kudelskisecurity / cryptochallenge18

Kudelski Security's 2018 pre-Black Hat crypto challenge
36 stars 3 forks source link

How to access the API? #1

Open AnomalRoil opened 6 years ago

AnomalRoil commented 6 years ago

I still haven't understood how to access the API, help me please!

AnomalRoil commented 6 years ago

Here is an example of how to query the string we have to forge a signature for in the first challenge using curl:

curl -s https://cryptochall.ks.kgc.io/chall1/flag

Note the https, insecure connections are refused.

The same is possible using an API endpoint requiring POST data such as the sign one:

curl -s https://cryptochall.ks.kgc.io/chall1/sign -d '{"data":"some message"}'

While the two first challenges are probably doable using only curl, notice that using Python or any other scripting/programming language can greatly help you make your life easier.