 Hey YouTube video right up for the challenge ghost protocol from codefest ttf 2018 It says Alice locked a flag behind a server which files an authentication protocol given here We're given some source code and the netcat command to connect to the remote service The source code is just a simple pipe on script Server side dot pi download it set it up in sublime text. It has this this package This library this module that's using called hide message Some redacted lines of code here, whatever generate random looks like it is using a random Module, okay, maybe that is probably included somehow maybe imported either through hide message or one of these removed lines Puts together some random lines send and receive functions that are again redacted handle client connection Looks like it is just okay explaining the interaction when you connect to the service and it will strip out name and nuns I'm assuming or now it's nuns for a value that should not be used more than once so Given a value that's generated randomly and a nuns. That's encrypted supposedly You will be able to be determined as to whether or not you are authorized and then it will give you a flag if you actually are Authorized so looks like it will just go ahead and hide message somewhere this handle client connection is called blah blah blah So let's go ahead and interact with it. Let's create just a simple connect dot sh script Quick one-liner just to netcat to the service quick and easy. Let's go ahead and mark that as connect Executable tell me your name in secret. Let's just call it John wins and then it gives us the nuns value here Or I'm sorry the vowel that's displayed. You can check it out in the code It will send out on the socket vowel with the space and the encrypted version with our nuns included So Val is peculiar because that is actually if you checked out the randomly generated Information so since our nuns is given and included with our encrypted portion that It opens up a door for us to take advantage of the fact that our nuns Is kind of included in because if we have the potential like nothing is stopping us from simply Connecting to this service one more time and taking advantage of that nuns value So I have a top screen and a bottom screen Top can be number one connection and bottom screen can be number two connection So if I connect and on both here, let's connect tell me your name in secret Gonna remove some of those random characters there Let's do John wins or please sub one more time if I give this Val given here use that as the nuns for the second connection Let's say or actually suppose just the yeah the starting portion here because that is the That is the nuns that it receives check out the sublime text name and nuns. Okay, so that should actually be the second Let's just say sub and then the nuns Supplied here now we're given a different encrypted value However, it's using the nuns that we had previously retrieved from the first connection So if I give this connection the encrypted version from Number two if I give the number one connection at the encrypted value from number two It should give me the flag in which case it does because I have been authenticated again using that nuns and putting it together So that is the flag that we're gonna end up using we could script this if we particularly wanted to but I think this is just fine as a simple Okay Do this one by hand? No big deal. Let's go ahead and save this flag and then we don't need this bottom script anymore Let's go ahead and mark this challenge as complete and we are good to move on So interesting thing if you do see a service that uses a nuns take advantage of the fact that you can connect to that service multiple times and then use it as like a signing service where you have Something else signed and prove to the server that you are Authenticated by taking advantage of that the sign that it has already given you hopefully that's not too confusing Quick shout-out to the people that support me on patreon Thank you guys so much one dollar a month or more on patreon I'll give you a special shout-out just like this at the end of your video five dollars or more on patreon I'll give you early access to all the videos that I create and before they go live on YouTube if you did like this video Please do like comment and subscribe join our discord server link in the description It's a cool community of CTF players programmers and hackers you can hang out with me and other awesome people We'll be playing I CTF knock CTF and a bunch of others as the Capital flag competitions on roll throughout the year. It's awesome team Hey, I would love to see you guys on patreon. I'd love to see you in the next video. Thanks