この大会は2024/3/22 19:00(JST)~2024/3/24 19:00(JST)に開催されました。
今回は個人で参戦。結果は1314点で281チーム中56位でした。
自分で解けた問題をWriteupとして書いておきます。
safe-password (OSINT)
https://haveibeenpwned.com/Passwordsで80回以上Pwnされているものをチェックしていく。
Bubblegum123!
$ echo -n "Bubblegum123\!" | sha256sum fdc852bc63a266c8c38db64bef90d62d53ddeef00aa85df7b941ac780b3d75d8 -
CTF{fdc852bc63a266c8c38db64bef90d62d53ddeef00aa85df7b941ac780b3d75d8}
start-enc (Cryptography)
以下の順にデコードする。
・2進数 ・base64 ・ASCIIコード ・16進数
#!/usr/bin/env python3 from base64 import * with open('encoded.txt', 'r') as f: enc = f.read() enc = enc.split(' ') msg = '' for c in enc: msg += chr(int(c, 2)) print('[+]', msg) msg = b64decode(msg).decode() print('[+]', msg) codes = msg.split(';')[:-1] msg = '' for code in codes: msg += chr(int(code[2:])) print('[+]', msg) codes = msg.split(' ') flag = '' for code in codes: flag += chr(int(code, 16)) print('[*]', flag)
実行結果は以下の通り。
[+] JiM1MzsmIzUyOyYjMzI7JiM1NDsmIzU2OyYjMzI7JiM1NDsmIzUzOyYjMzI7JiM1MDsmIzQ4OyYjMzI7JiM1NDsmIzU0OyYjMzI7JiM1NDsmIzk5OyYjMzI7JiM1NDsmIzQ5OyYjMzI7JiM1NDsmIzU1OyYjMzI7JiM1MDsmIzQ4OyYjMzI7JiM1NDsmIzU3OyYjMzI7JiM1NTsmIzUxOyYjMzI7JiM1MTsmIzk3OyYjMzI7JiM1MDsmIzQ4OyYjMzI7JiM1MjsmIzUxOyYjMzI7JiM1MzsmIzUyOyYjMzI7JiM1MjsmIzU0OyYjMzI7JiM1NTsmIzk4OyYjMzI7JiM1MTsmIzUzOyYjMzI7JiM1MTsmIzU2OyYjMzI7JiM1MTsmIzUyOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1MTsmIzQ5OyYjMzI7JiM1MTsmIzUwOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1MTsmIzUzOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1MTsmIzUyOyYjMzI7JiM1MTsmIzQ4OyYjMzI7JiM1NDsmIzUzOyYjMzI7JiM1MTsmIzU3OyYjMzI7JiM1MTsmIzUyOyYjMzI7JiM1MTsmIzQ4OyYjMzI7JiM1MTsmIzU2OyYjMzI7JiM1MTsmIzUzOyYjMzI7JiM1NDsmIzUxOyYjMzI7JiM1MTsmIzUyOyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1NDsmIzQ5OyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1NDsmIzQ5OyYjMzI7JiM1MTsmIzQ4OyYjMzI7JiM1MTsmIzU0OyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1NDsmIzUxOyYjMzI7JiM1MTsmIzUzOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1MTsmIzUzOyYjMzI7JiM1NDsmIzQ5OyYjMzI7JiM1MTsmIzU2OyYjMzI7JiM1MTsmIzU2OyYjMzI7JiM1MTsmIzQ4OyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1MTsmIzU3OyYjMzI7JiM1MTsmIzQ5OyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1MTsmIzU3OyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1NDsmIzQ5OyYjMzI7JiM1NDsmIzUzOyYjMzI7JiM1NDsmIzUxOyYjMzI7JiM1NDsmIzU0OyYjMzI7JiM1MTsmIzU1OyYjMzI7JiM1MTsmIzUxOyYjMzI7JiM1MTsmIzU1OyYjMzI7JiM1NDsmIzUyOyYjMzI7JiM1MTsmIzU2OyYjMzI7JiM1MTsmIzU1OyYjMzI7JiM1MTsmIzUwOyYjMzI7JiM1MTsmIzUyOyYjMzI7JiM1MTsmIzU0OyYjMzI7JiM1MTsmIzU0OyYjMzI7JiM1MTsmIzU3OyYjMzI7JiM1MTsmIzU0OyYjMzI7JiM1NDsmIzUxOyYjMzI7JiM1NDsmIzUwOyYjMzI7JiM1MTsmIzU1OyYjMzI7JiM1NTsmIzEwMDs= [+] 54 68 65 20 66 6c 61 67 20 69 73 3a 20 43 54 46 7b 35 38 34 62 33 31 32 62 62 35 62 62 33 34 30 65 39 34 30 38 35 63 34 33 61 62 61 30 36 33 63 35 62 35 61 38 38 30 33 39 31 33 39 33 62 61 65 63 66 37 33 37 64 38 37 32 34 36 36 39 36 63 62 37 7d [+] 54 68 65 20 66 6c 61 67 20 69 73 3a 20 43 54 46 7b 35 38 34 62 33 31 32 62 62 35 62 62 33 34 30 65 39 34 30 38 35 63 34 33 61 62 61 30 36 33 63 35 62 35 61 38 38 30 33 39 31 33 39 33 62 61 65 63 66 37 33 37 64 38 37 32 34 36 36 39 36 63 62 37 7d [*] The flag is: CTF{584b312bb5bb340e94085c43aba063c5b5a880391393baecf737d87246696cb7}
CTF{584b312bb5bb340e94085c43aba063c5b5a880391393baecf737d87246696cb7}
wifibasic (Network, Wireless)
$ aircrack-ng -w /usr/share/wordlists/rockyou.txt wifibasic.cap Reading packets, please wait... Opening wifibasic.cap Read 968 packets. # BSSID ESSID Encryption 1 02:00:00:00:00:00 BitSentinelRulez WPA (1 handshake) 2 02:00:00:00:01:00 Unbreakabl3 Unknown 3 02:00:00:00:02:00 YetAnotherHacker WPA (0 handshake) 4 02:00:00:00:03:00 Unbreakable Unknown 5 02:00:00:00:04:00 TargetHiddenSSID WPA (1 handshake) Index number of target network ? 5 Reading packets, please wait... Opening wifibasic.cap Read 968 packets. 1 potential targets Aircrack-ng 1.7 [00:00:00] 131/10303727 keys tested (1258.33 k/s) Time left: 2 hours, 16 minutes, 28 seconds 0.00% KEY FOUND! [ tinkerbell ] Master Key : 58 65 AF CE 4E 69 4C 14 DD 09 27 47 EB BD 45 EB 27 9A 75 79 9C D1 4D F5 AF B6 DE 01 4D C2 A8 97 Transient Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL HMAC : C1 D1 C8 EC 42 1E 31 80 61 4C FF 7B 02 8F E4 19
以下を設定して、スクリプトを実行する。
BSSID = "02:00:00:00:04:00" ESSID = "TargetHiddenSSID" PSK = "tinkerbell"
CTF{73841584e4c011c940e91c76bf1c12a7a4850e4b3df0a27ba8a35388c316d468}
wifiland (Network, Wireless)
$ aircrack-ng -w /usr/share/wordlists/rockyou.txt wifiland.cap Reading packets, please wait... Opening wifiland.cap Read 4594 packets. # BSSID ESSID Encryption 1 02:00:00:00:00:00 BitSentinelRulez Unknown 2 02:00:00:00:05:00 wifiland WPA (1 handshake) Index number of target network ? 2 Reading packets, please wait... Opening wifiland.cap Read 4594 packets. 1 potential targets Aircrack-ng 1.7 [00:00:00] 8/14344392 keys tested (27.07 k/s) Time left: 6 days, 3 hours, 11 minutes, 53 seconds 0.00% KEY FOUND! [ 12345678 ] Master Key : 7F 76 94 BD AC D9 1E 94 22 2F 00 BD 49 CD 4D DA 8B 0C 31 16 D5 28 A4 BC C8 3F 8A 40 AE 78 D7 A5 Transient Key : 2F 75 56 F7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL HMAC : A6 01 F2 FA 2C BE BB F7 BC CF 3A 2D 83 A2 44 29
Wiresharkの[編集]>[設定]から[Protocols]>[IEEE 802.11]の画面を表示後、Decryption keysの編集から以下を設定し、通信パケットを復号する。
・Key type: wpa-pwd ・Key : 12345678
パケットにARPの通信がある。
3304 2024-03-13 22:50:05.094651 02:00:00:00:13:00 Broadcast ARP 102 Who has 93.184.216.34? Tell 10.0.3.19
以下を設定して、スクリプトを実行する。
ip_client = "10.0.3.19" ip_target = "93.184.216.34"
CTF{b67842d03eadce036c5506f2b7b7bd25aaab4d1f0ec4b4f490f0cb19ccd45c70}
traffic-e (Cryptography, Network)
TLSの通信がほとんどなので、証明書をエクスポートし、内容を確認してみる。
$ openssl x509 -in 6.cer -text -pubkey -inform DER Certificate: Data: Version: 3 (0x2) Serial Number: 12:6b:f1:48:8d:dc:4b:02:a8:6d:0a:77:51:ff:63:0a:75:ed:f1:14 Signature Algorithm: sha256WithRSAEncryption Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Ephvuln Validity Not Before: Mar 15 11:09:16 2024 GMT Not After : Mar 15 11:09:16 2025 GMT Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Ephvuln Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1027 bit) Modulus: 07:3c:0d:c9:3d:ff:a0:26:b8:88:e0:eb:2f:da:7a: c6:e1:82:a7:bc:5f:a4:39:00:d3:61:a4:42:eb:7c: db:44:02:7b:31:96:76:b5:fd:37:49:1b:ce:30:8d: 76:e5:be:3e:a9:61:d8:7f:ff:5d:25:52:b4:34:ed: 8e:e6:62:a1:05:39:ea:21:f4:37:17:0d:f9:70:ef: 2b:6a:9b:e1:41:09:16:53:0b:83:97:b4:35:7b:f1: 78:85:2a:35:c9:0b:33:20:b4:93:21:3e:05:fb:00: 09:66:d8:9e:ba:09:25:c3:44:22:e4:80:a5:c9:17: 67:37:cc:98:ab:09:99:32:87 Exponent: 00:97:de:37:9a:97:9d:08:04:59:a7:ab:09:b8:48: ea:eb:be:83:79:ef:79:d2:5c:0b:e7:4d:24:35:a4: 0c:7e:11:db:51:7b:50:59:0c:fc:be:15:9d:d3:75: 22:1e:0f:45:d1:a0:d4:d9:a9:40:3f:fe:34:fb:1e: 40:2a:85:4b:41:71:6c:8e:aa:fc:0e:66:e6:f7:09: e6:54:ea:e6:83:8d:69:b6:1e:b0:00:c0:a4:6d:13: 5c:e6:32:36:c2:76:d5:fe:26:28:48:62:97:98:e6: e5:5a:f5:57:b1:0d:4e:84:67:01:22:35:ba:b0:fe: 5d:cf:81:d9:fb:83:2f:cb:ef X509v3 extensions: X509v3 Subject Key Identifier: E0:02:07:E4:1E:35:4A:16:07:07:58:BE:65:4E:40:AA:D3:9B:BB:95 X509v3 Authority Key Identifier: E0:02:07:E4:1E:35:4A:16:07:07:58:BE:65:4E:40:AA:D3:9B:BB:95 X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption Signature Value: 03:01:3d:cf:26:97:63:11:a1:cf:be:5a:03:c5:2b:dc:a0:e8: 6e:35:97:16:43:9b:4d:e0:60:6e:22:59:82:fd:49:7e:7a:ed: d5:6a:de:46:79:53:80:38:db:b9:03:7b:17:08:f0:f0:b3:a6: e1:a3:46:23:2a:0e:8a:0a:12:78:33:97:75:f2:fe:d7:6e:5c: 51:8d:a0:11:3d:93:66:81:5c:4b:7c:29:d2:6c:49:9e:44:e8: 89:5c:b5:09:b0:55:4e:2f:73:e9:b0:45:ea:a3:4d:b9:2e:23: 8e:10:47:ac:ad:c5:a0:fd:98:dd:56:83:2f:75:73:0c:fd:9e: 18:35:66 -----BEGIN PUBLIC KEY----- MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKBgQc8Dck9/6AmuIjg6y/aesbh gqe8X6Q5ANNhpELrfNtEAnsxlna1/TdJG84wjXblvj6pYdh//10lUrQ07Y7mYqEF Oeoh9DcXDflw7ytqm+FBCRZTC4OXtDV78XiFKjXJCzMgtJMhPgX7AAlm2J66CSXD RCLkgKXJF2c3zJirCZkyhwKBgQCX3jeal50IBFmnqwm4SOrrvoN573nSXAvnTSQ1 pAx+EdtRe1BZDPy+FZ3TdSIeD0XRoNTZqUA//jT7HkAqhUtBcWyOqvwOZub3CeZU 6uaDjWm2HrAAwKRtE1zmMjbCdtX+JihIYpeY5uVa9VexDU6EZwEiNbqw/l3Pgdn7 gy/L7w== -----END PUBLIC KEY----- -----BEGIN CERTIFICATE----- MIIDDTCCAnWgAwIBAgIUEmvxSI3cSwKobQp3Uf9jCnXt8RQwDQYJKoZIhvcNAQEL BQAwVzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEQMA4GA1UEAwwHRXBodnVsbjAeFw0y NDAzMTUxMTA5MTZaFw0yNTAzMTUxMTA5MTZaMFcxCzAJBgNVBAYTAkFVMRMwEQYD VQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM dGQxEDAOBgNVBAMMB0VwaHZ1bG4wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEI AoGBBzwNyT3/oCa4iODrL9p6xuGCp7xfpDkA02GkQut820QCezGWdrX9N0kbzjCN duW+Pqlh2H//XSVStDTtjuZioQU56iH0NxcN+XDvK2qb4UEJFlMLg5e0NXvxeIUq NckLMyC0kyE+BfsACWbYnroJJcNEIuSApckXZzfMmKsJmTKHAoGBAJfeN5qXnQgE WaerCbhI6uu+g3nvedJcC+dNJDWkDH4R21F7UFkM/L4VndN1Ih4PRdGg1NmpQD/+ NPseQCqFS0FxbI6q/A5m5vcJ5lTq5oONabYesADApG0TXOYyNsJ21f4mKEhil5jm 5Vr1V7ENToRnASI1urD+Xc+B2fuDL8vvo1MwUTAdBgNVHQ4EFgQU4AIH5B41ShYH B1i+ZU5AqtObu5UwHwYDVR0jBBgwFoAU4AIH5B41ShYHB1i+ZU5AqtObu5UwDwYD VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBggADAT3PJpdjEaHPvloDxSvc oOhuNZcWQ5tN4GBuIlmC/Ul+eu3Vat5GeVOAONu5A3sXCPDws6bho0YjKg6KChJ4 M5d18v7XblxRjaARPZNmgVxLfCnSbEmeROiJXLUJsFVOL3PpsEXqo025LiOOEEes rcWg/ZjdVoMvdXMM/Z4YNWY= -----END CERTIFICATE-----
公開鍵のパラメータは以下であることがわかる。
n = 0x073c0dc93dffa026b888e0eb2fda7ac6e182a7bc5fa43900d361a442eb7cdb44027b319676b5fd37491bce308d76e5be3ea961d87fff5d2552b434ed8ee662a10539ea21f437170df970ef2b6a9be1410916530b8397b4357bf178852a35c90b3320b493213e05fb000966d89eba0925c34422e480a5c9176737cc98ab09993287 e = 0x0097de379a979d080459a7ab09b848eaebbe8379ef79d25c0be74d2435a40c7e11db517b50590cfcbe159dd375221e0f45d1a0d4d9a9403ffe34fb1e402a854b41716c8eaafc0e66e6f709e654eae6838d69b61eb000c0a46d135ce63236c276d5fe262848629798e6e55af557b10d4e8467012235bab0fe5dcf81d9fb832fcbef
Wiener's Attackでnを素因数分解する。
#!/usr/bin/env python3 from Crypto.Util.number import * from fractions import Fraction def egcd(a, b): x, y, u, v = 0, 1, 1, 0 while a != 0: q, r = b // a, b % a m, n = x - u * q, y - v * q b, a, x, y, u, v = a, r, u, v, m, n gcd = b return gcd, x, y def continued_fractions(n,e): cf = [0] while e != 0: cf.append(int(n // e)) N = n n = e e = N % e return cf def calcKD(cf): kd = list() for i in range(1, len(cf) + 1): tmp = Fraction(0) for j in cf[1:i][::-1]: tmp = 1 / (tmp + j) kd.append((tmp.numerator, tmp.denominator)) return kd def int_sqrt(n): def f(prev): while True: m = (prev + n // prev) // 2 if m >= prev: return prev prev = m return f(n) def calcPQ(a, b): if a * a < 4 * b or a < 0: return None c = int_sqrt(a * a - 4 * b) p = (a + c) // 2 q = (a - c) // 2 if p + q == a and p * q == b: return (p, q) else: return None def wiener(n, e): kd = calcKD(continued_fractions(n, e)) for (k, d) in kd: if k == 0: continue if (e * d - 1) % k != 0: continue phin = (e * d - 1) // k if phin >= n: continue ans = calcPQ(n - phin + 1, n) if ans is None: continue return (ans[0], ans[1]) n = 0x073c0dc93dffa026b888e0eb2fda7ac6e182a7bc5fa43900d361a442eb7cdb44027b319676b5fd37491bce308d76e5be3ea961d87fff5d2552b434ed8ee662a10539ea21f437170df970ef2b6a9be1410916530b8397b4357bf178852a35c90b3320b493213e05fb000966d89eba0925c34422e480a5c9176737cc98ab09993287 e = 0x0097de379a979d080459a7ab09b848eaebbe8379ef79d25c0be74d2435a40c7e11db517b50590cfcbe159dd375221e0f45d1a0d4d9a9403ffe34fb1e402a854b41716c8eaafc0e66e6f709e654eae6838d69b61eb000c0a46d135ce63236c276d5fe262848629798e6e55af557b10d4e8467012235bab0fe5dcf81d9fb832fcbef p, q = wiener(n, e) print('p =', p) print('q =', q) print('e =', e)
実行結果は以下の通り。
p = 50762598711424764578309835161028536505017062779535728598193739021422991384075097619364837920473739477192741993467746530937273178568830967465304495915565021 q = 25620367680132110555879075164092814080992627707664402686174667544938777823227941746742946229140990674686598986153493963260846509398173854491013932770379699 e = 106645361573597107845396067866499068630105849159408665310862014583870062061704662230754284832387896920427209753236862548800746662398609212688373613186979102970308417884832531601035544107102590028211579550508699494971288803583755640940424098301425895738898909222425910339731329121362635050810847489912118168559
これで、p, qがわかり秘密鍵を生成できる。
$ rsatool.py -f PEM -o secret.pem -p 50762598711424764578309835161028536505017062779535728598193739021422991384075097619364837920473739477192741993467746530937273178568830967465304495915565021 -q 25620367680132110555879075164092814080992627707664402686174667544938777823227941746742946229140990674686598986153493963260846509398173854491013932770379699 -e 106645361573597107845396067866499068630105849159408665310862014583870062061704662230754284832387896920427209753236862548800746662398609212688373613186979102970308417884832531601035544107102590028211579550508699494971288803583755640940424098301425895738898909222425910339731329121362635050810847489912118168559 Using (p, q) to calculate RSA paramaters n = 73c0dc93dffa026b888e0eb2fda7ac6e182a7bc5fa43900d361a442eb7cdb44027b319676b5fd374 91bce308d76e5be3ea961d87fff5d2552b434ed8ee662a10539ea21f437170df970ef2b6a9be1410 916530b8397b4357bf178852a35c90b3320b493213e05fb000966d89eba0925c34422e480a5c9176 737cc98ab09993287 e = 97de379a979d080459a7ab09b848eaebbe8379ef79d25c0be74d2435a40c7e11db517b50590cfcbe 159dd375221e0f45d1a0d4d9a9403ffe34fb1e402a854b41716c8eaafc0e66e6f709e654eae6838d 69b61eb000c0a46d135ce63236c276d5fe262848629798e6e55af557b10d4e8467012235bab0fe5d cf81d9fb832fcbef d = 288ab34527ecad227bd3ec9e847ca8942f388b65d3a759397c5faa9ee7ffe007 p = 3c93a69f7a213fa1a8da9903d92c278553b67525beded842fcef7bfc4884679a808f94fee5f155bf d0c211b0d19eec38420918065cb4086ed426c543d24ec7fdd q = 1e92dbfa3f67f1525e1fa427e571434a9dc64e05de873cce671820e83932e7d31633bd16cea7b0a4 835c70d55ff36accc6749a0c7744c8d328dd30f1af243c7b3 Saving PEM as secret.pem
このファイルをWiresharkで設定して通信を見てみる。
IPアドレス:127.0.0.1 ポート番号:4433 プロトコル:ssh
TLSストリームを見る。
whoami root cert.pem flag.txt priv.pem server.sh test.py cat flag.txt CTF{46b1d043b3d2d98a267455affce276c47a1f2bfb940881d1e9725c798373f532} exit
CTF{46b1d043b3d2d98a267455affce276c47a1f2bfb940881d1e9725c798373f532}