Ambaga island.is challenge

To celebrate the retirement of the old National Identification Portal, Innskráningarþjónusta island.is, Ambaga has written a eulogy blog. This CTF serves as a complement to the blog and allows you to exploit the vulnerabilities discussed in the blog.

Challenges

This CTF consists of four challenges. Each challenge simulates a service provider that utilizes a simulated National Identification Portal for authentication, and all require exploitation of how the service provider handles the SAML messages generated by the identification portal.

The challenges will be released, one per day, starting on the 3rd of February 2025 and ending on the 6th of February.

Note: You can view challenges unauthenticated, but in order to submit flags you must sign up first here (no email verification needed)

The Identification Portal

The identification portal can be tested at https://innskraning.ekkiisland.is/?id=test.

On the identification portal, you can log in as Testmann Testmannsson with the kennitala 012345-6789 (can be used for all service providers) using two methods:

• Using the phone number 1111111
• Using the kennitala 0123456789 and password hunter2

Your mission

For each of the challenges, your aim is to exploit how the service provider handles the authentication token, generated by the identification portal, and log in to the service provider application as Adminmann Adminmannsson with the kennitala 987654-3210.

The source code responsible for the handling of SAML messages is available for review in all challenges. Link to the source code can be found in the challenges' footer.