digest = 'b34c39b9e83f0e965cf392831b3d71b8'
data = '\'do test connection\''
addData = 'give'
length = 5

for length in xrange(1, 257, 1):
	print length
	args = '-s ' + digest + ' --data ' + data + ' -a ' + addData + ' -k ' + str(length) + ' > file'
	output = commands.getstatusoutput('./hashpump ' + args)
	payload = open('file', 'rb').read()
	payload = payload[:-1]
	payload = payload[0:32] + ' ' + payload[33:]
	payload = horosho(payload)
	s = socket.create_connection(('python27.quals.ructf.org', 12337))
	s.send(payload)
	answer = s.recv(1000)
	print answer
	if answer.find('Wrong signature') == -1:
		break

And when right length of the secret is found we get this:

15

 

Message accepted! The answer is RUCTF_CryptoIsFunAndEasy