VulnTLS is a series of CTF challenges. The series implements several vulnerabilities. Most of the vulnerabilities were already present in common TLS implementations. The series provides a basic understanding of TLS and typical implementation vulnerabilities, with a focus on cryptography.
In this repository there are different setups to exploit the different vulnerabilities. For this it uses the vulnerable implementation, which has its own branch in the AnotherTLS repository.
The vulnerabilities are marked with there difficulty (EASY, HARD, EXTREME). The evaluation is of course subjective and designed for a bachelor student.
Psychic signatures (EASY)
Bypass the client certificate authentication! Run the challenge.
cargo run --bin psychic_signatures
Timing issues (HARD)
Get the private key of the server! Run the challenge.
cargo run --bin timing_issues
Decrypt the captured connection! See challenge for more.