Stage/bug-bounty-reports
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

edit rapport.md

Browse Source
This commit is contained in:
Mateo
2024-07-31 15:33:52 +02:00
parent ab4cbf4f61
commit 691d4dfb3b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rapport.md
View File

@@ -47,7 +47,7 @@ You need to edit the following fields in the HTTP request before starting the at
{"username":"<username>", "data":"<encrypted user's password>"}
```
6. Finally, we want to decrypt the passwords. After investigating the handlers.Login function in the binary, we understand that the encryption used is simple Caesar Code with an offset of 4.
6. Finally, we want to decrypt the passwords. After investigating the handlers.Login function in the binary, we understand that the encryption used is simple Caesar Code with an offset of 4.
![Cesar Function](images/cesar-function.png) ![Cesar Offset](/images/cesar-offset.png)
Cesar code is a symetrical algorithm. That means we can easily decrypt the passwords using any [Cesar decryption tool](https://www.dcode.fr/chiffre-cesar).
We should find the password we used on step 4 as well as any other password.