Encrypted Files¶

Many times during the challenges, we do find encrypted files encrypted by Symmetric key encryption or RSA Public-Private Key encryption

Symmetric Key

If we have the encrypted file and the key to it. However, we don’t know the encryption scheme such as aes-128-cbc, des-cbc.

We can use the code written by superkojiman inDe-ICE Hacking Challenge Part-1, it would tell you what encryption scheme is used and then we can run the command to retrieve the plaintext.

ciphers=`openssl list-cipher-commands`
for i in $ciphers; do
 openssl enc -d -${i} -in 
<
encrypted-file
>
 -k 
<
password/ keyfile
>
>
 /dev
ull 2
>
&
1
 if [[ $? -eq 0 ]]; then
  echo "Cipher is $i: openssl enc -d -${i} -in 
<
encrypted-file
>
 -k 
<
password/ keyfile
>
 -out foo.txt"
  exit
 fi
done

RSA Public-Private Key encryption

If we have found a weak RSA public, we can useRsaCtfTooluncipher data from weak public key and try to recover private key and then use

openssl rsautl -decrypt -inkey privatekey.pem -in 
<
encryptedfile
>
 -out key.bin

The ciphertext should be in binary format for RsaCtfTool to work. If you have your ciphertext in hex, for example

5e14f2c53cbc04b82a35414dc670a8a474ee0021349f280bfef215e23d40601a

Convert it in to binary using

xxd -r -p ciphertext 
>
 ciphertext3

RSA given q, p and e?

Taken fromRSA Given q,p and e

def egcd(a, b):
   x,y, u,v = 0,1, 1,0
   while a != 0:
       q, r = b//a, b%a
       m, n = x-u*q, y-v*q
       b,a, x,y, u,v = a,r, u,v, m,n
       gcd = b
   return gcd, x, y

def main():

   p = 1090660992520643446103273789680343
   q = 1162435056374824133712043309728653
   e = 65537
   ct = 299604539773691895576847697095098784338054746292313044353582078965

   # compute n
   n = p * q

   # Compute phi(n)
   phi = (p - 1) * (q - 1)

   # Compute modular inverse of e
   gcd, a, b = egcd(e, phi)
   d = a

   print( "n:  " + str(d) );

   # Decrypt ciphertext
   pt = pow(ct, d, n)
   print( "pt: " + str(pt) )

if __name__ == "__main__":
   main()

SECCURE Elliptic Curve Crypto Utility for Reliable Encryption

If you see, something like this

'\x00\x146\x17\xe9\xc1\x1a\x7fkX\xec\xa0n,h\xb4\xd0\x98\xeaO[\xf8\xfa\x85\xaa\xb37!\xf0j\x0e\xd4\xd0\x8b\xfe}\x8a\xd2+\xf2\xceu\x07\x90K2E\x12\x1d\xf1\xd8\x8f\xc6\x91\t
<
w\x99\x1b9\x98'

it’s probablySECCURE Elliptic Curve Crypto Utility for Reliable EncryptionUtilize python moduleseccureto get the plaintext.

References:

http://bitvijays.github.io/LFC-VulnerableMachines.html\#rsa-public-private-key-encryption