Thoughts, writeups, and experiments in cybersecurity and coding
The challenge involves a network service that encrypts data using a combination of RSA and AES-CBC. It reveals vulnerabilities primarily in the AES layer, allowing for a Padding Oracle Attack. An exploit script successfully decrypts the ciphertext and retrieves the flag: ENO{Y4y_a_f4ctor1ng_0rac13}.
Category: Cryptography Difficulty: Medium 1. Challenge Overview The challenge provides a Python script and a remote service. Upon connecting, the server encrypts a hidden flag using a custom scheme and then acts as an oracle, allowing us to encrypt any hex-encoded message of our choice. The core of the encryption lies in a linear transformation … Read more
Category: Crypto / Reverse Difficulty: Easy/Medium 1. Challenge Overview Upon connecting to the server, I was greeted with two integers. Looking at the provided source code, chall.py, I saw that the program takes a secret flag, converts it into a large integer, and then passes it through a function called reduce(a, f) using a random … Read more
We made an encryption service. We forgot to make the decryption though.\As compensation we are giving free encrypted flags. The service allows users to submit plaintexts, which are then encrypted using AES-CBC with a user-supplied key. As a bonus, the flag is appended to the plaintext and encrypted as well. Provided Files enc.py run.sh Vulnerability … Read more