Challenge example
Arbitrary token
Code source example
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import json
FLAG = ?
KEY = ?
def admin():
print("welcome admin")
print(f"Flag = {FLAG}")
def guest():
print("welcome guest")
def auth():
user = dict()
user["username"] = input("username : ")
user["password"] = input("password : ")
user["uid"] = int(user["username"] == "admin" and user["password"] == FLAG)
plaintext = json.dumps(user).encode()
padded = pad(plaintext, 16)
cipher = AES.new(KEY, AES.MODE_ECB)
try:
encrypted = cipher.encrypt(padded)
except ValueError as e:
return {"error": str(e)}
print(f"Here is your token : {encrypted.hex()}")
return user
def authToken():
token = input("Token : ")
token = bytes.fromhex(token)
cipher = AES.new(KEY, AES.MODE_ECB)
try:
plaintext = cipher.decrypt(token)
unpadded = unpad(plaintext, 16)
user = json.loads(unpadded)
except ValueError as e:
return {"error": str(e)}
return user
print("Welcome !")
print("Please login first.")
choice = input("How would you login ?\n1) Token\n2) Credentials\n\nChoice :")
if choice == "1":
user = authToken()
elif choice == "2":
user = auth()
else:
print("error... goodbye")
exit(0)
if "error" in user:
print(f"ERROR : {user['error']}")
exit(0)
elif user["uid"] == 1:
admin()
else:
guest()Exploitation
Exploitation Script
Exercice
Last updated