Tags: web
Rating:
### writeup by p4w @ beerPWN sec-team
# BSidesSF 2019 CTF
## Mixer crypto-web level 150pti
Let's start login with some creds.
As we cen see the response include a cookie "user" witch is the one we need to focus on.
Just use this cookie and see what we get back
So, my guess is:
the cookie is encrypted with AES ECB mode, and if it is that's BAD!!! ;)
In order to understand well the nex part you probably need to know some basics about ECB mode.
Since I'm not a crypto guy I suggest you to google for some good material about AES and ECB mode encryption.
Here you can just get an idea on how that works Block cipher.
Let's start modify user cookie at random position by just flipping one byte, in order to verify if the assumption is correct.
As we can see the guess about AES ECB is probably correct, by flipping one byte we change the encrypted payload that now is no more a valid json.
Also we can see that the cookie is something like AES(json), where the json payload is:
### {"first_name":"paw","last_name":"paww","is_admin":0}
To get the flag we now need to modify the json payload to be something like this:
### {"first_name":"paw","last_name":"paww","is_admin":1}
First approach that i try was to just fuzz on the byte witch is responsible to encode the "0", but that doesn't work properly. Also as the challnge say we need to have an exact match with 1.
So i start thinking a little bit ddeper on this and it comes in my mind that if i can control an entire block of the encoded cookie with something that will be equivalent to 1, then i can reply the entire block between the
"is_admin":and the
0part.
If we can obtain this situation then we should become admin and get the flag.
So let's give some details about wot is going on:
the lenght of
{"first_name":"A
To found the righ position notice that lenght of
{"first_name":"A1.00000000000000","last_name":"paww","is_admin": And here we get our flag :)
I also write a simple python script to automate the exploit.
Check it here.
