- user has to authenticate to get the flag
- user does not have the shared secret
- broken: first the backend authenticates for a user supplied challenge
docker build --rm -t challenge-response .
docker run --name cr1 -p 2023:2023 challenge-response
python exploit.py
- create connection 1: send garbage challenge (we don't neet it)
- get challenge to authenticate to get the flag (connection 1)
- create connection 2 and ask the backend for the valid response for the challenge we have to solve