Official RAuth Discussion

Official discussion thread for RAuth. Please do not post any spoilers or big hints.

Interesting

Anyone can give me a nudge? I don’t really see how the instance provided to us comes to play. I reversed/analysed the given bin and found the fake flag, but I’m not sure how to proceed.

Take a look at the encryption algorithm (it is there with the name). Debug a little bit for correct data (key, nonce, encrypted data, etc).

How can we ‘post’ into the given instance? It just displays ‘invalid password’ but it won’t let me enter any password either.

Never mind, found it.

I already found an input string that gets the program print “Successfully Authenticated”. However, the string is not in the hackthebox flag format and it is not accepted by the website. Also, the fake flag does not work. So I am a little bit lost at the moment.

Alright, figured out. I have to connect a remote server and input the flag there

Anyone willing to provide some advice on this one? I’ve found the initialization of the crypto context, but I’m also somewhat stuck… the key is 33 bytes long; the algo requires 16/32 byte keys. The last byte is 0, but it’s not a null byte, it’s x30 :expressionless:

Type your comment> @xusheng said:

Alright, figured out. I have to connect a remote server and input the flag there

■■■ man i also find the right password and fake flag but i cannot go any further
what do you men by connecting a remote server
connecting through the executable rauth? or some ssh-ing using hackthebox?

@xusheng said:
Alright, figured out. I have to connect a remote server and input the flag there

ok i have found that i need to start an instance on the challenges web page.
but i dont get how to send the password to that ip:port ? Using burpsuite or directly from address bar?

ok found it

Can I get some help for this? I’m having trouble decrypting.