2021 tenable ctf

TeamAardvark · Mar 3, 2021 · c4f1ec1 · c4f1ec1
1 parent a1c9216
commit c4f1ec1
Show file tree

Hide file tree

Showing 148 changed files with 772,930 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,4 @@ Vagrantfile
 *.deb
 *.xz
 *.out
+ubuntu-xenial-*
diff --git a/2021/tenable/crypto/classic-crypto/enc.txt b/2021/tenable/crypto/classic-crypto/enc.txt
@@ -0,0 +1,18 @@
+flag{classicvigenere}
+
+
+Tusec mfy eaam gfqclaef oomgh ok. Tuog uq’fy snnfpfugnk, kvrf, adotq fvzz-zgtzk tuog qmk ife gcb kmbs kucsefqfi eoiwrq. Fvy lrhhu ge, ky srr oyj fvyke gvvlsg. Ufoamzmgg ck a fmzzaz, fakr huc rzuy a pchlffs xlvsf. Rts zdat wf rts mqmocy mr hbw cbiardm. Imr zofie olw ohf ayfwifay wqczhcly. Js npq bil Aacawycok – wr frndsmwng huc uryslf cs Yzchqmbif. Rdinz, fesrbaa ufd gvr pqainay cs aqbmgrfvvn. Xwew aam fwypid, wr osdul cl wusechsl oe tc, nq kco zais fcqb zjoz ggpqsn hrbhrqfg.
+
+Qw hnjr la zysdrff, aujcdinbf md giddvseq. Is uje nzy mzs. Qw rhb bnqfulibbf zqqumsr huyf wm ohnh gfq ulguc rrauryk tb rb. Uq qbgofs gyduyls ospyggy lhnh vq ivul tus ccadfw wuc ecbfykeah gfq wxwayg bd Mbifyzchq iohl tb tveth zgr. Gvr uaffv if wa rdcotlr. Kr qqs cl eisew pos – oae, dbtqfnq, mhfqcd. Spwrl rnw is uje oczzmfxwd jwgf zsqk aar vkmuyk, af kr quh ul hbar qmty an gvr izcqdequr rton oe nfr nakyjlrgf, rton “teghrp” ywhvs nfr bqofant kvrt hbw svhhyfwif.
+
+Bhh jfmh cx ybi pmgzx te gvr atohye lch umbn lo fsr? G’y hqwngm sghs swaeg bjp. W qwng hb qovigl nbq aazfwgr. W smgubl fbf zw ocoftem gfqb agt n xbz mbx havr zw forws. Vt lmg ayl mr ca rts mlrrsg G icodda’h rtqb lwgvggcd ch qohf eypol. A az xhqf ohgtuse nqfmgn vb n qqo ix fnqrq.
+
+Nin an pmocdgjscr kr yds xafsseczh. Qw hrzccp tlwe gvr nqcjde bt Rekdn. Oe usynqr zaguh nemwhkt Vgeyqz uk ig ogrqajleq urlaqcve. Js rvbcmwd zcec fvuf fvtgw fvimsnbq nmsxgpuwyce olguar gfq kijlq. Kr daiazt gvr bdia uaehrje. Ky zais gywsh lo gvr qffywtf hb duubl fbf gfq fcyhgg lmg olw lrhggzu mdic hupaiaz ybie dubawrf.
+
+Kr yds Ufoamzmgg.
+
+Nze szne ug "zdat{qyyegcuvvurlqfy}"
+
+An gcqyk’g qgryr jc mfy kerb nq fsljoewfre cl st osfr pohyeechq mbujcuwfre. Ky’je poyjqr “wgwnfqq” mbx “hofseq” rcl ziqwae nsbanq anqwg, vmt jvb ge hbw rroy nagyj? Wr hniq oqsy gvr dmqy snq zryhs ifll huc ysmkats. Octwhv tus zyey qw cbiyb ns ufybbr, utwwz if kuw is uje wiqeqr vq wuog uq guq aar qm, zcn ohb kr yds ij wuog uq vune.
+
+Js rvugn oigvbsf bulibbnjuhs, kkvb pmxcoj oe frjuucguf pvye.
diff --git a/2021/tenable/crypto/ecdsa/decrypt.py b/2021/tenable/crypto/ecdsa/decrypt.py
@@ -0,0 +1,41 @@
+# 1. use nonce reuse attack to find nonce(k)
+# 2. find private key(secret) from nonce(k)
+# https://asecuritysite.com/encryption/ecd2
+# https://github.com/bytemare/ecdsa-keyrec/blob/master/ecdsa-nonce_reuse-crack.py
+import libnum
+import ecdsa
+from Crypto.Cipher import AES
+import binascii
+
+r = 50394691958404671760038142322836584427075094292966481588111912351250929073849
+s1 = 26685296872928422980209331126861228951100823826633336689685109679472227918891
+s2 = 40762052781056121604891649645502377037837029273276315084687606790921202237960
+
+# hashes:
+h1 = 777971358777664237997807487843929900983351335441289679035928005996851307115
+h2 = 91840683637030200077344423945857298017410109326488651848157059631440788354195
+
+order = 115792089210356248762697446949407573529996955224135760342422259061068512044369
+
+# Encrypted Flag:
+ctxt = b'f3ccfd5877ec7eb886d5f9372e97224c43f4412ca8eaeb567f9b20dd5e0aabd5'
+
+
+# decrypt it
+
+gen = ecdsa.NIST256p.generator
+
+# recover secret
+r_inv = libnum.invmod(r, order)
+h = (h1 - h2) % order
+for k_try in (s1 - s2, s1 + s2, -s1 - s2, -s1 + s2):
+  k = (h * libnum.invmod(k_try, order)) % order
+  secret = (r_inv * ((k * s1) - h1)) % order
+  try_pub_key = ecdsa.ecdsa.Public_key(gen, gen * secret)
+  if try_pub_key.verifies(h1, ecdsa.ecdsa.Signature(r, s1)):
+    break
+
+try_aes_key = secret.to_bytes(64, byteorder='little')[0:16]
+IV = b'\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
+try_cipher = AES.new(try_aes_key, AES.MODE_CBC, IV)
+print(try_cipher.decrypt(binascii.unhexlify(ctxt)))
diff --git a/2021/tenable/crypto/ecdsa/encrypt.py b/2021/tenable/crypto/ecdsa/encrypt.py
@@ -0,0 +1,75 @@
+import ecdsa
+import random
+from Crypto.Cipher import AES
+import binascii
+
+def pad(m):
+  return m+chr(16-len(m)%16)*(16-len(m)%16)
+
+gen = ecdsa.NIST256p.generator
+order = gen.order()
+secret = random.randrange(1,order)
+
+pub_key = ecdsa.ecdsa.Public_key(gen, gen * secret)
+# print(dir(pub_key))
+priv_key = ecdsa.ecdsa.Private_key(pub_key, secret)
+
+nonce1 = random.randrange(1, 2**127)
+nonce2 = nonce1
+
+# randomly generate hash value
+hash1 = random.randrange(1, order)
+hash2 = random.randrange(1, order)
+
+sig1 = priv_key.sign(hash1, nonce1)
+sig2 = priv_key.sign(hash2, nonce2)
+
+assert pub_key.verifies(hash1, sig1)
+
+s1 = sig1.s
+s2 = sig2.s
+
+print("nonce: " + str(nonce2))
+print("r1: " + str(sig1.r))
+print("r2: " + str(sig2.r))
+print("s1: " + str(s1))
+print("s2: " + str(s2))
+print("")
+print("hashes:")
+print(hash1)
+print(hash2)
+print("")
+print("order: " + str(order))
+print("")
+
+aes_key = secret.to_bytes(64, byteorder='little')[0:16]
+
+ptxt =  pad("flag{example}")
+IV = b'\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
+cipher = AES.new(aes_key, AES.MODE_CBC, IV)
+ctxt = cipher.encrypt(ptxt.encode('utf-8'))
+
+print("Encrypted Flag:")
+print(binascii.hexlify(ctxt))
+
+
+import libnum
+
+# recover priv key
+h1 = hash1
+h2 = hash2
+r = sig1.r
+r_inv = libnum.invmod(r, order)
+h = (h1 - h2) % order
+
+for k_try in (s1 - s2, s1 + s2, -s1 - s2, -s1 + s2):
+  k = (h * libnum.invmod(k_try, order)) % order
+  try_private_key = (r_inv * ((k * s1) - h1)) % order
+  try_pub_key = ecdsa.ecdsa.Public_key(gen, gen * try_private_key)
+  if try_pub_key.verifies(h1, ecdsa.ecdsa.Signature(r, s1)):
+    break
+
+try_aes_key = try_private_key.to_bytes(64, byteorder='little')[0:16]
+IV = b'\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
+try_cipher = AES.new(try_aes_key, AES.MODE_CBC, IV)
+print(try_cipher.decrypt(ctxt))
diff --git a/2021/tenable/crypto/netrunner/decrypt.py b/2021/tenable/crypto/netrunner/decrypt.py
@@ -0,0 +1,70 @@
+import requests
+import re
+
+def encrypt(plaintext):
+  netrunner = 'http://167.71.246.232:8080/crypto.php'
+  r = requests.post(netrunner, data={'do_encrypt': 'true', 'text_to_encrypt': plaintext})
+  m = re.search('<b>([^\<]+)', r.text)
+  return m.group(1)
+
+# noPadding = encrypt("")
+# print(len(noPadding.decode('base64')))
+# padding = encrypt("A"*5)
+# print(len(padding.decode('base64')))
+# possible flag length: 48 - 16 - 5 = 27 ?!
+
+alphabet = '_}abcdefghijklmnopqrstuvwxyz1234567890 ABCDEFGHIJKLMOPQRSTUVWXYZ'
+def decrypt1():
+  knownPlaintext = 'flag{'
+  while True:
+    found = False
+
+    for c in alphabet:
+      testPlaintext = knownPlaintext + c
+      multiplier = 16 - len(testPlaintext)
+      payload = 'A' * multiplier + testPlaintext + 'A' * multiplier
+      encryptedPayload = encrypt(payload).decode('base64')
+      if encryptedPayload[:16] == encryptedPayload[16:32]:
+        found = True
+        knownPlaintext += c
+        break
+
+    if not found:
+      raise Exception("bad alphabet")
+
+
+    print(knownPlaintext)
+    if len(knownPlaintext) >= 16:
+      break
+
+# run this first
+# decrypt1() # flag{b4d_bl0cks_
+
+def decrypt2():
+  # found with decrypt1()
+  knownPlaintext = 'flag{b4d_bl0cks_'
+  subs = 1
+
+  while True:
+    found = False
+    for c in alphabet:
+      testPlaintext = knownPlaintext[1:] + c
+      multiplier = 16 - subs
+      payload = testPlaintext + 'A' * multiplier
+      encryptedPayload = encrypt(payload).decode('base64')
+      if encryptedPayload[:16] == encryptedPayload[32:48]:
+        found = True
+        knownPlaintext = knownPlaintext[1:] + c
+        break
+
+    if not found:
+      raise Exception("bad alphabet")
+
+    print(knownPlaintext)
+    if c == '}':
+      break
+    subs += 1
+
+decrypt2() # l0cks_for_g0nks}
+
+# flag = flag{b4d_bl0cks_for_g0nks}
diff --git a/2021/tenable/crypto/netrunner/encrypt.php b/2021/tenable/crypto/netrunner/encrypt.php
@@ -0,0 +1,33 @@
+<html>
+<body>
+  <h1>Netrunner Encryption Tool</h1>
+  <a href="netrun.txt">Source Code</a>
+  <form method=post action="crypto.php">
+  <input type=text name="text_to_encrypt">
+  <input type="submit" name="do_encrypt" value="Encrypt">
+  </form>
+
+<?php
+
+function pad_data($data)
+{
+  $flag = "flag{wouldnt_y0u_lik3_to_know}"; 
+
+  $pad_len = (16 - (strlen($data.$flag) % 16));
+  return $data . $flag . str_repeat(chr($pad_len), $pad_len);
+}
+
+if(isset($_POST["do_encrypt"]))
+{
+  $cipher = "aes-128-ecb";
+  $iv  = hex2bin('00000000000000000000000000000000');
+  $key = hex2bin('74657374696E676B6579313233343536');
+  echo "</br><br><h2>Encrypted Data:</h2>";
+  $ciphertext = openssl_encrypt(pad_data($_POST['text_to_encrypt']), $cipher, $key, 0, $iv); 
+
+  echo "<br/>";
+  echo "<b>$ciphertext</b>";
+}
+?>
+</body>
+</html>
-Original file line number
+Diff line change
@@ Expand Up / @@ -27,3 +27,4 @@ Vagrantfile @@
     *.deb
     *.xz
     *.out
+    ubuntu-xenial-*