Broken challenge response handshake

user has to authenticate to get the flag
user does not have the shared secret
broken: first the backend authenticates for a user supplied challenge

Deployment

docker build --rm -t challenge-response .
docker run --name cr1 -p 2023:2023 challenge-response

Exploit

python exploit.py

Solution

create connection 1: send garbage challenge (we don't neet it)
get challenge to authenticate to get the flag (connection 1)
create connection 2 and ask the backend for the valid response for the challenge we have to solve

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
app.py		app.py
docker-compose.yaml		docker-compose.yaml
exploit.py		exploit.py
flag.txt		flag.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gitignore

.gitignore

Dockerfile

Dockerfile

README.md

README.md

app.py

app.py

docker-compose.yaml

docker-compose.yaml

exploit.py

exploit.py

flag.txt

flag.txt

Repository files navigation

Broken challenge response handshake

Deployment

Exploit

Solution

About

Releases

Packages

Languages

kmille/broken-challenge-response

Folders and files

Latest commit

History

Repository files navigation

Broken challenge response handshake

Deployment

Exploit

Solution

About

Topics

Resources

Stars

Watchers

Forks

Languages