Member-only story
THM - Flip
A writeup for the room Flip on TryHackMe
Hey, do a flip!
Footprinting
The source code of the application is provided and you can see that it is written in Python.
The application is a socket server listening on port 1337 that can be interacted with using tools like netcat.
The only thing that can be noticed is that the application is built around the AES implementation using CBC mode with block size 16.
Whenever we try to log in with fake credentials, we get a valid ciphertext that can be used to reconstruct the relative plaintext.
Next, we are asked to enter a new ciphertext to be used for authentication.
Since we have a known plaintext with AES CBC, the application is vulnerable to bit flipping.
Flag
Bit flipping attack
In the CBC mode of operation, decryption is done by xoring the previous ciphertext block with the current decrypted one.
