# NN2k16 CTF - chemical x (crypto) (80pts)


# wget 'https://challenges.ka0labs.org/download?file=moji.png

# r2 -w moji.png

[0x00000000]> px
- offset -   0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x00000000  4954 535f 415f 4b45 593f 000d 4948 4452  ITS_A_KEY?..IHDR

[0x00000000]> wx 8950 4e47 0d0a 1a0a 0000

# git clone https://github.com/cyberinc/cloacked-pixel.git

# python cloacked-pixel/lsb.py extract moji.png hide_info ITS_A_KEY?
[+] Image size: 589x385 pixels.
[+] Written extracted data to hide_info.

# cat hide_info
Well done! Next step:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCx5QBxa6pHCE8k9yteQH1EYY+J5HKTsmJXIklWW7oOSozg4kTdyQ8KS8cSsSwLFB7RWS9R09sBC3SuslFqoUNg9WF6HfggqwFcQrYr/Y219QrKUHdGc4Ww2VMMsu1Z7J/CdoCaVOtvzorrRn84D1Yup/O4mElJtFKPqVRexPH4nQ==nope@challenges.ka0labs.org

# mv hide_info rsa.pub

# git clone https://github.com/nccgroup/featherduster.git
# apt-get install libncurses-dev
# apt-get install libgmp3-dev
# apt-get install python-gmpy

# ssh-keygen -f rsa.pub -e -m pem | tee rsa.pem
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALHlAHFrqkcITyT3K15AfURhj4nkcpOyYlciSVZbug5KjODiRN3JDwpL
xxKxLAsUHtFZL1HT2wELdK6yUWqhQ2D1YXod+CCrAVxCtiv9jbX1CspQd0ZzhbDZ
Uwyy7Vnsn8J2gJpU62/OiutGfzgPVi6n87iYSUm0Uo+pVF7E8fidAgMBAAE=
-----END RSA PUBLIC KEY-----

# python featherduster/featherduster.py rsa.pem
FeatherDuster> autopwn
[+] Analyzing samples...
[+] At least one RSA key was discovered among the samples.
Running module: rsa_fermat
Starting factorization...

Modulus factored!
Found private key:
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCx5QBxa6pHCE8k9yteQH1EYY+J5HKTsmJXIklWW7oOSozg4kTd
yQ8KS8cSsSwLFB7RWS9R09sBC3SuslFqoUNg9WF6HfggqwFcQrYr/Y219QrKUHdG
c4Ww2VMMsu1Z7J/CdoCaVOtvzorrRn84D1Yup/O4mElJtFKPqVRexPH4nQIDAQAB
AoGADoDMA3Myo63ivfHEwF9jlxKZIDXWvYHakJ4D+p1p0sZzK9ZmpOpCZqV86mI1
ZAXU6V5rBDHQdgpYDfINvzK8imVLC6lujEY16RIxDMb8PWVP+TBvvGPZU4tfMJEe
FqjJpqsaWtH70dCMbhrA02/KDT6zV1hwcEdKIrUCI6u+T8ECQQDVZ0PHZbgn1kUy
so1Ylu7fj6L0j3dAVP68/rdC7b7EJDfdGJOPdQ5ev4ZiW5IcCJSVivw0ReTLawR8
PqbVwIgxAkEA1WdDx2W4J9ZFMrKNWJbu34+i9I93QFT+vP63Qu2+w3d+rj9aE3t4
FPzC41P7yAOfTmqN7OlXy2sEfD6m1cCILQJBAMasFaDMJS8JP3DcY9Tm50pAee/+
pIHC30lqRYjMt335TfzLRY0X6CHzYpOtNpBcuJ+kPfoYW9G5NvrIhR+Y1/ECQAzh
suGybi9Za8vno0iZs8mi7f89OcGUX9wgtAdCOqWp7Oevw0wxw8ngiBMY2rX0IgWl
wPNwEnChASBO19tHR/ECQQDStJZH+WDMfOGKwgdIlKXA6KCZSj7e0UkFhpC+B7ml
7N8tPh8OXEKApLBECKZfXI2h/t8mNRubT7oqAtNekotX
-----END RSA PRIVATE KEY-----

# chmod 400 rsa.priv
# ssh -i rsa.priv nope@challenges.ka0labs.org
=== Welcome to Barad-dur ===
The trees are strong, my lord. Their roots go deep...

nope:~$ more ../noruas/flag.txt
nn6ed{RSA_w0rks_Gr34t_1f_You_Us3_It_Pr0perly}

No comments: