Please proceed to the ecb-attack folder.
You will be exploiting the weakness of ECB to inject a range of malicious behaviors into a user's data.
Your first job is to create a user data (which is a compromised copy of the encrypted.user) that has set uid field to 0 (root). Your job is to edit the template.py file (sections marked as XXX); running this file will create three user data flag1.user, flag2.user and flag3.user. Once you have a compromised flag1.user file, you are ready to run launcher. Provide your flag1.user to the launcher and choose the option number 1. If you're correct, you will have the flag.
Good luck.
Please proceed to the ecb-attack folder.
You will be exploiting the weakness of ECB to inject a range of malicious behaviors into a user's data.
Your first job is to create a user data (which is a compromised copy of the encrypted.user) that has set is_admin field to 1 (admin). Your job is to edit the template.py file (sections marked as XXX); running this file will create three user data flag1.user, flag2.user and flag3.user. Once you have a compromised flag2.user file, you are ready to run launcher. Provide your flag2.user to the launcher and choose the option number 2. If you're correct, you will have the flag.
Good luck.
Please proceed to the ecb-attack folder.
You will be exploiting the weakness of ECB to inject a range of malicious behaviors into a user's data.
Your first job is to create a user data (which is a compromised copy of the encrypted.user) that has set password field to any other password (your choice). Your job is to edit the template.py file (sections marked as XXX); running this file will create three user data flag1.user, flag2.user and flag3.user. Once you have a compromised flag3.user file, you are ready to run launcher. Provide your flag3.user to the launcher and choose the option number 3. If you're correct, you will have the flag.
Good luck.