CryptOMG Released on SpiderLabs Anterior <blog.spiderlabs.com> Andrew Jordan [email protected] https://www.trustwave.com

INTRODUCTION

WARNING: CryptOMG IS AN INTENTIONALLY VULNERABLE APPLICATION. IT SHOULD ONLY BE INSTALLED ON A TRUSTED WEB ENVIRONMENT. IT SHOULD NOT BE PUBLISHED ON A PRODUCTION SERVER AND SHOULD NOT BE ACCESSIBLE THROUGH THE INTERNET.

CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations. Most of the challenges are designed to be cipher independent and to illustrate this, configuration options are provided that allow you to change the algorithm in use as well as the type of encoding.

Cool Stuff Includes: o Cryptographic Oracles o Side Channel Attacks o Electronic Code Book Flaws o Configuration options for cipher and encoding

REQUIREMENTS

A webserver running PHP 5.x MySQL libmcrypt4

PHP Modules/Libraires: php5-mysql php5-mcrypt

USAGE

Place the CryptOMG source files somewhere in your webroot. Modify /includes/db.inc.php with the settings for your database server.

COPYRIGHT

CryptOMG - A configurable CTF style test bed. Andrew Jordan Copyright (C) 2012 Trustwave Holdings, Inc.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.