Crypto Challenge

Help Eve defeat a weakened version of Nginx


Eve did have a legitimate restricted access to a file located on, anytime she wanted consult this file she issued this request all was working perfectly fine until the date of 1-21-2011 where her link stopped working with the web server returning an error code 403 on any of her attempts.

Furious, she decided to understand what was going on and how to bypass this intolerable restriction. She quickly found out that the underlying server was a modified version of the Nginx web server.

$ curl --head
HTTP/1.1 200 OK
Server: nginx-modified/0.9.4
Date: Tue, 25 Jan 2011 14:04:10 GMT
Content-Type: text/html
Content-Length: 176
Last-Modified: Mon, 24 Jan 2011 23:38:08 GMT

She further learned that this particular service was provided by the secure link module. This module uses a server secret to authenticate the URI /p/eve/restricted.txt mixed with a timestamp 1295613171 (which explain how her access was revoked) to produce an authentication token. This authenticator takes the form of a secret MD5 hash aSYSRnsL0by4M1l1tbPcrQ assigned by the server to Eve. With this initial set of informations along with the ones provided below in the following section, would you help Eve in accessing and reading restricted.txt as she previously was able to do?

Ressources and informations

Consider the following additional ressources and informations.


The challenge is implemented on a slightly but fatally modified / weakened version of Nginx, that means that this exploit does not affect the real Nginx server. Although as you will observe this module would be better off not presenting no such kind of risks at all. For not spoiling this challenge the issues highlighted in this exercice will only be discussed in depth later in the solution, not now.


here is the solution with code and with a short description.