CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.

INTRODUCTION
==============***
WARNING: CryptOMG IS AN INTENTIONALLY VULNERABLE APPLICATION. IT SHOULD
ONLY BE INSTALLED ON A TRUSTED WEB ENVIRONMENT. IT SHOULD NOT BE PUBLISHED ON A PRODUCTION SERVER AND SHOULD NOT BE ACCESSIBLE THROUGH THE INTERNET.
***

CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations. Most of the challenges are designed to be cipher independent and to illustrate this, configuration options are provided that allow you to change the algorithm in use as well as the type of encoding.

Platform : Windows & Linux. Written in PHP

Cool Stuff Includes:
o Cryptographic Oracles
o Side Channel Attacks
o Electronic Code Book Flaws
o Configuration options for cipher and encoding

Features: Access the /etc/passwd file, Get the admin password, Decrypt the message, Hijack the administrator account

REQUIREMENTS
===============

A webserver running PHP 5.x
MySQL
libmcrypt4

PHP Modules/Libraires:
php5-mysql
php5-mcrypt

USAGE
=====
Place the CryptOMG source files somewhere in your webroot. Modify
/includes/db.inc.php with the settings for your database server.

COPYRIGHT
=========

CryptOMG – A configurable CTF style test bed.
Andrew Jordan
Copyright (C) 2012 Trustwave Holdings, Inc.

This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program. If not, see.

Download : Zipball | Tarball

CryptOMG
Released on SpiderLabs Anterior <blog.spiderlabs.com>
Andrew Jordan <AJordan@trustwave.com>
https://www.trustwave.com