description
pinkponyhash is a simple php web application that tests your cookie to see if you are in the pink_pony club or not. the overall goal of the ctf is the forge your own hash that passes the check. we are able to accomplish this with a SHA-1 length extension attack. there is a repo i found: hlextend which makes this attack trivial
source code
<!DOCTYPE html>
<?php
$secret = "testing_testing_123";
assert(strlen($secret) == 19);
//make a new cookie for the user
function make_cookie() {
global $secret;
$payload = "kitty_cat";
setcookie("token", base64_encode($payload) . "." . sha1($secret . $payload));
header("Location: /"); //reload page
exit(); //we're done
}
//if no cookie token, set it
if(!isset($_COOKIE["token"])) {
echo "no cookie, setting!\n";
make_cookie();
}
//if there is a cookie, parse it
echo "parsing cookie\n\n";
$parsed = explode(".", $_COOKIE["token"]);
//check sanity
if(count($parsed) !== 2) {
make_cookie();
}
//verify the hash is sane
//also make sure the payload is base64 encoded
$payload = base64_decode($parsed[0]);
$hash = $parsed[1];
if($payload === false) {
make_cookie();
}
if(sha1($secret . $payload) !== $hash) {
make_cookie();
}
//check if we're in the pink pony club
if(strstr($payload, "pink_pony")) {
$flag = "FFCTF{Th!\$_iS_4_Fl@g}";
echo "<h1>OMG A MEMBER OF THE PINK PONY CLUB?! HERES UR FLAG: $flag</h1>";
}else{
echo "<h1>sry we only give flags to members of the pink pony club, not $payload :c</h1>";
}
?>
writeup
solve.py
#!/usr/bin/env python3
from base64 import b64encode
import hlextend
import requests
import re
sha = hlextend.new("sha1")
payload = sha.extend(b"pink_pony", b"kitty_cat", 19, "8665c860a93878c794775cafcafeea6e9f05476a")
_hash = sha.hexdigest()
token = b64encode(payload) + b"." + _hash.encode()
print("token=" + token.decode())
url = "https://uscybercombine-s4-ffctf-pink-pony-hash.chals.io/"
cookies = {'token': token.decode()}
r = requests.get(url, cookies=cookies)
print(re.search(r"FFCTF\{.*\}", r.text).group())