URL: http://badmedicine.shallweplayaga.me:8042
Type: cookie tampering
Solution: who wants oatmeal raisin anyways twumpAdby
- if we set
username
to phoenix, we obtain:success!
logged in as phoenix
the key is only for the admin - if we set
username
to admin, we obtain:admin login disabled
Let’s inspect HTTP headers :
POST /login HTTP/1.1 Host: badmedicine.shallweplayaga.me Content-Type: application/x-www-form-urlencoded Content-Length: 12 username=CTF -------------------------------------------------------------------- HTTP/1.1 303 See Other Date: Mon, 17 Jun 2013 13:44:10 GMT Location: /welcome Set-Cookie: username=2bf80e Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8
/login
seems to encrypt the submited username and then redirect to /welcome
.
If username is ‘admin’, cookie is not set…
Let’s try more usernames and look at the generated cookies to see if we can guess the encryption scheme (spaces inserted in cookie value for readability):
Username | Cookie | Username | Cookie | |
---|---|---|---|---|
aaaaa |
09 cd 29 94 af |
adaaa |
09 c8 29 94 af |
|
admaa |
09 c8 25 94 af |
admia |
09 c8 25 9c af |
|
admin0 |
09 c8 25 9c a0 1e |
admin1 |
09 c8 25 9c a0 1f |
So each username’s char is encrypted depending on his place, and cookie value is the resulting hex form. Last line tells us that admin
cookie value should be 09c8259ca0
. Now, to obtain the challenge key, we just have to call /welcome
page with this cookie:
GET /welcome HTTP/1.1 Host: badmedicine.shallweplayaga.me Cookie: username=09c8259ca0 -------------------------------------------------------------------- HTTP/1.1 200 OK Date: Mon, 17 Jun 2013 14:21:55 GMT Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 f4 <!DOCTYPE html> <html> <head> <title>badmedicine</title> </head> <body> <h1>badmedicine</h1> <h2>success!</h2> <p>logged in as admin</p> <p>The key is: who wants oatmeal raisin anyways twumpAdby </p> </body> </html>
Going further
Analysing deeper the encryption scheme, it seems that it is based on a XOR with an infinite cipher bytestream (maybe a random stream with a given seed):
Username | Cookie | Username ^ Cookie |
---|---|---|
aaaaaaaaaaaaaa |
09cd2994af4f8644331c87d81da2 |
68ac48f5ce2ee725527de6b97cc3 |
DEFCON2013_CTF |
2ce90eb68160d515634eb9fa2885 |
68ac48f5ce2ee725527de6b97cc3 |
routards_rulez |
1ac33d81af5c83560d0f93d519b9 |
68ac48f5ce2ee725527de6b97cc3 |
So admin cookie would be 68ac48f5ce ^ "admin" = 09c8259ca0