Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

CS-370-nilsstreedain/ctr-attack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CTR Attacks

CTR Attack I

Please proceed to the ctr-attack folder.

You will be exploiting the weakness of CBC to inject a range of malicious behaviors into a user's data.

Your first job is to create a user data (which is a compromised copy of the encrypted.user) that has set uid field to 12345 (super-awesome). Your need to edit the template.py file (sections marked as XXX); running this file will create three user data flag1.user, flag2.user and flag3.user. Once you have a compromised flag1.user file, you are ready to run launcher. Provide your flag1.user to the launcher and choose the option number 1. If you're correct, you will have the flag.

Good luck.

CTR Attack II

Proceed to the ctr-attack folder.

You will be exploiting the weakness of CBC to inject a range of malicious behaviors into a user's data.

Your first job is to create a user data (which is a compromised copy of the encrypted.user) that has set is_admin field to 31337 (admin). Your need to edit the template.py file (sections marked as XXX); running this file will create three user data flag1.user, flag2.user and flag3.user. Once you have a compromised flag2.user file, you are ready to run launcher. Provide your flag2.user to the launcher and choose the option number 2. If you're correct, you will have the flag.

Good luck.

CTR Attack III

Please proceed to the ctr-attack folder.

You will be exploiting the weakness of CBC to inject a range of malicious behaviors into a user's data.

Your first job is to create a user data (which is a compromised copy of the encrypted.user) that has modify boring to superb (indeed). Your need to edit the template.py file (sections marked as XXX); running this file will create three user data flag1.user, flag2.user and flag3.user. Once you have a compromised flag3.user file, you are ready to run launcher. Provide your flag3.user to the launcher and choose the option number 3. If you're correct, you will have the flag.

Good luck.