🚩 Can you recover the private key we used to download the flag over a TLS encrypted connection?
문제 파일을 다운 받고 패킷을 보면
Server Hello, Certificate, Server Hello Done
서버가 자신의 상태, 인증서, 핸드쉐이크 전송이 끝났다는 것을 알린다.
TLS Layer에 Certificate를 Export Packet Byte한다.
┌──(kali㉿kali)-[~/RsaCtfTool]
└─$ cat key.pub
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVzrM58EOtSsBE5WgLJiNjPa/h
ZtArVRS0PjS01u6DyAlvAWwmSEbhQNiwC74V9TANRDCdKShcsf58Ij0BGeE0ybsp
2sqbDRUkuJ5siVCNh6OdhMnHLySTcU+3jKWsPNNz8U2BaETEVafB9yggAgjWqEbl
xXq0q3uc464SDnWZawIDAQAB
-----END PUBLIC KEY-----
┌──(kali㉿kali)-[~/RsaCtfTool]
└─$ ./RsaCtfTool.py --publickey key.pub --private --attack factordb --output private.key
['key.pub']
[*] Testing key key.pub.
[*] Performing factordb attack on key.pub.
[*] Attack success with factordb method !
Results for key.pub:
Private key :
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDVzrM58EOtSsBE5WgLJiNjPa/hZtArVRS0PjS01u6DyAlvAWwm
SEbhQNiwC74V9TANRDCdKShcsf58Ij0BGeE0ybsp2sqbDRUkuJ5siVCNh6OdhMnH
LySTcU+3jKWsPNNz8U2BaETEVafB9yggAgjWqEblxXq0q3uc464SDnWZawIDAQAB
AoGAcWubbCrm2/EBmgrQbMmokCbTPJFb8QDLYOp270/ta38ccgShKJXC9A+AY7N2
/RL6kK8R0u1YegP6akOHdSQTcQKeEvncA9Sc7mamTG4mbcqCO7riHndXeW6mhxEp
0wABlSn+9VMwOJcMe8kyOg/ZIbJHR1cSs2rD5Nv3vAY440ECQQDafI8t7ASCM1LO
CyFYD9ZLPvYEekZrlQ2jlwmf6o2OcW3X3auIvpvMhYsubkPLSOeo1o2Yqf7LshFZ
eFy1jOlxAkEA+oR45FbDTt0k4HPnB9G/fanH/txuRU5k339KTHM4pWyxOwc/wml8
h4F6HlHGZw9yvEbCExY7sBsxy1uZ4bdimwJBALC3rtdl3v+wo3kkZ4Piy2FxO2vD
utGpba6zq4U9IeHkvQOst+GSylFScpDLfuodvcJCR6UDWqNHE+FaCSKPJwECQQCJ
KAgsM9iAkBEFlk9R96NYwKDPx43UAiS2PLHIA3lrEIREJibhYPGeGuRqPylZ+Zo+
vJq66nxJYco0ZXVtoAKrAkAqu3uAozPc9JEr7YDanpA4H/L8KfBcMDvIoOuj2nFF
8a+pnOBCMGI75P42i23eby9Mf0EaC0NGB16b0YqY/d9d
-----END RSA PRIVATE KEY-----
┌──(kali㉿kali)-[~/RsaCtfTool]
└─$ tshark -r multiplication_tables.pcap -o "tls.keys_list: 192.168.10.111,8443,http,private.key" -z "follow,ssl,ascii,1"
1 0.000000 192.168.10.111 → 192.168.10.159 TCP 66 17865 → 8443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
2 0.000051 192.168.10.159 → 192.168.10.111 TCP 66 8443 → 17865 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM WS=128
3 0.000319 192.168.10.111 → 192.168.10.159 TCP 60 17865 → 8443 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
4 0.000620 192.168.10.111 → 192.168.10.159 TLSv1 571 Client Hello
5 0.000640 192.168.10.159 → 192.168.10.111 TCP 54 8443 → 17865 [ACK] Seq=1 Ack=518 Win=30336 Len=0
6 0.000815 192.168.10.159 → 192.168.10.111 TLSv1.2 756 Server Hello, Certificate, Server Hello Done
7 0.001210 192.168.10.111 → 192.168.10.159 TLSv1.2 61 Alert (Level: Fatal, Description: Certificate Unknown)
8 0.001328 192.168.10.111 → 192.168.10.159 TCP 60 17865 → 8443 [FIN, ACK] Seq=525 Ack=703 Win=1050368 Len=0
9 0.001398 192.168.10.159 → 192.168.10.111 TCP 54 8443 → 17865 [FIN, ACK] Seq=703 Ack=526 Win=30336 Len=0
10 0.001542 192.168.10.111 → 192.168.10.159 TCP 60 17865 → 8443 [ACK] Seq=526 Ack=704 Win=1050368 Len=0
11 0.006428 192.168.10.111 → 192.168.10.159 TCP 66 17866 → 8443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
12 0.006479 192.168.10.159 → 192.168.10.111 TCP 66 8443 → 17866 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM WS=128
13 0.006706 192.168.10.111 → 192.168.10.159 TCP 60 17866 → 8443 [ACK] Seq=1 Ack=1 Win=1051136 Len=0
14 0.007056 192.168.10.111 → 192.168.10.159 TLSv1 571 Client Hello
15 0.007081 192.168.10.159 → 192.168.10.111 TCP 54 8443 → 17866 [ACK] Seq=1 Ack=518 Win=30336 Len=0
16 0.007274 192.168.10.159 → 192.168.10.111 TLSv1.2 756 Server Hello, Certificate, Server Hello Done
17 0.007777 192.168.10.111 → 192.168.10.159 TLSv1.2 244 Client Key Exchange, Change Cipher Spec, Finished
18 0.008344 192.168.10.159 → 192.168.10.111 TLSv1.2 280 New Session Ticket, Change Cipher Spec, Finished
19 0.008984 192.168.10.111 → 192.168.10.159 HTTP 654 GET /flag.txt HTTP/1.1
20 0.009527 192.168.10.159 → 192.168.10.111 TLSv1.2 100 [TLS segment of a reassembled PDU]
21 0.010039 192.168.10.159 → 192.168.10.111 HTTP 446 HTTP/1.0 200 OK (text/plain)
22 0.010293 192.168.10.111 → 192.168.10.159 TCP 60 17866 → 8443 [ACK] Seq=1308 Ack=1368 Win=1049600 Len=0
23 0.012247 192.168.10.111 → 192.168.10.159 TCP 60 17866 → 8443 [FIN, ACK] Seq=1308 Ack=1368 Win=1049600 Len=0
24 0.012278 192.168.10.159 → 192.168.10.111 TCP 54 8443 → 17866 [ACK] Seq=1368 Ack=1309 Win=32640 Len=0
===================================================================
Follow: tls,ascii
Filter: tcp.stream eq 1
Node 0: 192.168.10.111:17866
Node 1: :0
571
GET /flag.txt HTTP/1.1
Host: 192.168.10.159:8443
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Accept-Language: en-AU,en;q=0.9,nl-NL;q=0.8,nl;q=0.7,en-GB;q=0.6,en-US;q=0.5
17
HTTP/1.0 200 OK
17
Server: 247CTF
37
Date: Fri, 04 Oct 2019 23:16:55 GMT
26
Content-type: text/plain
20
Content-Length: 41
46
Last-Modified: Fri, 04 Oct 2019 11:33:30 GMT
2
41
247CTF{xxx}
===================================================================
1. DER 파일(인증서)에서 공개키를 추출한다.
2. 공개키를 기반으로 개인키를 찾아낸다.
3. 찾은 개인키로 TLS세션을 디코딩한다.
리눅스에서 폴더 내 권한을 잘 설정하자. 폴더 내 권한이 없는채로 비밀키를 만들면 안 만들어진다.
그리고 너무 초보적인 실수를 해서 시간을 날렸는데 와이어샤크에서 패킷을 클릭하자마자 보이는 바로 아래 UI에서 export packet 해야한다. 더블 클릭해서 들어간 UI에서 export가 어디있나 한참을 찾았다.
BoB 13th 최강포린이👮