Pragyan 2016 - Crack This - Forensics Challenge

Reading time ~1 minute

cracktitle

Another puzzle we solved late into the piece. We had a TGZ file containig two things a PCAP file and a Clue.txt.

The PCAP file contained a single packet with the following data inside:

root@kali:~/pragyan/forensics/crack-this# tcpdump -r problem.pcap -A
reading from file problem.pcap, link-type EN10MB (Ethernet)
05:59:54.303760 IP localhost.32769 > localhost.9600: UDP, length 20
E..0..@.@.<...........%.....rukgzuzfiuypreymqcja

The Clue.txt had just the following seemingly redundant information:

root@kali:~/pragyan/forensics/crack-this# cat Clue.txt 
IP - 127.0.0.1
Port - 32769

We analysed the cipher with Crypto Crack tool and it gave us these suggested ciphers to try:

IC: 32,  Max IC: 125,  Max Kappa: 188
Digraphic IC: 0,  Even Digraphic IC: 0
3-char repeats: 0,  Odd spaced repeats: 50
Avg digraph: 375,  Avg digraph discrep.: 110
Most likely cipher type has the lowest score.

Running Key............14
6x6 Bifid..............22
Period 7 Vigenere......24
Beaufort...............25
Patristocrat...........25
Porta..................25

Porta stood out since the “Clue.txt” specifically says “Port” but nonetheless i tried all of them. Eventually trying a dictionary attack using each and stumbling upon a partial decryption using the key “local”:

  • maythcftvcgidrgrjqws

Given the other Star Wars related flags so far my eyes were quick to spot this. I checked the key and put 2 + 2 together. The clue with the 127.0.0.1 address, 127.0.0.1 -> “localhost”.

I tried a decryption using Porta, with key = localhost and got the flag:

  • maytheforcebewithyou

crackthis

niteCTF - CBC-Jail

A unique combination of Python jailbreak and crypto flaw that had me learning a lot about AES-CBC mode. Super fun for me to get this solu...… Continue reading

niteCTF - Rabin to the Rescue

Published on December 12, 2021

HTB CyberSanta 2021 - Crypto Writeups

Published on December 04, 2021