DamnVulnerableCryptoApp - An App With Really Insecure Crypto

2020-10-13T11:30:00

Description

[![](https://1.bp.blogspot.com/-kEGZGTdlccc/X4Nm461vgrI/AAAAAAAAUAg/XevC-r0Lj-IfxkvIjMRolVKq80fq1hWoACNcBGAsYHQ/w640-h494/DamnVulnerableCryptoApp_1_logo.png)](<https://1.bp.blogspot.com/-kEGZGTdlccc/X4Nm461vgrI/AAAAAAAAUAg/XevC-r0Lj-IfxkvIjMRolVKq80fq1hWoACNcBGAsYHQ/s2048/DamnVulnerableCryptoApp_1_logo.png>) **Why?** If you try to learn a little bit more about crypto, either because you want to know how the attacks work or just because you want to do safe code, you end up diving really fast into the math behind the algorithms, and for a lot of people this is a NO. **This project was created with some key points in mind:** * Real world examples of the [crypto](<https://www.kitploit.com/search/label/Crypto> "crypto" ) attack vectors * No need to write code to exploit a [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> "vulnerability" ) that you are still trying to understand * No challenge without a solution * Dead simple documentation. No complex math, no complex formulas. Good old english * A common place to test different attack vectors * Make easy for everyone to understand crypto, attacks and preventions. * Go straight to the point, the challenges are no brain teasers, just a scenario with a crypto vuln. **Build** (Make sure you have [node](<https://www.kitploit.com/search/label/Node> "node" ) installed) npm run build-with-deps Or if you already have the dependencies installed you can just run: npm run build If you cloned the repo and are having issues in the test phase, it may be due to the line endings. Force [linux](<https://www.kitploit.com/search/label/Linux> "linux" ) like line endings in git with: Change git config to use LF intead of CRLF git config --global core.eol lf git config --global core.autocrlf input **Run** npm run start You can change the port with an environment variable: PORT=4000 npm run start **Docker** **From DockerHub** You can download the latest docker image with: docker pull damnvulnerablecryptoapp1/damnvulnerablecryptoapp **Build** If you prefer to build the docker image yourself run: npm build:docker **Run** By default port 8081 is being exported, So you can map it to your own port: docker run -p 8081:8081 <IMAGE_ID> **Developing** If you want to to develop new features, or just run without building the app you can start by installing dependencies with: npm run install-deps Then you need to run independently the frontend and the backend apps. **Backend** cd backend yarn start If you want to change the default port (1234), you can use an environment variable: PORT=5000 yarn start **Frontend** cd frontend yarn start if you want to change the frontend port (default is 4000) you can set an environment variable: PORT=3000 yarn start If you changed the server port you need to specify it when booting the frontend, again, as an environment variable: REACT_APP_SERVER_PORT=5000 yarn start **Documentation** You can find project's documentation on [github wiki](<https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/wiki> "github wiki" ) **Some other nice projects crypto related** * [Crypton](<https://github.com/ashutosh1206/Crypton> "Crypton" ) * [RSACtfTool](<https://github.com/Ganapati/RsaCtfTool> "RSACtfTool" ) * [CryptoHack](<http://cryptohack.org/> "CryptoHack" ) * [Cryptopals](<https://cryptopals.com/> "Cryptopals" ) * [MysteryTwister C3](<https://www.mysterytwisterc3.org/en/> "MysteryTwister C3" ) **License** DamnVulnerableCryptoApp is [MIT](<https://tldrlegal.com/license/mit-license> "MIT" ) licensed **Screenshots** [![](https://1.bp.blogspot.com/-JjAvgTBJYLA/X4NnEwpTwJI/AAAAAAAAUAw/-Wg81sS8V3wW7rdroOU9XLMl88qPZl1QACNcBGAsYHQ/w640-h324/DamnVulnerableCryptoApp_9_1.png)](<https://1.bp.blogspot.com/-JjAvgTBJYLA/X4NnEwpTwJI/AAAAAAAAUAw/-Wg81sS8V3wW7rdroOU9XLMl88qPZl1QACNcBGAsYHQ/s1903/DamnVulnerableCryptoApp_9_1.png>) [![](https://1.bp.blogspot.com/-KV4qhm0F6Cw/X4NnERjJ-pI/AAAAAAAAUAk/KuYDL-11-tUxSYC-u9LoK8IDeuvgCBUMQCNcBGAsYHQ/w640-h326/DamnVulnerableCryptoApp_10_2.png)](<https://1.bp.blogspot.com/-KV4qhm0F6Cw/X4NnERjJ-pI/AAAAAAAAUAk/KuYDL-11-tUxSYC-u9LoK8IDeuvgCBUMQCNcBGAsYHQ/s1901/DamnVulnerableCryptoApp_10_2.png>) [![](https://1.bp.blogspot.com/-C9otOW-c69s/X4NnEQRt7HI/AAAAAAAAUAs/y3NG_Suh1-0a1DgYP8L5jFgyTWzEd64fwCNcBGAsYHQ/w640-h324/DamnVulnerableCryptoApp_11_3.png)](<https://1.bp.blogspot.com/-C9otOW-c69s/X4NnEQRt7HI/AAAAAAAAUAs/y3NG_Suh1-0a1DgYP8L5jFgyTWzEd64fwCNcBGAsYHQ/s1898/DamnVulnerableCryptoApp_11_3.png>) [![](https://1.bp.blogspot.com/-0mM4bgD_lnY/X4NnEVjqvtI/AAAAAAAAUAo/P8kG9XbZkLwAoLEDTa7n-eXmFYkhlZBGwCNcBGAsYHQ/w640-h324/DamnVulnerableCryptoApp_12_4.png)](<https://1.bp.blogspot.com/-0mM4bgD_lnY/X4NnEVjqvtI/AAAAAAAAUAo/P8kG9XbZkLwAoLEDTa7n-eXmFYkhlZBGwCNcBGAsYHQ/s1897/DamnVulnerableCryptoApp_12_4.png>) **[Download DamnVulnerableCryptoApp](<https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/> "Download DamnVulnerableCryptoApp" )**

{"id": "KITPLOIT:7331902613349127836", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "DamnVulnerableCryptoApp - An App With Really Insecure Crypto", "description": "[![](https://1.bp.blogspot.com/-kEGZGTdlccc/X4Nm461vgrI/AAAAAAAAUAg/XevC-r0Lj-IfxkvIjMRolVKq80fq1hWoACNcBGAsYHQ/w640-h494/DamnVulnerableCryptoApp_1_logo.png)](<https://1.bp.blogspot.com/-kEGZGTdlccc/X4Nm461vgrI/AAAAAAAAUAg/XevC-r0Lj-IfxkvIjMRolVKq80fq1hWoACNcBGAsYHQ/s2048/DamnVulnerableCryptoApp_1_logo.png>)\n\n \n\n\n**Why?** \n\n\nIf you try to learn a little bit more about crypto, either because you want to know how the attacks work or just because you want to do safe code, you end up diving really fast into the math behind the algorithms, and for a lot of people this is a NO.\n\n**This project was created with some key points in mind:**\n\n * Real world examples of the [crypto](<https://www.kitploit.com/search/label/Crypto> \"crypto\" ) attack vectors\n * No need to write code to exploit a [vulnerability](<https://www.kitploit.com/search/label/Vulnerability> \"vulnerability\" ) that you are still trying to understand\n * No challenge without a solution\n * Dead simple documentation. No complex math, no complex formulas. Good old english\n * A common place to test different attack vectors\n * Make easy for everyone to understand crypto, attacks and preventions.\n * Go straight to the point, the challenges are no brain teasers, just a scenario with a crypto vuln.\n\n \n\n\n**Build** \n\n\n(Make sure you have [node](<https://www.kitploit.com/search/label/Node> \"node\" ) installed)\n \n \n npm run build-with-deps \n \n\nOr if you already have the dependencies installed you can just run:\n \n \n npm run build \n \n\nIf you cloned the repo and are having issues in the test phase, it may be due to the line endings. Force [linux](<https://www.kitploit.com/search/label/Linux> \"linux\" ) like line endings in git with:\n\nChange git config to use LF intead of CRLF\n \n \n git config --global core.eol lf \n git config --global core.autocrlf input \n \n\n \n**Run** \n\n \n \n npm run start \n \n\nYou can change the port with an environment variable:\n \n \n PORT=4000 npm run start \n \n\n \n**Docker** \n \n**From DockerHub** \n\n\nYou can download the latest docker image with:\n \n \n docker pull damnvulnerablecryptoapp1/damnvulnerablecryptoapp \n \n\n \n**Build** \n\n\nIf you prefer to build the docker image yourself run:\n \n \n npm build:docker \n \n\n \n**Run** \n\n\nBy default port 8081 is being exported, So you can map it to your own port:\n \n \n docker run -p 8081:8081 <IMAGE_ID> \n \n\n \n**Developing** \n\n\nIf you want to to develop new features, or just run without building the app you can start by installing dependencies with:\n \n \n npm run install-deps \n \n\nThen you need to run independently the frontend and the backend apps.\n\n \n**Backend** \n\n \n \n cd backend \n yarn start \n \n\nIf you want to change the default port (1234), you can use an environment variable:\n \n \n PORT=5000 yarn start \n \n\n \n**Frontend** \n\n \n \n cd frontend \n yarn start \n \n\nif you want to change the frontend port (default is 4000) you can set an environment variable:\n \n \n PORT=3000 yarn start \n \n\nIf you changed the server port you need to specify it when booting the frontend, again, as an environment variable:\n \n \n REACT_APP_SERVER_PORT=5000 yarn start \n \n\n \n**Documentation** \n\n\nYou can find project's documentation on [github wiki](<https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/wiki> \"github wiki\" )\n\n \n**Some other nice projects crypto related** \n\n\n * [Crypton](<https://github.com/ashutosh1206/Crypton> \"Crypton\" )\n * [RSACtfTool](<https://github.com/Ganapati/RsaCtfTool> \"RSACtfTool\" )\n * [CryptoHack](<http://cryptohack.org/> \"CryptoHack\" )\n * [Cryptopals](<https://cryptopals.com/> \"Cryptopals\" )\n * [MysteryTwister C3](<https://www.mysterytwisterc3.org/en/> \"MysteryTwister C3\" )\n \n**License** \n\n\nDamnVulnerableCryptoApp is [MIT](<https://tldrlegal.com/license/mit-license> \"MIT\" ) licensed\n\n \n**Screenshots** \n\n\n \n\n\n[![](https://1.bp.blogspot.com/-JjAvgTBJYLA/X4NnEwpTwJI/AAAAAAAAUAw/-Wg81sS8V3wW7rdroOU9XLMl88qPZl1QACNcBGAsYHQ/w640-h324/DamnVulnerableCryptoApp_9_1.png)](<https://1.bp.blogspot.com/-JjAvgTBJYLA/X4NnEwpTwJI/AAAAAAAAUAw/-Wg81sS8V3wW7rdroOU9XLMl88qPZl1QACNcBGAsYHQ/s1903/DamnVulnerableCryptoApp_9_1.png>)\n\n \n\n\n[![](https://1.bp.blogspot.com/-KV4qhm0F6Cw/X4NnERjJ-pI/AAAAAAAAUAk/KuYDL-11-tUxSYC-u9LoK8IDeuvgCBUMQCNcBGAsYHQ/w640-h326/DamnVulnerableCryptoApp_10_2.png)](<https://1.bp.blogspot.com/-KV4qhm0F6Cw/X4NnERjJ-pI/AAAAAAAAUAk/KuYDL-11-tUxSYC-u9LoK8IDeuvgCBUMQCNcBGAsYHQ/s1901/DamnVulnerableCryptoApp_10_2.png>)\n\n \n\n\n[![](https://1.bp.blogspot.com/-C9otOW-c69s/X4NnEQRt7HI/AAAAAAAAUAs/y3NG_Suh1-0a1DgYP8L5jFgyTWzEd64fwCNcBGAsYHQ/w640-h324/DamnVulnerableCryptoApp_11_3.png)](<https://1.bp.blogspot.com/-C9otOW-c69s/X4NnEQRt7HI/AAAAAAAAUAs/y3NG_Suh1-0a1DgYP8L5jFgyTWzEd64fwCNcBGAsYHQ/s1898/DamnVulnerableCryptoApp_11_3.png>)\n\n \n\n\n[![](https://1.bp.blogspot.com/-0mM4bgD_lnY/X4NnEVjqvtI/AAAAAAAAUAo/P8kG9XbZkLwAoLEDTa7n-eXmFYkhlZBGwCNcBGAsYHQ/w640-h324/DamnVulnerableCryptoApp_12_4.png)](<https://1.bp.blogspot.com/-0mM4bgD_lnY/X4NnEVjqvtI/AAAAAAAAUAo/P8kG9XbZkLwAoLEDTa7n-eXmFYkhlZBGwCNcBGAsYHQ/s1897/DamnVulnerableCryptoApp_12_4.png>)\n\n \n\n\n \n\n\n**[Download DamnVulnerableCryptoApp](<https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/> \"Download DamnVulnerableCryptoApp\" )**\n", "published": "2020-10-13T11:30:00", "modified": "2020-10-13T11:30:04", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2020/10/damnvulnerablecryptoapp-app-with-really.html", "reporter": "KitPloit", "references": ["https://github.com/Ganapati/RsaCtfTool", "https://github.com/ashutosh1206/Crypton", "https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/wiki", "https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:33", "viewCount": 61, "enchantments": {"dependencies": {}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "_state": {"dependencies": 1659882497, "score": 1659834466, "epss": 1679037574}, "_internal": {"score_hash": "02b77cc9be626f3e3c2a2837cbc76a01"}, "toolHref": "https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/"}