feat: found the exploit in the code and attaced the server

sheet03/a2/Auth.java

@@ -0,0 +1,71 @@
+import java.io.Console;
+import java.util.Map;
+import java.util.HexFormat;
+import java.util.stream.Collectors;
+import java.nio.file.Path;
+import java.nio.file.Files;
+import java.security.MessageDigest;
+
+public class Auth {
+    private static final byte[] INVALID_HASH = "----------------------------------------------------------------".getBytes();
+
+    public static void main(String[] args) {
+        try {
+            Map<String, byte[]> passwd = Files.readAllLines(Path.of("passwd"))
+                .stream()
+                .filter(line -> line.indexOf(":") > 1 && line.length() > 3)
+                .collect(Collectors.toMap(
+                    line -> line.substring(0, line.indexOf(':')),
+                    line -> HexFormat.of().parseHex(line.substring(line.indexOf(':') + 1))
+                ));
+
+            System.out.println("Chocolate Factory SCADA Command Line Interface v2.2.144");
+            System.out.println();
+            System.out.println("Please, enter your authentication credentials.");
+            System.out.println();
+
+            Console cons = System.console();
+
+            String username;
+            String password;
+
+            long timeout = 500;
+            while (true) {
+                username = cons.readLine("> Username: ");
+                password = new String(cons.readPassword("> Password: "));
+
+                MessageDigest digest = MessageDigest.getInstance("SHA-256");
+                byte[] encodedHash = digest.digest(password.getBytes());
+
+                // constant time comparison to prevent timing attacks
+                if (MessageDigest.isEqual(
+                    passwd.getOrDefault(username, INVALID_HASH),
+                    encodedHash
+                )) {
+                    System.out.println();
+                    System.out.printf("Welcome %s!%n", username);
+                    Thread.sleep(150);
+                    break;
+                } else {
+                    // exponential timeout to prevent brute force attacks
+                    System.out.println("Incorrect username and/or password.");
+                    Thread.sleep(timeout);
+                    timeout *= 2;
+                }
+            }
+
+            printSystemStatus();
+            printSecretRecipe();
+        } catch (Exception e) {
+            // ignore
+        }
+    }
+
+    private static void printSystemStatus() throws Exception {
+        // TOP SECRET
+    }
+
+    private static void printSecretRecipe() throws Exception {
+        // TOP SECRET
+    }
+}

sheet03/a2/a.txt

@@ -0,0 +1,5 @@
+The Code uses unsalted hashes of the passwords.
+That way there is no random data added to the hashes and it is very easy to find identical hashes using
+pre-computed lookup tables.
+
+Using such a tool we found that the password admin123 has the same hash that is stored for the username admin.

sheet03/a2/b.txt

@@ -0,0 +1,77 @@
+07:46:38 leo@group-20 ~ → cat .ssh/config 
+Host chocolate
+  User chocolate
+  Hostname 10.42.23.1
+
+07:46:13 leo@group-20 ~ → ssh chocolate
+chocolate@10.42.23.1's password: chocolate
+Chocolate Factory SCADA Command Line Interface v2.2.144
+
+Please, enter your authentication credentials.
+
+> Username: admin
+> Password: admin123
+
+Welcome admin!
+
+We are currently clean on OPSEC.
+
+Current System Status:
+ 🏭 Production Line 1:               [🟢 ONLINE] - Idle
+ 🏭 Production Line 2:               [🟢 ONLINE] - Running (Secretly Sweet Chocolate Batch #42)
+ 🏭 Ingredient Hopper (Cocoa):       [🟢 ONLINE] - Level: 85%
+ 🏭 Ingredient Hopper (Sugar):       [🟢 ONLINE] - Level: 92%
+ 🏭 Ingredient Hopper (Milk Powder): [🟢 ONLINE] - Level: 78%
+ 🌡️ Temperature Control System:      [🟢 ONLINE] - Target: 45°C (±0.5°C)
+ ⚙️ Mixing Unit A:                   [🟢 ONLINE] - Standby
+ ⚙️ Mixing Unit B:                   [🟢 ONLINE] - Active
+ 🍫 Molding Machine Alpha:           [🟢 ONLINE] - Ready
+ 🍫 Molding Machine Beta:            [🟢 ONLINE] - Processing
+ 🧊 Cooling Tunnel System:           [🟢 ONLINE] - Target: 10°C (±1°C)
+ 📦 Packaging Unit Delta:            [🟢 ONLINE] - Awaiting Output
+ 🤖 Quality Control Bot v3.2:        [🟢 ONLINE] - Monitoring
+ ⚡ Power Supply:                    [🟢 ONLINE] - Stable
+ 🌐 Network Connectivity:            [🟢 ONLINE] - Good
+ 🔒 Security System:                 [🟢 ONLINE] - Active
+----------------------------------------------------
+✅ ALL SYSTEMS GREEN. Chocolate production is nominal. ✅
+
+
+📝 Recipe for 'Secretly Sweet Chocolate Batch #42
+
+  Ingredients:
+
+  1 'Bargain Bin Chocolate Chunk'
+    (obtained from ... questionable sources)
+  3 'Heaping Spoonfuls of Questionable Granules'
+    (definitely not pure sugar)
+  A splash of 'Mysterious Gloss'
+     (something called vasline, maybe inedible,
+      but it makes things shiny!)
+
+
+  Instructions:
+
+  Acquire the Goods:
+     Locate and 'liberate' the cheapest-looking chocolate
+     you can get from the competition.
+  The Melt Down:
+     Subject the 'Bargain Bin Chocolate Chunk' to intense heat.
+     The goal is a questionable, slightly lumpy liquid.
+  Sweeten the Deal:
+     Introduce the 'Heaping Spoonfuls of Questionable Granules'
+     to the melted chocolate. Stir vigorously (or just shake the
+     container violently). The mixture should become alarmingly
+     sweet.
+  The Glossy Finish:
+     Add a dash of 'Mysterious Gloss.' This will give the product
+     an unsettlingly shiny appearance.
+  Mold it (Sort Of):
+     Pour the concoction into a vaguely bar-shaped container (the
+     packaging of the input chocolate might work?).
+  The Pay Off:
+     Pay tons of influencers to advertise this as the best
+     chocolate they have ever tasted, and price this chocolate
+     at a ridiculous high price!!1! 🤑💰💸
+  
+Connection to 10.42.23.1 closed.

sheet03/a2/passwd

@@ -0,0 +1,3 @@
+admin:240be518fabd2724ddb6f04eeb1da5967448d7e831c08c8fa822809f74c720a9
+alice:57a975ec110f89a7ca6a8c39aec856890b10488006106fb12c3a5fe063b1e7d5
+bob:2a3cc87f95b4363a1e6483d4659671361f86239735d31e8c4a9be893a2427c19