■ ■ ■ ■ ■ ■
src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge26.java
| 1 | + | package org.owasp.wrongsecrets.challenges.docker; |
| 2 | + | |
| 3 | + | |
| 4 | + | import lombok.extern.slf4j.Slf4j; |
| 5 | + | import org.bouncycastle.util.encoders.Base64; |
| 6 | + | import org.owasp.wrongsecrets.RuntimeEnvironment; |
| 7 | + | import org.owasp.wrongsecrets.ScoreCard; |
| 8 | + | import org.owasp.wrongsecrets.challenges.Challenge; |
| 9 | + | import org.owasp.wrongsecrets.challenges.ChallengeTechnology; |
| 10 | + | import org.owasp.wrongsecrets.challenges.Spoiler; |
| 11 | + | import org.springframework.core.annotation.Order; |
| 12 | + | import org.springframework.stereotype.Component; |
| 13 | + | import org.springframework.beans.factory.annotation.Value; |
| 14 | + | |
| 15 | + | import javax.crypto.Cipher; |
| 16 | + | import javax.crypto.SecretKey; |
| 17 | + | import javax.crypto.spec.GCMParameterSpec; |
| 18 | + | import javax.crypto.spec.SecretKeySpec; |
| 19 | + | import java.nio.charset.StandardCharsets; |
| 20 | + | import java.security.spec.AlgorithmParameterSpec; |
| 21 | + | import java.util.List; |
| 22 | + | |
| 23 | + | @Slf4j |
| 24 | + | @Component |
| 25 | + | @Order(26) |
| 26 | + | public class Challenge26 extends Challenge { |
| 27 | + | private final String cipherText; |
| 28 | + | |
| 29 | + | public Challenge26(ScoreCard scoreCard, @Value("${challenge26ciphertext}") String cipherText) { |
| 30 | + | super(scoreCard); |
| 31 | + | this.cipherText = cipherText; |
| 32 | + | } |
| 33 | + | |
| 34 | + | @Override |
| 35 | + | public boolean canRunInCTFMode() { |
| 36 | + | return true; |
| 37 | + | } |
| 38 | + | |
| 39 | + | @Override |
| 40 | + | public Spoiler spoiler() { |
| 41 | + | return new Spoiler(quickDecrypt(cipherText)); |
| 42 | + | } |
| 43 | + | |
| 44 | + | @Override |
| 45 | + | public boolean answerCorrect(String answer) { |
| 46 | + | String correctString = quickDecrypt(cipherText); |
| 47 | + | return answer.equals(correctString); |
| 48 | + | } |
| 49 | + | |
| 50 | + | @Override |
| 51 | + | public List<RuntimeEnvironment.Environment> supportedRuntimeEnvironments() { |
| 52 | + | return List.of(RuntimeEnvironment.Environment.DOCKER); |
| 53 | + | } |
| 54 | + | |
| 55 | + | @Override |
| 56 | + | public int difficulty() { |
| 57 | + | return 2; |
| 58 | + | } |
| 59 | + | |
| 60 | + | @Override |
| 61 | + | public String getTech() { |
| 62 | + | return ChallengeTechnology.Tech.WEB3.id; |
| 63 | + | } |
| 64 | + | |
| 65 | + | @Override |
| 66 | + | public boolean isLimittedWhenOnlineHosted() { |
| 67 | + | return false; |
| 68 | + | } |
| 69 | + | |
| 70 | + | private String quickDecrypt(String cipherText) { |
| 71 | + | try { |
| 72 | + | final Cipher decryptor = Cipher.getInstance("AES/GCM/NoPadding"); |
| 73 | + | SecretKey decryptKey = new SecretKeySpec("thiszthekeytoday".getBytes(StandardCharsets.UTF_8), "AES"); |
| 74 | + | AlgorithmParameterSpec gcmIv = new GCMParameterSpec(128, Base64.decode(cipherText), 0, 12); |
| 75 | + | decryptor.init(Cipher.DECRYPT_MODE, decryptKey, gcmIv); |
| 76 | + | return new String(decryptor.doFinal(Base64.decode(cipherText), 12, Base64.decode(cipherText).length - 12)); |
| 77 | + | } catch (Exception e) { |
| 78 | + | log.warn("Exception with Challenge 26", e); |
| 79 | + | return ""; |
| 80 | + | } |
| 81 | + | } |
| 82 | + | } |
| 83 | + | |