forensicsfreeeasy

Protocol Analysis 2: Liar

metactf

Task: a PDF-defined HTTP POST protocol has Bob release the flag if he receives a specific plaintext sequence ending with the sender name charlie. Solution: create a fresh model 2 session, impersonate Charlie by changing the name field in the posted message, and read the flag from Bob's response.

$ ls tags/ techniques/
http_postprotocol_analysisalice_and_bobunauthenticated_protocolimpersonation
unauthenticated_protocol_abusesender_impersonationprotocol_replay

Protocol Analysis 2: Liar — metactf

Description

All protocol messages are HTTP POST requests to https://protocols.live.

Alice sends: "Hello", B, "this is", A, "give me the flag"

Bob expects to recv: "Hello", B, "this is", C, "give me the flag"

Bob then sends: "here it is", [FLAG]

English summary: the challenge gives a scripted message flow for a live HTTP-based protocol. Bob releases the flag if he receives the right plaintext sequence and the sender name is charlie, but the protocol never authenticates who actually sent the request.

Analysis

The key flaw is trust in a user-controlled identity field. Alice's scripted request uses n:alice, while Bob's acceptance logic expects the same message except for n:charlie.

Because every protocol action is just an HTTP POST to https://protocols.live, the attacker can submit arbitrary content directly to Bob. There is no signature, shared secret, session binding to a real participant, or any other proof that the sender is actually Charlie. Bob only checks the plaintext fields, so impersonation is enough.

The winning payload is:

t:Hello|n:bob|t:this is|n:charlie|t:give me the flag

Submitting that to /bob in a fresh /model/2 session returns:

{"content":"t:here it is|t:DawgCTF{CH4NG3_0F_PL4N5}"}

Solution

...

🔒

Permission denied (requires auth)

Sign in to read this free writeup

This writeup is free — just sign in with GitHub to read it.

$ssh [email protected]