¶ ¶ The natas11 problem contains a OTP (one-time-pad) vulnerability called a "many-time-pad". Likewise, the attack is called a "many-time-pad" attack. Below is some code that led to the solution and progression to the next level. The problem includes the server-side PHP source, but with the key used for OTP and the password for the next challenge censored. The goal of the experiment is to flip a "showpassword" flag that will echo the password for challenge 12 into the rendered html. From the source example we can see that it stores an encrypted json blob in a session cookie called "data", so we have an opportunity to inject our own cipher text on the client side. We know our data structure is a jsob blob stored in a cookie value as cipher text because the lab has the PHP source that runs on the server-side with some data censored. And since we have access to the coo...