This directory contains Capture The Flag (CTF) challenges focused on symmetric cryptography attacks, including block cipher vulnerabilities, stream cipher weaknesses, and implementation flaws. These challenges cover practical attack scenarios commonly encountered in penetration testing and cryptographic research.
A challenge involving time-based cryptographic vulnerabilities, possibly exploiting timestamp-based encryption or time-travel scenarios in cryptographic protocols.
A time-sensitive decryption challenge that requires quick analysis and exploitation of cryptographic weaknesses.
A straightforward decryption challenge focusing on breaking symmetric encryption to recover the flag.
A brute-force or exhaustive search challenge requiring systematic key recovery techniques.
A challenge requiring identification and exploitation of the encryption mode in a single attempt.
An advanced mode-guessing challenge with multiple opportunities but increased complexity.
Introduction to padding oracle attacks and related cryptographic oracle vulnerabilities.
Advanced padding oracle scenarios with additional protections to bypass.
Expert-level oracle attacks requiring sophisticated techniques and multiple attack vectors.
Master-level oracle challenges combining multiple advanced cryptographic attack methods.
Web security challenge involving cryptographic cookie forgery and session manipulation.
Advanced cookie forgery with additional security mechanisms to bypass.
JSON-based cookie forgery challenge involving structured data manipulation and cryptographic attacks.
Challenge involving encryption/decryption of large files, possibly exploiting block cipher properties or implementation flaws.
Extended message decryption challenge requiring analysis of long ciphertexts and pattern recognition.
Educational examples demonstrating the use of pwntools for cryptographic exploitation and CTF problem solving.
- ECB Mode Attacks: Pattern analysis and block manipulation
- CBC Bit-Flipping: Controlled ciphertext modification
- Padding Oracle Attacks: PKCS#7 padding vulnerabilities
- Meet-in-the-Middle: Attacks on double encryption
- Keystream Reuse: Many-time pad attacks
- Nonce Reuse: IV/nonce collision exploitation
- Related-Key Attacks: Exploiting key relationships
- Differential Cryptanalysis: Statistical attack methods
- Padding Oracles: Error-based information leakage
- Timing Oracles: Exploiting timing differences
- Error Oracles: Using error messages for cryptanalysis
- Length Oracles: Information from ciphertext length
- Session Token Forgery: Creating valid authentication tokens
- Cookie Manipulation: Bypassing authentication through cookie modification
- JSON Web Token (JWT) Attacks: Exploiting JWT implementation flaws
- CSRF Token Bypass: Cross-site request forgery through cryptographic weaknesses
Essential tools for these challenges:
pwntools- CTF exploitation frameworkpycryptodome- Comprehensive cryptographic libraryrequests- HTTP library for web-based challengesbinascii- Binary data manipulation- Custom oracle interaction scripts
- Automated attack tools and frameworks
- Reconnaissance: Identify the cryptographic system and parameters
- Vulnerability Assessment: Analyze potential weaknesses and attack vectors
- Exploitation: Implement and execute the appropriate attack
- Verification: Confirm successful attack and flag recovery
- Chosen Plaintext Attacks: Controlling input to analyze output patterns
- Chosen Ciphertext Attacks: Manipulating ciphertexts to extract information
- Known Plaintext Attacks: Leveraging known plaintext-ciphertext pairs
- Ciphertext-Only Attacks: Extracting information from ciphertext alone