Cryptohack - JWT Sessions [10 pts]

The Solution is shared considering CAN I SHARE MY SOLUTIONS? Problem The traditional way to store sessions is with session ID cookies. After you login to a website, a session object is created for you on the backend (the server), and your browser (the client) is given a cookie which identifies that object. As you make requests to the site, your browser automatically sends the session ID cookie to the backend server, which uses that ID to find your session in its own memory and thus authorise you to perform actions....

February 3, 2021 · 2 min · Aditya Telange

Cryptohack - Network Attacks [5 pts]

The Solution is shared considering CAN I SHARE MY SOLUTIONS? Problem Several of the challenges are dynamic and require you to talk to our challenge servers over the network. This allows you to perform man-in-the-middle attacks on people trying to communicate, or directly attack a vulnerable service. To keep things consistent, our interactive servers always send and receive JSON objects. Python makes such network communication easy with the telnetlib module....

February 3, 2021 · 1 min · Aditya Telange

Cryptohack - Token Appreciation [5 pts]

The Solution is shared considering CAN I SHARE MY SOLUTIONS? Problem JavaScript Object Signing and Encryption (JOSE) is a framework specifying ways to securely transmit information on the internet. It’s most well-known for JSON Web Tokens (JWTs), which are used to authorise yourself on a website or application. JWTs typically do this by storing your “login session” in your browser after you have authenticated yourself by entering your username and password....

February 3, 2021 · 2 min · Aditya Telange