Cyber Security Writeups

AUTHY BlackHATMEA 2023 Walkthrough writeup

Volk_407Comments Off on AUTHY BlackHATMEA 2023 Walkthrough writeup

بسم الله الرحمن الرحيم

Introduction

Hey, folks with you volk in this writeup we are going to solve and explain Authy Challenge

Which Was in Black Hat MEA 2023 CTF

The difficulty of the challenge is easy and the challenge is a white box and written in Golang.

Analyzing the Source Code

Actually, at first, I was upset because the code was in Golang and I don’t know Golang,

I hadn’t even worked with it before but I decided to try step-by-step

reading the code with the help of Google.

According to the code, the challenge had 2 endpoints Login and Register.

After knowing that there are only 2 endpoints,

The first thing I decided to look at was what should I do to get the flag

I found that after i log in if my password is less than 6 chars i will get the flag 

The problem here is in the registration, Where if my password is less than 6 characters

it will not allow me to register an account

func Registration(c echo.Context) error {
	var user models.Users
	body, _ := io.ReadAll(c.Request().Body)
	err := json.Unmarshal(body, &user)
	if err != nil {
		return err
	}
	if len(user.Password) < 6 {
		log.Error("Password too short")
		resp := c.JSON(http.StatusConflict, helper.ErrorLog(http.StatusConflict, "Password too short", "EXT_REF"))
		return resp
	}

There’s something kinda new for me which is rune,

rune is used to count the password characters in the login

password := []rune(user.Password)

After searching on rune and trying to understand what does it do I found that:

A rune is a Unicode code point, which is a unique number that represents a character.

A string in Go is a sequence of bytes, and each byte can represent one or more runes.

For example : 

this word: P@ssö

this word contains the non-ASCII character ö. In Go, each non-ASCII character is represented by two

bytes.

Therefore, the length of the string P@ssö in bytes is 6, because it contains 3 characters,

each of which is represented by two bytes.

However, the length of the string P@ssö in runes is only 5, because each character in the string is a

single rune.

So:

Length of P@ssö in bytes: 6

Length of P@ssö in runes: 5

After a While i noticed that rune is not used in the Registration endpoint

and it is used in the login endpoint only so if i used P@ssö it will pass

because as we said it is 6 bytes so its not less than 6 

and in the same time when the length of the word is going to be calculated after login it will equal 5

then I will get the flag

Volk_407
My name is Moustafa I am a Penetration tester 💻 | Bug Hunter 🐛 | Video Editor 🎥 Acknowledgements: Marvel/TWDC | Pinterest | Picsart | Vanilla Certifications: eJPT | eWPTX | eMAPT | ICCA | CAP

Related Articles
Cyber Security Writeups

CTF Write-Up: Notey BlackHatMEA 2024

Volk_407

AUTHY Writeup, AUTHY is an easy web challenge in Black HatMEA 2023 Quals