=========================================== ADVANCED CRYPTOGRAPHY CHALLENGE - EXPLOIT GUIDE =========================================== CHALLENGE OVERVIEW: ------------------- This challenge contains multiple REAL cryptographic vulnerabilities: 1. Weak RSA (1024-bit) - Factorable with modern tools 2. AES-ECB Mode - Pattern leakage vulnerability 3. CBC Padding Oracle - POODLE attack possible 4. XOR Key Reuse - Known-plaintext attack 5. Timing Attack - On token verification ATTACK VECTORS: -------------- 1. WEB INTERFACE: http://[IP]/crypto1/ 2. API ENDPOINTS: - GET /crypto1/?api&action=get_challenge - GET /crypto1/?api&action=decrypt&cipher=[base64] - GET /crypto1/?api&action=verify&token=[token] - GET /crypto1/?api&action=attack&type=[type] 3. CLI INTERFACE: http://[IP]/crypto1/?cli KALI LINUX TOOLS REQUIRED: -------------------------- 1. OpenSSL 2. YAFU (for RSA factorization) 3. RsaCtfTool (alternative RSA tool) 4. padbuster (for padding oracle) 5. xortool (for XOR analysis) 6. Python3 with requests library 7. jq (for JSON parsing) EXPLOITATION STEPS: ------------------ STEP 1: RECONNAISSANCE --------------------- curl -s "http://[IP]/crypto1/?api&action=get_challenge" | jq . This returns: - RSA public key - Multiple ciphertexts - Challenge ID - API endpoints STEP 2: RSA FACTORIZATION ------------------------- # Extract modulus from public key openssl rsa -pubin -in public_key.pem -text -noout # Save modulus to file echo "MODULUS_HERE" > modulus.txt # Factor using YAFU yafu "factor(@)" -batchfile modulus.txt # Alternative: Use RsaCtfTool python3 RsaCtfTool.py --publickey public_key.pem --private STEP 3: AES-ECB ANALYSIS ------------------------ # The ECB ciphertext shows patterns # Identical plaintext blocks = identical ciphertext blocks # Try decryption with guessed keys openssl enc -aes-128-ecb -d -K $(echo -n "KEY_GUESS" | xxd -p) -in cipher.bin STEP 4: PADDING ORACLE ATTACK ----------------------------- # The server reveals padding errors through timing # Use padbuster or custom Python script padbuster http://[IP]/crypto1/?api&action=verify ciphertext 16 --encoding 0 STEP 5: XOR ANALYSIS ------------------- # XOR ciphertext is in ciphertexts.xor_challenge # Use known-plaintext attack xortool -b -l 16 -c 20 ciphertext.bin # If you know part of plaintext (like "FLAG_"), use crib dragging STEP 6: TIMING ATTACK --------------------- # The verify endpoint uses strcmp() which is timing-vulnerable # Measure response times for different tokens Example Python script: import time import requests def measure_time(token): start = time.perf_counter() requests.get(f"http://[IP]/crypto1/?api&action=verify&token={token}") return time.perf_counter() - start # Try characters one by one chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-{}" known = "" for _ in range(32): times = {} for c in chars: token = known + c + "A" * (31 - len(known)) times[c] = measure_time(token) # Character with longest response time is likely correct known += max(times, key=times.get) print(f"Progress: {known}") STEP 7: ASSEMBLE FLAG --------------------- # Combine all decrypted parts: FLAG_PART_1 + FLAG_PART_2 + FLAG_PART_3 + FLAG_PART_4 + FLAG_PART_5 # Final format: CTF{CRYPTO_MASTER_XXXXXXXX} AUTOMATED EXPLOITATION SCRIPT: ----------------------------- #!/bin/bash # Full exploit script is available at: http://[IP]/crypto1/?cli # Or view source of webpage for JavaScript version MITIGATION GUIDE: ---------------- 1. Use 2048-bit or 4096-bit RSA keys 2. Always use authenticated encryption (GCM mode) 3. Use hash_equals() instead of strcmp() for comparison 4. Generate random IVs for each encryption 5. Use proper key derivation functions (PBKDF2, Argon2) 6. Implement constant-time algorithms 7. Use TLS 1.3 for transport security FLAGS TO CAPTURE: ---------------- 1. FLAG_PART_1 (from ECB) 2. FLAG_PART_2 (from CBC padding oracle) 3. FLAG_PART_3 (from XOR) 4. FLAG_PART_4 (from RSA) 5. FLAG_PART_5 (from timing attack) 6. FINAL_FLAG (assembled) SCORING: ------- - Each part: 50-75 points - Final flag: 200 points - Total: 500 points EDUCATIONAL VALUE: ----------------- This challenge teaches: - Real cryptographic vulnerabilities - Multiple attack vectors - Tool usage on Kali Linux - Defense strategies - API exploitation - Side-channel attacks GOOD LUCK!