

Automne's Shadow.

SECCONCTF 2017 Very Smooth WriteUp

Automne's Shadow.

SECCONCTF 2017 Very Smooth WriteUp

primefac rsatool ssl

 2019/04/27   Share

• 
• 
• 
• 
• 

Crypto

题目给了流量包：s.pcap

wireshark打开后发现以https流量为主，将ssl的证书导出为smooth.der

导出后使用openssl查看其公钥(N,e)

openssl x509 -inform DER -in smooth.der -text

如下图所示：

将Modulus，即N的值保存为modulus.txt，接着进行处理：

cat modulus.txt | sed -e s/://g | tr -d '\n'

处理后得到N：

00d546aa825cf61de97765f464fbfe4889ad8bf2f25a2175d02c8b6f2ac0c5c27b67035aec192b3741dd1f4d127531b07ab012eb86241c09c081499e69ef5aeac78dc6230d475da7ee17f02f63b6f09a2d381df9b6928e8d9e0747feba248bffdff89cdfaf4771658919b6981c9e1428e9a53425ca2a310aa6d760833118ee0d71

将其转换为整数：

149767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897

直接使用yafu去分解好像不可行，这里介绍了一个新工具：primefac

使用 pip install primefac 即可安装

直接分解：

python -m primefac 149767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897

149767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897: 11807485231629132025602991324007150366908229752508016230400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 12684117323636134264468162714319298445454220244413621344524758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897

分解成功之后，也就意味着私钥是可以求出来的，但是这里因为要生成一个私钥文件，所以使用
rsatool来做处理。

使用 git clone https://github.com/ius/rsatool.git进行安装

接下来使用rsatool生成私钥：

python rsatool.py -n 49767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897 -p 11807485231629132025602991324007150366908229752508016230400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 -q 12684117323636134264468162714319298445454220244413621344524758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897 -e 65537 -v DER -o privkey.cert

私钥内容如下：

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDVRqqCXPYd6Xdl9GT7/kiJrYvy8lohddAsi28qwMXCe2cDWuwZKzdB3R9NEnUx
sHqwEuuGJBwJwIFJnmnvWurHjcYjDUddp+4X8C9jtvCaLTgd+baSjo2eB0f+uiSL/9/4nN+vR3Fl
iRm2mByeFCjppTQlyioxCqbXYIMxGO4NcQIDAQABAoGAPQ26uBD2n79636Pj2MOFbmxQ+N5p8NQy
IN5Vl46RzkfXSH2Zwua9LcyoLj8Pb4cOyCLSa5cgs6X5HOMNfmivdqUALjAm67P5h8aSDlpViYVR
R4drg+LcWgfYZyVjpjGFX2d3ebo7rpC//wAA//8AAP//AAD//wAA//8AAP//AAECQQDhcckcnndf
BoAtg8vyFkOhN7V2pYLh/uW74VZrpcUyQAcX36ohIiKcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
AkEA8i6si1r5GmXwNUQbk9ciJpsbgHkyvMdO/ahcHSuPNbeefWo4E/b3GxW2mByeFCjppTQlyiox
CqbXYIMxGO4NcQJBAIMVQBSN52avRvQv//OhEm25EKAOGI4DQdz+Zttspb5UEEvHVwqw6GLn/wAA
//8AAP//AAD//wAA//8AAP//AAECQQCLpbo8yQJm5Gz0agd04lKA7GOZW0mUbWDxB0nGUD3N/clY
DA22BWxLo+OcJrRIb6b6ae14e4e32qjKsBt5gpshAkBes+o6cqWQ+cjzIajq0+Buo0xj58wJk6Hl
mhlfXHqXiraaWHqSC6BFRNaEnOokajrgRxHAliX1/ONrPe+djahQ
-----END RSA PRIVATE KEY-----

私钥有了之后，打开wireshark，Edit >> Preference >> Protocol >> SSL里加载私钥文件，就能够还原SSL流量了

从还原的流量里读到了flag：

Answer: One of these primes is very smooth.

原文作者: Automne

原文链接: https://ce-automne.github.io/2019/04/27/SECCON-CTF-2017-VerySmooth-WriteUp/

发表日期: April 27th 2019, 10:59:00 pm

版权声明: 本文采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可

• Next Post
  UUTCTF 2019 Solve the Crypto WriteUp
• Previous Post
  Plaid CTF 2019 Project Eulernt WriteUp

Powered by Hexotheme Archer

本站总访问量PV: 次 :)

CATALOG



• Archive
• Tag
• Cate

Total : 62

2021

• 01/23拿到CAS单点登录的ticket真的就可以为所欲为了吗

2020

• 08/23Shiro 1.2.4反序列化漏洞分析和利用
• 07/19TSG CTF 2020 Beginner's Crypto WriteUp
• 07/18Tomcat Session反序列化漏洞CVE-2020-9484分析
• 06/11Paillier Cryptosystem对应的问题解析
• 02/16RSA LSB Oracle攻击原理分析
• 02/11Log4j反序列化漏洞分析
• 02/08Java SPI机制与SnakeYaml反序列化漏洞
• 02/04WebGoat8.0 SQL Injection问题分析
• 01/28WebGoat8.0 Insecure Deserialization问题分析
• 01/26LCG和模p平方根结合的题目
• 01/18IDEA Community 创建Java Servlet项目

2019

• 12/26FastJson 1.2.47 Deserialization Debug
• 12/22watevr CTF 2019 Crypto WriteUp
• 12/22UTC CTF 2019 Crypto WriteUp
• 12/10FastJson 1.2.24 Deserialization Debug
• 12/07RMI && Fastjson 1.2.47 RCE Review
• 11/23Weblogic CVE-2019-2647 XXE Vulnerability Review
• 11/16Apache Commons Collections Deserialization Review
• 11/09RedPwnCTF 2019 blueprint WriteUp
• 07/25HWCTF Mobile WriteUp
• 07/20CBC MAC Forgery Conclusion
• 07/14XMAN CTF Crypto WriteUp
• 07/14CBC Bit-Flipping Attack Conclusion Part2
• 07/05ISITDTU CTF 2019 WriteUp Part2
• 07/02ISITDTU CTF 2019 WriteUp
• 07/01RCTF 2019 BabyCrypto WriteUp
• 06/26Hash Length Extension Attack Conclusion
• 06/23CBC Padding Oracle Attack Conclusion
• 06/15HSCTF 2019 UnSolved WriteUp
• 06/06HSCTF 2019 SuperSecureSystem WriteUp
• 05/23CBC Bit-Flipping Attack Conclusion
• 05/19LFSR in Crypto Conclusion
• 05/18CSAW CTF 2017 BabyCrypt WriteUp
• 05/18CTF 313 2019 Angle of Approach WriteUp
• 05/05UUTCTF 2019 Solve the Crypto WriteUp
• 04/27SECCONCTF 2017 Very Smooth WriteUp
• 04/27Plaid CTF 2019 Project Eulernt WriteUp
• 04/25TG:HACK CTF 2019 UnSolved WriteUp
• 04/23ASIS CTF 2019 A delicious soup WriteUp
• 04/21TG:HACK CTF 2019 Solved WriteUp
• 04/19RadarCTF 2019 Crypto WriteUp
• 04/18HackZone CTF 2019 MeSS WriteUp
• 04/110CTF 2019 zer0lfsr WriteUp
• 04/110CTF 2019 babyrsa WriteUp
• 03/27CONFidence CTF 2019 The Lottery WriteUp
• 03/21MySQL Blind Injection Scripts
• 03/14TAMU CTF 2019 LocalNews WriteUp
• 03/12BSidesSF CTF 2019 GoodLuks WriteUp
• 03/10BSidesSF CTF 2019 WeatherCompanion WriteUp
• 03/07BSidesSF CTF 2019 Sequel WriteUp
• 03/05BSidesSF CTF 2017 FlagStore WriteUp
• 03/03BSidesSF CTF 2017 Pinlock WriteUp
• 02/24BSidesSF CTF 2018 PasswordVault WriteUp

2018

• 12/23XMAS CTF 2018 ChristmasGame WriteUp
• 12/14OtterCTF 2018 Forensics WriteUp Part 2
• 12/13OtterCTF 2018 Forensics WriteUp Part 1
• 09/24CSAW CTF 2018 No Vulnerable Services WriteUp
• 09/19CSAW CTF 2018 SSO WriteUp
• 08/23WhiteHat Grand Prix 2018 Misc02 WriteUp
• 08/05CTFZone 2018 Never ever be fooled to pay the ransomware! WriteUp

2017

• 01/24SQL Injections with SQLi Labs WriteUp I

lfsr z3 python reverse fat git broadcastreceiver sha-1 cbc sqli sqlite golang race condition luks hashcat photorec MAC sso oauth 2.0 padding oracle csp xss abe vdex ransomware frida ndk pwntools hashpumpy sourceleakhacker ecb socat fastjson JdbcRowsetImpl idea servlet volatility inet_aton boneh durfee lcg rabin egcd cipolla's algorithm spi snakeyaml ScriptEngineManager malware codereflect mysql yara plugin deserialization log4j rsa binary javascript prototype pollution nodejs shiro ysoserial primefac rsatool ssl AES tshark gmpy2 RsaCtfTool Hex flask ssti ecc Modular operation WebGoat8 order by tomcat nim game .iso gpg outguess sage google cloud sdk zsteg base58 fermat multi-primes prng rmi jndi Paillier Cryptosystem rsa lsb oracle SQL Injection ping delay xor CAS 单点登录 渗透测试 weblogic xxe reflect 010 editor gcd



缺失模块。
1、请确保node版本大于6.2
2、在博客根目录（注意不是archer根目录）执行以下命令：
npm i hexo-generator-json-content --save
3、在根目录_config.yml里添加配置：

jsonContent:
  meta: false
  pages: false
  posts:
    title: true
    date: true
    path: true
    text: false
    raw: false
    content: false
    slug: false
    updated: false
    comments: false
    link: false
    permalink: false
    excerpt: false
    categories: true
    tags: true

Crypto Android Web Forensics Misc

