Building a Text-Based Hacker Game: The Broken Access Control Level

In this article, we will dive into the process of building a text-based hacker game. The game itself is built around a series of vulnerable applications that a user must exploit to proceed to the next level. We will specifically look at the first level – The Broken Access Control, and examine the game's code, discussing how it works.

Context

At work, the author was assigned the task of creating a series of applications that users exploit by testing the broken access control mechanism. Drawing inspiration from this project, the author decided to create a text-based game to test users' hacking skills. In the game, players must hack into vulnerable applications in a series of levels, each more challenging than the last.

Execution

The first level – The Broken Access Control, presents players with a broken access control mechanism, meaning that users can log in as a normal user with the username and password "user123". Once inside, players need to obtain a valid token to access restricted content.

To access the game, players can download the code from the author's Patreon page or download the zip file containing the game's code and install the required dependencies through their terminal.

Gameplay

Level 1 Gameplay

In the first level, players log in as a normal user and get a valid token to access restricted content. To obtain the token, players need to follow the instructions provided in the game.

The game's text-based interface types out information character by character, creating an engaging and immersive experience. Key pieces of information are highlighted in green, reminding players to pay attention to essential details.

After entering the login credentials, players send a post request and receive the access token. Players then decode the token to see their current role as a user. To escalate their privileges to an admin role, players create a new payload which updates their user role to admin. Players then re-encode the updated token and finally send another post request. If successful, players receive the message "Access Granted" and gain admin privileges to restricted content.

Gameplay Features

To make the game interactive, the author considered adding various features such as commands and tools that players could use to solve different puzzles in each level. This feature would require players to use their hacking skills to solve problems rather than the game handing them all the solutions.

Code

The author created the game in Python and drew inspiration from his vulnerable apps project at work. The code for the game is available on the author's Patreon page. The game's requirements include JWT, term color, and pi figlet.

The Broken Access Control Loop

The Broken Access Control Loop is the first level in the game. It is a function in the game that allows players to access the game's first level by following the instructions provided.

Main While Loop

The game's main while loop allows players to proceed through the game levels. At the start of each level, players first encounter a set of instructions that guide them on how to proceed.

Text-Based Interface

To create an immersive experience, the game's text-based interface types out information character by character at 0.02-second intervals. Also, the game's text highlights essential information in green, so players pay attention.

Payload and Token Encoding

To escalate their user rights to admin, players create a new payload, which they encode into the token. Once the payload is encoded, the player's role is updated to admin, granting them access to restricted content.

Conclusion

In conclusion, the Broken Access Control level in this text-based hacker game is an engaging and immersive experience. With each level of the game increasing in difficulty, players' skills are tested to their limits. The game's text-based interface, highlighting of essential information, and the encoding of the payload and token add to the game's authenticity and make for an enjoyable experience.