Pragyan 2016 - Crack This - Forensics Challenge

Reading time ~1 minute

cracktitle

Another puzzle we solved late into the piece. We had a TGZ file containig two things a PCAP file and a Clue.txt.

The PCAP file contained a single packet with the following data inside:

root@kali:~/pragyan/forensics/crack-this# tcpdump -r problem.pcap -A
reading from file problem.pcap, link-type EN10MB (Ethernet)
05:59:54.303760 IP localhost.32769 > localhost.9600: UDP, length 20
E..0..@.@.<...........%.....rukgzuzfiuypreymqcja

The Clue.txt had just the following seemingly redundant information:

root@kali:~/pragyan/forensics/crack-this# cat Clue.txt 
IP - 127.0.0.1
Port - 32769

We analysed the cipher with Crypto Crack tool and it gave us these suggested ciphers to try:

IC: 32,  Max IC: 125,  Max Kappa: 188
Digraphic IC: 0,  Even Digraphic IC: 0
3-char repeats: 0,  Odd spaced repeats: 50
Avg digraph: 375,  Avg digraph discrep.: 110
Most likely cipher type has the lowest score.

Running Key............14
6x6 Bifid..............22
Period 7 Vigenere......24
Beaufort...............25
Patristocrat...........25
Porta..................25

Porta stood out since the “Clue.txt” specifically says “Port” but nonetheless i tried all of them. Eventually trying a dictionary attack using each and stumbling upon a partial decryption using the key “local”:

  • maythcftvcgidrgrjqws

Given the other Star Wars related flags so far my eyes were quick to spot this. I checked the key and put 2 + 2 together. The clue with the 127.0.0.1 address, 127.0.0.1 -> “localhost”.

I tried a decryption using Porta, with key = localhost and got the flag:

  • maytheforcebewithyou

crackthis

RITSEC CTF 2018: Cictrohash

I didn't plan to play this CTF but when I saw this challenge I was a bit hooked. So I ended up competing in it.> See the attached PDF for...… Continue reading

Square CTF 2018: Dot-n-dash

Published on November 15, 2018