Comments (3)
For this example, and to make it look like a real attack/vulnerability, you could make it like a DB dump full of hashes and have 5 users with the same password, including the Admin. To make it easier, the admin password should be 123456.
This makes the exercise simple and manageable. You only need to notice the same hash on several users and know what are the most common passwords.
from damnvulnerablecryptoapp.
@AVBC-Sec sounds good.
We already have a similar scenario in the weak hashing challenge, a DB dump with some hashed credentials.
So I would recommend having a similar case but witha PHPmyadmin like system, where you can query some tables and eventually see the user hashes. Just to try to make it a little bit different.
Also the action to submit the solution to the challenge could be logging into that system as admin
from damnvulnerablecryptoapp.
Will not implement this for now...
Weak hashing doesn't use salt either, and as an easy and reliable challenge we should not use
from damnvulnerablecryptoapp.
Related Issues (20)
- Not able to access the App page on 'http://0.0.0.0:8081/' HOT 1
- Add loading animation when doing requests HOT 2
- IV detection challenge encryption not working
- Github action for new Release HOT 1
- Create Github action to update wiki automatically HOT 1
- Missing a back button
- CHALLENGE IDEAS HOT 1
- Bad support for small devices
- Improve block reordering docs
- Documentation for algorithm downgrade challenge
- Build on windows doesn't work
- Generate flags per installation
- Missing horizontal scroll in markdown code snippets HOT 1
- Improve Docs strucutre HOT 1
- [CHALLENGE] Timming Attack
- Tests fail on windows
- Separate text messages to a specific file
- add hints
- [CHALLENGE] - Hash Length Extension Attack HOT 1
- every time same issue HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from damnvulnerablecryptoapp.