Flip Discussion [WRITE-UP]

TryHackMe
1

Let’s talk about Flip.

2

Initial Setup

  1. Connect to the Server
    Use a connection method to access the TCP server running on port 1337. Prepare to handle messages and responses.

  2. Username and Password Submission
    First, submit the username bdmin&password=sUp3rPaSs1\r\n and then provide \r\n as the password. This will facilitate the next steps.

Leakage and Cipher Manipulation

  1. Receive Leaked Ciphertext
    Watch for the server’s response. Extract and store the leaked ciphertext from the output.

  2. Understand the Cipher Modification
    Determine the value of C_0_0. This is computed as ord('a') ^ ord('b'). It’s crucial for the bit-flipping attack.

  3. Modify the Leaked Ciphertext
    Change the first byte of the leaked ciphertext. Use the previously computed C_0_0 value to create a modified_cipher.

Final Submission

  1. Submit the Modified Ciphertext
    Send the modified_cipher concatenated with \r\n to the server.

  2. Retrieve the Flag
    Analyze the server’s response after sending the modified cipher. You should receive the flag.

  3. Close Connection
    Cleanly terminate the connection to the server after obtaining the flag.