Cryptography Done Wrong
Modern crypto is safe by default. Until it isn't.
Chapter 09 of the roadmap. Work through each walkthrough below, or browse every topic.
-
Chaining SQL Injection and Weak MD5 Hashing to Compromise the Admin Account
Exploiting a database leak combined with weak MD5 password hashing to gain admin access.
-
Insecure Randomness: recovering a gift card code from its timestamp
OopsSec Store derives gift card codes from a linear congruential generator seeded with the card's creation timestamp. The timestamp is exposed to the buyer with millisecond precision, which is all you need to reproduce the code and redeem the card from a different account.
-
Padding oracle attack: forging encrypted share tokens
A padding oracle in OopsSec Store's share feature leaks whether decryption produced valid PKCS#7 padding. That's enough to forge a token for an internal report and grab the flag.