CHALLENGE 1

Dear crypto-hackers,

I crashed my laptop and lost my access to the database where the encryption key of my backups is stored, can you help me to get it back ?
I know some checks are regularly done on the DB by a bot, maybe it can help…

Here is some code I got / start to code HESCryptoChall1.tar.gz (990bdaad61bbf9f2b397b296ac478ce6) :
- attacker.py : a MITM script, you should modify it to get my key.
- crypto.py and challenge1.py : sources of the database and the bot, they are configured to run locally.
- keys.py : example keys I’ve built, server ones are different.

Address of both the database and the bot is games.labs.overthewire.org (ports are the same than the ones in challenge1.py)
Please try your attack locally before flooding the server or your IP may be banned.

CHALLENGE 2

Dear crypto-hackers,

Sorry to bother you again but I’m in a big trouble.
I booked a room at hackryptotel to go to hackito in order to confirm your reservation and identity you have to send them a code that you get on their server with a python script and a certificate (hey it’s hackryptotel !).
Because I didn’t want to carry my certificate with me at hackito (there is a lot of bad guys there !) and because my code wasn’t in the hackryptotel database yet when I had to go so I coded a script that gets the code and e-mail it to my secure e-mail address.
Unfortunately, it seems that I’ve made a typo mistake while writing my e-mail address and I can’t confirm my reservation !

The good news are :
- my script use a server I control as a proxy so I can MitM the connexion.
- because sendmail fail, script is in an infinite loop and is still querying the hackryptotel database.

Maybe you’ll be able to find a flaw in the protocol and get my code (I really don’t think so, it seems really secure :/ ). Code is here HESCrypto2Chall.tar.gz (7b374ccf59b6225b0df6026bbe727da9)

The address of the MitM server is games.labs.overthewire.org (ports are the same than the ones in challenge.py)
Please try your attack locally before flooding the server or your IP may be banned .

If I find anything usefull, I’ll post details on twitter (@HackitoErgoSum)

CONTACT

If you have any question or problem don’t hesitate to contact me :
on weekdays : eloi.vanderbeken [{a}] oppida [{.}] fr
on weekend  : eloi.vanderbeken [{a}] gmail  [{.}] com

If you succeed, send your solution (recovered key and how you got it) to hes-cfp [{a}] lists.hackitoergosum [{.}] org