Created
April 7, 2024 06:17
-
-
Save MillerMedia/182ad1e743564761e8ec712ac5e7dc50 to your computer and use it in GitHub Desktop.
Task 3 - Scripting Room (TryHackMe; https://tryhackme.com/r/room/scripting)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import logging | |
import re | |
from cryptography.hazmat.primitives.ciphers.aead import AESGCM | |
import hashlib | |
# Configure logging | |
logging.basicConfig(level=logging.INFO) | |
# Server details | |
server_ip = '10.10.249.75' | |
server_port = 4000 | |
logging.info("Creating UDP socket...") | |
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) | |
# Send initial 'hello' message | |
initial_message = b'hello' | |
logging.info(f"Sending initial message '{initial_message.decode()}' to {server_ip}:{server_port}...") | |
sock.sendto(initial_message, (server_ip, server_port)) | |
# Receive server's initial response | |
initial_response, server = sock.recvfrom(1024) | |
logging.info(f"Server initial response: {initial_response.decode()}") | |
# Send 'ready' message if instructed | |
if b"send a packet with the payload ready" in initial_response: | |
ready_message = b'ready' | |
logging.info(f"Sending '{ready_message.decode()}' as instructed by the server...") | |
sock.sendto(ready_message, (server_ip, server_port)) | |
# After sending 'ready', parse the initial message to extract key and IV | |
encrypted_data, server = sock.recvfrom(4096) # Receive the server's message that includes key and IV | |
checksum_hex = encrypted_data[104:136].hex() | |
key_pattern = b"key:([a-zA-Z0-9]+)" | |
iv_pattern = b"iv:([a-zA-Z0-9]+)" | |
key_match = re.search(key_pattern, encrypted_data) | |
iv_match = re.search(iv_pattern, encrypted_data) | |
print(f"{encrypted_data}") | |
if key_match and iv_match: | |
key_hex = key_match.group(1) | |
iv_hex = iv_match.group(1) | |
logging.info(f"Extracted key: {key_hex}") | |
logging.info(f"Extracted IV: {iv_hex}") | |
logging.info(f"Extracted checksum: {checksum_hex}") | |
while True: | |
# Send 'final' as instructed to receive the encrypted message and tag | |
final_message = b'final' | |
logging.info(f"Sending '{final_message.decode()}' to request the encrypted message and tag...") | |
sock.sendto(final_message, (server_ip, server_port)) | |
# Receive the encrypted message | |
encrypted_message, server = sock.recvfrom(1024) | |
logging.info(f"Encrypted message received: {encrypted_message}.") | |
# Receive the tag | |
tag, server = sock.recvfrom(16) | |
logging.info(f"Tag received: {tag}.") | |
# Initialize AES GCM with the received key and IV | |
aesgcm = AESGCM(key_hex) | |
# Attempt to decrypt the data | |
try: | |
logging.info("Attempting decryption...") | |
decrypted_data = aesgcm.decrypt(iv_hex, encrypted_message + tag, None) | |
logging.info(f"Decrypted data: {decrypted_data.decode()}") | |
# Calculate and verify checksum | |
checksum = hashlib.sha256(decrypted_data).hexdigest() | |
if checksum == checksum_hex: | |
logging.info(f"Checksum match found. Decrypted message: {decrypted_data}") | |
break # Exit the loop on successful decryption and checksum match | |
else: | |
logging.info("Checksum does not match, trying the next message...") | |
except InvalidTag: | |
logging.error("Decryption failed due to an invalid tag. The tag might be intentionally corrupted.") | |
else: | |
logging.error("Failed to extract key and/or IV from the message.") | |
else: | |
logging.error("Unexpected response from the server, cannot proceed.") | |
# Close the socket | |
sock.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment