Protocol Analysis 1: Can You Hear Me?
metactf
Task: a protocol manual describes a simple Alice/Bob exchange where Alice asks Bob for the flag and both sides receive exact plaintext messages. Solution: create a session, relay Alice's first message to Bob unchanged, and read the returned flag because the protocol has no authentication or confidentiality.
$ ls tags/ techniques/
Protocol Analysis 1: Can You Hear Me? — metactf
Description
Alice sends: "Hello", B, "this is", A, "give me the flag" Bob receives the exact same message Bob sends: "here it is", [FLAG] Alice receives the exact same message
English summary: the challenge provides a simple scripted protocol and a live service. The protocol is completely plaintext and unauthenticated, so the attacker can just relay Alice's request to Bob and read the flag from Bob's reply.
Analysis
The PDF manual for challenge 1 already gives away the core weakness: there is no cryptography, no authentication, and no message integrity. The only required behavior is that Bob receives the exact message Alice sent, and Alice then receives Bob's exact response.
After creating a protocol instance on https://protocols.live/model/1, sending an empty message to Alice returns her first scripted payload:
t:Hello|n:bob|t:this is|n:alice|t:give me the flag
This format is still plaintext; it is just tokenized. Since the service lets us relay arbitrary content between the endpoints, we do not need to break anything. We only need to forward Alice's message to Bob unchanged.
Bob then responds with the flag in the same plaintext format:
t:here it is|t:DawgCTF{PR0T0C0LS_R_3ZPZ}
So the vulnerability is a trivial relay attack against an unauthenticated plaintext protocol.
Solution
...
Permission denied (requires auth)
Sign in to read this free writeup
This writeup is free — just sign in with GitHub to read it.
$ssh [email protected]