Type your comment> @C136Rick said:
Kryptos retired and I didn’t get user,stuck at the encrypt part.
Thanks for @limbernie & @n1b1ru.I request,both of you response.But I couldn’t solve it eventually.Well,I’m C136Rick,not @0xRick (you know what I mean) :p.
And Thanks @no0ne & @Adamm for making it,I like it.Here is what I did.Just copied the MySQL response to the program by analyzing captured network data of MySQL using Wireshark.When that request’s parameter(db) was set and done in burp,ran the program and I got 302,which means it worked.
import socket import logging logging.basicConfig(level=logging.DEBUG) if __name__ == '__main__': sock = socket.socket() sock.bind(("0.0.0.0", 3306)) sock.listen(5) con, addr = sock.accept() logging.info('Connnect from: %r', addr) # Wireshark Info: Server Greeting proto=10 version=5.5.53 con.sendall("\x4a\x00\x00\x00\x0a\x35\x2e\x35\x2e\x35\x33\x00\x17\x00\x00\x00\x6e\x7a\x3b\x54\x76\x73\x61\x6a\x00\xff\xf7\x21\x02\x00\x0f\x80\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x70\x76\x21\x3d\x50\x5c\x5a\x32\x2a\x7a\x49\x3f\x00\x6d\x79\x73\x71\x6c\x5f\x6e\x61\x74\x69\x76\x65\x5f\x70\x61\x73\x73\x77\x6f\x72\x64\x00") con.recv(2048) logging.info("Wireshark Info: Login Request user=dbuser db=cryptor") # Wireshark Info: Response OK con.sendall("\x07\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00") con.recv(2048) logging.info("Wireshark Info: Request Query") # Wireshark Info: Response. con.sendall("\x01\x00\x00\x01\x02\x37\x00\x00\x02\x03\x64\x65\x66\x07\x63\x72\x79\x70\x74\x6f\x72\x05\x75\x73\x65\x72\x73\x05\x75\x73\x65\x72\x73\x08\x75\x73\x65\x72\x6e\x61\x6d\x65\x08\x75\x73\x65\x72\x6e\x61\x6d\x65\x0c\x21\x00\x96\x00\x00\x00\xfd\x01\x10\x00\x00\x00\x37\x00\x00\x03\x03\x64\x65\x66\x07\x63\x72\x79\x70\x74\x6f\x72\x05\x75\x73\x65\x72\x73\x05\x75\x73\x65\x72\x73\x08\x70\x61\x73\x73\x77\x6f\x72\x64\x08\x70\x61\x73\x73\x77\x6f\x72\x64\x0c\x21\x00\x96\x00\x00\x00\xfd\x01\x10\x00\x00\x00\x05\x00\x00\x04\xfe\x00\x00\x22\x00\x0e\x00\x00\x05\x06\x64\x62\x75\x73\x65\x72\x06\x64\x62\x75\x73\x65\x72\x05\x00\x00\x06\xfe\x00\x00\x22\x00") con.recv(2048) logging.info("Wireshark Info: Request Quit") logging.info("done!") con.close()
ohhh