overthewire - natas/bruteforce.go

     1  package main
     2  
     3  import (
     4  	"encoding/hex"
     5  	"net/http"
     6  	"strconv"
     7  	"strings"
     8  	"time"
     9  )
    10  
    11  type BruteForceString struct {
    12  	SetDataGrabber
    13  	Field, Prefix, Suffix, First, Wildcard string
    14  }
    15  
    16  func (s BruteForceString) Grab(r http.Request) string {
    17  	const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890"
    18  	var result, knownChars string
    19  
    20  	for _, c := range chars {
    21  		s.SetDataGrabber.SetKey(s.Field, Text{s.Prefix + s.Wildcard + string(c) + s.Wildcard + s.Suffix})
    22  		if s.SetDataGrabber.Grab(r) == "1" {
    23  			knownChars += string(c)
    24  		}
    25  	}
    26  Loop:
    27  	for {
    28  		for _, c := range knownChars {
    29  			s.SetDataGrabber.SetKey(s.Field, Text{s.Prefix + s.First + result + string(c) + s.Wildcard + s.Suffix})
    30  			if s.SetDataGrabber.Grab(r) == "1" {
    31  				result += string(c)
    32  				continue Loop
    33  			}
    34  		}
    35  		return result
    36  	}
    37  }
    38  
    39  type NotContain struct {
    40  	Grabber
    41  	NotMatch string
    42  }
    43  
    44  func (n NotContain) Grab(r http.Request) string {
    45  	if !strings.Contains(n.Grabber.Grab(r), n.NotMatch) {
    46  		return "1"
    47  	}
    48  	return "0"
    49  }
    50  
    51  type Contains struct {
    52  	Grabber
    53  	Match string
    54  }
    55  
    56  func (c Contains) Grab(r http.Request) string {
    57  	if strings.Contains(c.Grabber.Grab(r), c.Match) {
    58  		return "1"
    59  	}
    60  	return "0"
    61  }
    62  
    63  type TakesTime struct {
    64  	Grabber
    65  	time.Duration
    66  }
    67  
    68  func (t TakesTime) Grab(r http.Request) string {
    69  	start := time.Now()
    70  	t.Grabber.Grab(r)
    71  	if time.Now().Sub(start) > t.Duration {
    72  		return "1"
    73  	}
    74  	return "0"
    75  }
    76  
    77  type BruteForceRange struct {
    78  	SetDataGrabber
    79  	Range
    80  	Field, Prefix, Suffix string
    81  }
    82  
    83  func (b BruteForceRange) Grab(r http.Request) string {
    84  	for b.Range.Next() {
    85  		idStr := b.Range.ID()
    86  		b.SetDataGrabber.SetKey(b.Field, Text{b.Prefix + idStr + b.Suffix})
    87  		if b.SetDataGrabber.Grab(r) == "1" {
    88  			return idStr
    89  		}
    90  	}
    91  	panic("no cookie found")
    92  }
    93  
    94  type Range interface {
    95  	Next() bool
    96  	ID() string
    97  }
    98  
    99  type NumRange struct {
   100  	Start, End int
   101  }
   102  
   103  func (r *NumRange) Next() bool {
   104  	r.Start++
   105  	return r.Start <= r.End
   106  }
   107  
   108  func (r *NumRange) ID() string {
   109  	return strconv.Itoa(r.Start)
   110  }
   111  
   112  type RangeList []Range
   113  
   114  func (r *RangeList) Next() bool {
   115  	if len(*r) > 0 {
   116  		if !(*r)[0].Next() {
   117  			*r = (*r)[1:]
   118  			return len(*r) > 0
   119  		}
   120  		return true
   121  	}
   122  	return false
   123  }
   124  
   125  func (r *RangeList) ID() string {
   126  	return (*r)[0].ID()
   127  }
   128  
   129  type RangeSuffix struct {
   130  	Range
   131  	Suffix string
   132  }
   133  
   134  func (r RangeSuffix) ID() string {
   135  	return r.Range.ID() + r.Suffix
   136  }
   137  
   138  type RangeHex struct {
   139  	Range
   140  }
   141  
   142  func (r RangeHex) ID() string {
   143  	return hex.EncodeToString([]byte(r.Range.ID()))
   144  }
   145  
   146  type ECBBreaker struct {
   147  	Encrypter interface {
   148  		Grabber
   149  		SetKey(string, Grabber)
   150  	}
   151  	EncrypterField string
   152  	PlainText      string
   153  }
   154  
   155  func (e ECBBreaker) Grab(r http.Request) string {
   156  	e.Encrypter.SetKey(e.EncrypterField, Text{""})
   157  	initialLength := len(e.Encrypter.Grab(r))
   158  	i := 1
   159  	firstChange := -1
   160  	secondChange := -1
   161  	for {
   162  		e.Encrypter.SetKey(e.EncrypterField, Text{strings.Repeat("A", i)})
   163  		l := len(e.Encrypter.Grab(r))
   164  		if l != initialLength {
   165  			if firstChange == -1 {
   166  				initialLength = l
   167  				firstChange = l
   168  			} else {
   169  				secondChange = l
   170  				break
   171  			}
   172  		}
   173  		i++
   174  	}
   175  
   176  	blockSize := secondChange - firstChange
   177  
   178  	var offset, blockStart int
   179  	str := strings.Repeat("B", blockSize-1) + strings.Repeat("A", blockSize*2)
   180  
   181  Loop:
   182  	for i := 0; i < 16; i++ {
   183  		e.Encrypter.SetKey(e.EncrypterField, Text{str[15-i:]})
   184  		str := e.Encrypter.Grab(r)
   185  		last := ""
   186  		for j := 0; j < len(str); j += blockSize {
   187  			this := str[j : j+blockSize]
   188  			if this == last {
   189  				blockStart = (j / 16) - 1
   190  				offset = i
   191  				break Loop
   192  			}
   193  			last = this
   194  		}
   195  	}
   196  
   197  	e.Encrypter.SetKey(e.EncrypterField, Text{strings.Repeat("B", offset) + e.PlainText})
   198  	enc := e.Encrypter.Grab(r)
   199  
   200  	return enc[blockStart*blockSize:]
   201  }