Description This challenge has been taken from http://aes.cryptohack.org/passwords_as_keys/. The FLAG has been encoded with the AES cipher in ECB mode using as key an hash of a predictable word (a bad password). The website gives us an API through which we can get the encoded flag and it’s also shown where the word has been drawn. Here’s the code: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 from Crypto.

Description A bad implementation of the AES in CBC mode choosed the key as the IV (Initialization Vector) parameter, since it was considered not important to reach the scope. What we have is a python script which encodes every string you insert from stdin and the goal is to find the key e.i. the flag. Exploit 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 #!