Please proceed to the ctr-attack
folder.
You will be exploiting the weakness of CBC to inject a range of malicious behaviors into a user's data.
Your first job is to create a user data (which is a compromised copy of the encrypted.user
) that has set uid
field to 12345 (super-awesome). Your need to edit the template.py
file (sections marked as XXX
); running this file will create three user data flag1.user
, flag2.user
and flag3.user
. Once you have a compromised flag1.user
file, you are ready to run launcher
. Provide your flag1.user
to the launcher and choose the option number 1. If you're correct, you will have the flag.
Good luck.
Proceed to the ctr-attack
folder.
You will be exploiting the weakness of CBC to inject a range of malicious behaviors into a user's data.
Your first job is to create a user data (which is a compromised copy of the encrypted.user
) that has set is_admin
field to 31337 (admin). Your need to edit the template.py
file (sections marked as XXX
); running this file will create three user data flag1.user
, flag2.user
and flag3.user
. Once you have a compromised flag2.user
file, you are ready to run launcher
. Provide your flag2.user
to the launcher and choose the option number 2. If you're correct, you will have the flag.
Good luck.
Please proceed to the ctr-attack
folder.
You will be exploiting the weakness of CBC to inject a range of malicious behaviors into a user's data.
Your first job is to create a user data (which is a compromised copy of the encrypted.user
) that has modify boring
to superb (indeed). Your need to edit the template.py
file (sections marked as XXX
); running this file will create three user data flag1.user
, flag2.user
and flag3.user
. Once you have a compromised flag3.user
file, you are ready to run launcher
. Provide your flag3.user
to the launcher and choose the option number 3. If you're correct, you will have the flag.
Good luck.