Homework 3 (10 points)
Please submit your report to secprog at cyber dot ee by May 10th 2024, 23:59 (EEST) .
Description
Your friend is the lead developer of a new startup. They were tasked to develop a lightweight file encryption tool. As it needed to be delivered fast, your friend decided to use a open-source python GUI and implement their own super strong encryption.
As your friend is really confident in their crypto skills, they asked you to try to obtain the super secret flag found in super-safe-encryption.zip.
Your goal is to leverage the knowledge found in files not-important.txt, encrypted.encr and super-safe-encryption.zip and reverse-engineer the provided functionality to obtain the encrypted flag in super-safeXX.encr. The flag format is: flag{uniqueFlagText}.
Expected output
A formal report, that
- shortly summarizes, which approaches you tried (what worked and what did not);
- describes the methodology and tools that you used;
- provides a Proof-of-Concept (PoC) for obtaining the unique flag from super-safeXX.encr, this can be a set of steps, screenshots or a PoC script with explanations. We need to be sure that you understand the vulnerabilities that you exploit. In this part, it is mandatory to feature screenshots from your actual penetration testing process;
- describes any other vulnerabilities or bad coding practices that you discovered during the process and that are relevant to the application.
Use the report template as a basis (download from here), you can write the report with whatever you prefer, but you will need to submit a PDF!
Usage
- Unzip the application files;
- Install dependencies with
pip install -r requirements.txt - Run the application with
python3 Encrypt.py