In this challenge we can input username and password, then the server return an encrypted string of {username}-{password}-{cookie}
in which the cookie
is not known.
Since CBC
is used, each 32 word in encrypted string is encrypted by last block and 16 word in original string.
So let's enter "A"*16
as username, and enter different password, the first 32 word of the encrypted data is the same.
So we can brute-force the cookie through trying each bit of cookie.
Case A:
Username = "-"*13 + x
Password = ""
So String = "-"*15 + x
Case B:
Username = "-"*13
Password = ""
So String = "-"*15 + cookie
We can change x
and compare first, second, third... 32 bit.
Write a simple script to exploit it:
you_will_never_guess_this_sugar_honey_salt_cookie
Calculate PW
through hashlib.sha256("admin"+"you_will_never_guess_this_sugar_honey_salt_cookie").hexdigest()
Input username admin
and password to get the flag.