Find the vulnerability /g/! If correct, when CryptoAPI.sha1.hash(x)
You are currently reading a thread in /g/ - Technology
Find the vulnerability /g/!
If correct, when CryptoAPI.sha1.hash(x) is called, you should be able to run arbitrary code on the machine you're attacking. Assume that x is a value controlled by the attacker.1 var CryptoAPI = (function() {
2 var encoding = {
3 a2b: function(a) { },
4 b2a: function(b) { }
5 };
6
7 var API = {
8 sha1: {
9 name: 'sha1',
10 identifier: '2b0e03021a',
11 size: 20,
12 block: 64,
13 hash: function(s) {
14 var len = (s += '\x80').length,
15 blocks = len >> 6,
16 chunk = len & 63,
17 res = "",
18 i = 0,
19 j = 0,
20 H = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0],
21 w = [];
22
23 while (chunk++ != 56) {
24 s += "\x00";
25 if (chunk == 64) {
26 blocks++;
27 chunk = 0;
28 }
29 }
30
31 for (s += "\x00\x00\x00\x00", chunk = 3, len = 8 * (len - 1); chunk >= 0; chunk--) {
32 s += encoding.b2a(len >> (8 * chunk) & 255);
33 }
34
35 for (i = 0; i < s.length; i++) {
36 j = (j << 8) + encoding.a2b(s[i]);
37 if ((i & 3) == 3) {
38 w[(i >> 2) & 15] = j;
39 j = 0;
40 }
41 if ((i & 63) == 63) CryptoAPI.sha1._round(H, w);
42 }
43
44 for (i = 0; i < H.length; i++)
45 for (j = 3; j >= 0; j--)
46 res += encoding.b2a(H[i] >> (8 * j) & 255);
47 return res;
48 }, // End "hash"
49 _round: function(H, w) { }
50 } // End "sha1"
51 }; // End "API"
52
53 return API; // End body of anonymous function
54 })(); // End "CryptoAPI"
>JS
all of it
we're not here to do your homework
If this is your homework, you know more than the professors in our school and you should be proud of yourself.
I can't code but I'm gonna guess it has something to do with chunk not being defined before wrest of code is written.
>>53362735
You did it last night man
>>53362801
Nope
>>53362500
I'm not gonna secure your code for you when I get paid to do this shit.
>Assume that x is a value controlled by the attacker
What did you do with x? WHERE IS IT I DON'T SEE X.
>when CryptoAPI.sha1.hash(x) is called, you should be able to run arbitrary code on the machine you're attacking
That won't happen.
>>53362500
If I were to guess, and I've never worked with javascript, I would say it has something to do with 4 null terminators in a row(x7F character might help you).
What have you tried so far?
>>53364666
It actually can though, lol
>>53364954
Pls demonstrate, senpai
I found your classmate's solution online
the key to solution is 3EFUWXSG
>>53365576
Hahaha that's equivalent to Babbies first javascript injection and OP had to resort to the neckbeard legion to figure it out.
>>53365576
link?
>>53365576
U wot mate how does this work
>>53365576
That doesn't do shit other than the extra alert that was added to the script.
>>53362500
>JS
Found it.
>>53366009
ebin
>>53366009
>>53362714
It's funny because that actually turned out to be the answer.