Hacking 3/12

PART 1
uname = “Mufasa”
password = “Circle Of Life”
realm = “testrealm@host.com
nonce=”dcd98b7102dd2f0e8b11d0f600bfb0c093″
uri=”/dir/index.html”
nc=”00000001″ # note this is a string
cnonce=”0a4f113b”
 
ha1 = hashlib.md5((uname+’:’+realm+’:’+password).encode(‘utf-8’)).hexdigest()
ha2 = hashlib.md5((‘GET:’+uri).encode(‘utf-8’)).hexdigest()
response = hashlib.md5((ha1+’:’+nonce+’:’+nc+’:’+cnonce+’:auth:’+ha2).encode(‘utf8’)).hexdigest()
print(response)
PART 2
from string import ascii_letters, digits
import itertools
import sys
 
for len in range(1,8):
    for letters in itertools.product(ascii_letters+digits, repeat=len):
        guess=”.join(letters)
        if happy_result(guess):
            print(‘Password found:’, guess)
            sys.exit()
print(‘Epic fail! Try harder next time.’)

How Big is Infinity Video

MD5 Collision Example

d131dd02c5e6eec4693d9a0698aff95c2fcab58712467eab4004583eb8fb7f8955ad340609f4b30283e488832571415a085125e8f7cdc99fd91dbdf280373c5bd8823e3156348f5bae6dacd436c919c6dd53e2b487da03fd02396306d248cda0e99f33420f577ee8ce54b67080a80d1ec69821bcb6a8839396f9652b6ff72a70

and

d131dd02c5e6eec4693d9a0698aff95c2fcab50712467eab4004583eb8fb7f89 55ad340609f4b30283e4888325f1415a085125e8f7cdc99fd91dbd7280373c5b d8823e3156348f5bae6dacd436c919c6dd53e23487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080280d1ec69821bcb6a8839396f965ab6ff72a70
produce an MD5 collision.

Each of these blocks has MD5 hash 79054025255fb1a26e4bc422aef54eb4.

RSA Encryption

woE7ewVfwoAzbwXCgC5iMyRvBTvCgGBiOy4=
public key: e=5, n=133
import random
import base64

'''
Euclid's algorithm to determine the greatest common divisor
'''
def gcd(a,b):
    while b != 0:
        c = a % b
        a = b
        b = c
    return a

def egcd(a, b):
    if a == 0:
        return (b, 0, 1)
    g, y, x = egcd(b%a,a)
    return (g, x - (b//a) * y, y)

def modinv(a, m):
    g, x, y = egcd(a, m)
    if g != 1:
        raise Exception('No modular inverse')
    return x%m

def encrypt(plaintext,keypair):
    e,n = keypair

    # Encrypt the plaintext
    cipher = ''.join([chr(pow(ord(char),e,n)) for char in plaintext])
    # Encode the ciphertext so it's more readable/sharable
    encoded = base64.b64encode(cipher.encode('utf-8'))
    return str(encoded,'utf-8')

def decrypt(ciphertext,keypair):
    d,n = keypair

    # Decode the text to the original format
    decoded = base64.b64decode(ciphertext).decode('utf-8')
    # Decrypt it
    plain = (str(chr(pow(ord(char),d,n))) for char in decoded)
    return ''.join(plain)

def generate_keypair(p,q,e=None):
    n = p * q

    #Phi is the totient of n
    phi = (p-1)*(q-1)

    #Choose an integer e such that e and phi(n) are coprime
    if e is None:
        e = random.randrange(1, phi)

    #Use Euclid's Algorithm to verify that e and phi(n) are comprime
    g = gcd(e, phi)
    while g != 1:
        e = random.randrange(1, phi)
        g = gcd(e, phi)

    #Now find the multiplicative inverse of e and phi to generate the private key
    d = modinv(e, phi)

    return ((e,n),(d,n))

#Only run this part if we're not running as an imported module
if __name__ == '__main__':
    p = int(input("Enter prime number p: "))
    q = int(input("Enter prime number q: "))

    public, private = generate_keypair(p,q)

    print("Your public key is the number pair of (e=" +  str(public[0]) + ", n=" + str(public[1]) +").\n")
    print("Your private key is the number pair of (d=" +  str(private[0]) + ", n=" + str(private[1]) +").\n")

    s = input("Enter your message: ")
    encrypted = encrypt(s,public)

    print("Encrypted message: " + encrypted)
    decrypted = decrypt(encrypted,private)
    print("Decrypt: " + decrypted)  

Telnet Demo

Enabling Telnet in Windows 10

telnet YOU WILL GET THE SERVER IN CLASS
EHLO totally.legit.server.com
MAIL FROM:<NAME@AURLIWILLGIVEYOU.com>
RCPT TO: <ONEOFOUREMAILS@gmail.com>
DATA
From: Da Boss <NAME@AURLIWILLGIVEYOU.com>
To: The Dude <ONEOFOUREMAILS@gmail.com>
Subject: Totally legit offer for The Dude
Hello Mr The Dude,
I would like to give you lots of free money. Please click this not
at all suspicious link to claim it:
Best,
Da Boss
Totally Legitimate Company, Inc.
.
QUIT