We forgot our credentials, help us to get the flag.
On connecting to the server, we are presented with a prompt like this:
We implemented a really cool AES-encryption for our login, however in the process we forgot the username and password to the admin account.
Out of the two ciphertexts given, the first halves of each are the same. Hence, this is an indication that perhaps the first halves are a common IV value and the second halves are the encryptions of the plaintexts using AES in CBC mode. In CBC mode, the first block of plaintext is obtained by decrypting the first ciphertext block and XORing it with the IV value. Since only one block is present here, by changing the IV value sent for decryption, we could change the decrypted plaintext to anything we want. For example, for the username, assuming
user is a
bytearray containing the AES encryption of
"user:c?i", we could turn it into a valid encryption of
"user:csi" by doing
user ^= ord('?') ^ ord('s'), and similarly for the password. Submitting these new values gives us the flag.