Difficulty: easy
Category: crypto
Author: xnull
Description:
### Encrypted Session System
This web application stores your session data in an encrypted cookie. When you visit the site, you get a cookie that marks you as a regular user.
Only users with admin privileges can see the flag. The cookie is encrypted using AES encryption, but the implementation might have a weakness you can exploit.
**Goal:** Modify your encrypted session cookie to gain admin access and retrieve the flag.
Solution
import requests
from pwn import *
from rich import print
import re
URL = "https://a5b24fe0-4a84-462c-ad75-23f71647a996.ctf.endolum.io:1337"
def get_cookie(st):
"""
get cookie from page
"""
return requests.post(f"{URL}/register", data={"username": st}).json()["profile"]
def splits(s):
"""
split into strings of 16 bytes
"""
a = b64d(s)
parts = [a[x : x + 16] for x in range(0, len(a), 16)]
return parts
def pad(s):
"""
fake ecb padding
"""
todo = 16 - len(s)
return s + "\x0b" * todo
c = get_cookie(
# user=
"aaaaaaaaaaa" + # (=16)
# starts at a new block, pads the entire 16 bytes, so admin\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b
pad("admin") +
# dummy end, leaves us with [bbbbbbbbbbroole=] and [user]
"bbbbbbbbbb")
success(f"Got cookie: {c}")
parts = splits(c)
# parts[0]: user=aaaaaaaaaaa
# parts[2]: bbbbbbbbbbroole=
# parts[1]: admin
payload = b64e(parts[0] + parts[2] + parts[1])
success(f"Exploit payload: {b64e(parts[0] + parts[2] + parts[1])}")
solution = requests.get(URL+"/profile", cookies={"session": payload}).text
flag = re.search('<div class="flag">(.*)</div>', solution).group(1)
success(f"Got flag: {flag}")
# Output:
# [+] Got cookie: K6rUmoCQ75fiXWC4/F6KEFzYtEUHsKACRE/ZOHEf73RjXRVK1M9rZF7ThQRaUFf1ZATR/+z0i5hMIb1RFfoYvw==
# [+] Exploit payload: K6rUmoCQ75fiXWC4/F6KEGNdFUrUz2tkXtOFBFpQV/Vc2LRFB7CgAkRP2ThxH+90
# [+] Got flag: ENDLM{977e0ca98c4a5d9da30f60ad2227e68fcc07f53de436fb30}
Flag: ENDLM{977e0ca98c4a5d9da30f60ad2227e68fcc07f53de436fb30}