maas - Web Challenge

# maas - Web Challenge Based on the source code provided, we see that the web has a few basic functions as follows: allows users to create their own account, has the function to allow login to the newly created account and will display a flag. for `admin user`. The admin user will be created first when the site starts running ![](https://i.imgur.com/jBkWVpl.png) Registration with an existing account is not allowed, the cookie is set to the SHA256 of the password, use this cookie field to identify the user and store information such as the user's username, uuid ![](https://i.imgur.com/6q8J44V.png) The login function seems a bit strange, because it does not need to care about the username but only the password, does not check if the user exists or not and only SHA256 encrypts the password that has just been sent to set for cookie field. ![](https://i.imgur.com/2EC7tIj.png) Besides, there is a function to list users, and we can see their uuid. ![](https://i.imgur.com/CJ8BIWS.png) Finally, only the admin can read the flag =) ![](https://i.imgur.com/xNvBUUx.png) Based on our analysis we somehow managed to get the exact time at the start of the admin user account creation via the uuid field, but how? The first way we tried to brute-force was by seeding the time to find the uuid that matched the admin's uuid. But after a while, nothing changed, and realized that ![](https://i.imgur.com/S0lIvuV.png) The `uuid.uuid1()` function is generated depending only on the hostId and the current time, so using the `brute-force` attack is completely impossible. Because `uuid.uuid1()` is not affected by `random.seed()` We then found [a post](https://versprite.com/blog/universally-unique-identifiers/) talking about this UUID1, and as shown below ![](https://i.imgur.com/6ECQeb3.png) This `uuid1()` function is strongly discouraged, as an attacker can take advantage of the UUID generated from this `uuid1()` function to find the exact time of birth. The formula calculated by the UUID1 function is based on the figure below: ![](https://i.imgur.com/oaJ4RV4.png) The code to find the generated time is as follows: ```python import time, datetime, random, uuid u = uuid.UUID('9b680d66-07f1-11ed-b789-3623a06e2560', version=1) // admin uuid t = datetime.datetime.fromtimestamp((u.time - 0x01b21dd213814000)*100/1e9) sec = int(time.mktime(t.timetuple())) print(sec) ``` ![](https://i.imgur.com/hj6cfeF.png) Here we can find the time of creation as an integer, but when it is randomly generated, the server uses 2 more digits in the decimal part. So the problem here, is simply we brute-force those decimal places, and seed the time we just found and create a password dictionary. ```python import time, datetime, random, uuid sec = 1658296979 for i in range(0, 100): s = "" if len(str(i)) == 1: s = str(sec) + f".0{str(i)}" else: s = str(sec) + f".{str(i)}" random.seed(float(s)) password = "".join([random.choice("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") for _ in range(30)]) print(password) ``` ![](https://i.imgur.com/o82HpmZ.png) Finally, use Burp Intruder to check the admin's cookie through SHA256 encryption of the password you just found. ![](https://i.imgur.com/qcj7bNG.png) > FLAG: ictf{d0nt_use_uuid1_and_please_generate_passw0rds_securely_192bfa4d}