Machine Synopsis

KryptOS is an insane difficulty Linux box which requires knowledge of how cryptographic algorithms work. A login page is found to be vulnerable to PDO injection, and can be hijacked to gain access to the encrypting page. The page uses RC4 to encrypt files, which can be subjected to a known plaintext attack. This can be used to abuse a SQL injection in an internal web application to dump code into a file, and execute it to gain a shell. A Vimcrypt file is found, which uses a broken algorithm and can be decrypted. A vulnerable python app running on the local host is found using a weak RNG (Random Number Generator) which can be brute forced to gain RCE via the eval function.