ReadEasy

21 7月, 2012

hitcon 2012 wargame forensics 2

先感謝 RSG 大大今年一樣幫忙mirror了 wargame懶人包 <( _ _ )>

forensics 2
Decrypt this packet
2012.pcap



丟進wireshark的一瞬間 , WTF...





0000   00 0c 29 03 c1 47 00 0c 29 60 fd f2 08 00 45 00  ..)..G..)`....E.
0010   00 53 73 5d 40 00 40 06 02 82 c0 a8 21 cf c0 a8  .Ss]@.@.....!...
0020   21 a6 07 dc a4 84 85 db 7c 71 48 39 3b 19 80 18  !.......|qH9;...
0030   00 5b 24 91 00 00 01 01 08 0a 00 0d 0f 2c 0a 28  .[$..........,.(
0040   19 e1 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53  ..SSH-2.0-OpenSS
0050   48 5f 34 2e 33 70 32 20 44 65 62 69 61 6e 2d 39  H_4.3p2 Debian-9
0060   0a                                               .

0000   00 0c 29 60 fd f2 00 0c 29 03 c1 47 08 00 45 00  ..)`....)..G..E.
0010   00 5d 22 fc 40 00 40 06 52 d9 c0 a8 21 a6 c0 a8  .]".@.@.R...!...
0020   21 cf a4 84 07 dc 48 39 3b 19 85 db 7c 90 80 18  !.....H9;...|...
0030   00 b7 74 4d 00 00 01 01 08 0a 0a 28 19 e2 00 0d  ..tM.......(....
0040   0f 2c 53 53 48 2d 32 2e 30 2d 4f 70 65 6e 53 53  .,SSH-2.0-OpenSS
0050   48 5f 35 2e 35 70 31 20 44 65 62 69 61 6e 2d 36  H_5.5p1 Debian-6
0060   2b 73 71 75 65 65 7a 65 31 0d 0a                 +squeeze1..


一看就知道是ssh連線的packet O____O




but!!!!!


題目也沒給其他資訊這是要怎麼decrypt...












BUT !!!!hitcon每年最機車的就是這個but!!!













提示一不知何時悄悄打開...


OpenSSL predictable key




沒注意到debian當初為了一些問題對OpenSSL mand.c動過手腳

wiki說 :


Therefore any key generated can be predictable, with only 32,767 possible keys for a given architecture and key length

每種組合都撞過一遍key總該會出來吧 ,




But !!!!



就挖到了這個

剛好可以decrypt pcap . XD




len@len-laptop:~/hitcon2012/f2$ tcpick -wRC -wRS -r 2012.pcap 
Starting tcpick 0.2.1 at 2012-07-22 01:03 CST
Timeout for connections is 600
tcpick: reading from 2012.pcap
1      SYN-SENT       192.168.33.166:42116 > 192.168.33.207:2012
1      SYN-RECEIVED   192.168.33.166:42116 > 192.168.33.207:2012
1      ESTABLISHED    192.168.33.166:42116 > 192.168.33.207:2012
1      FIN-WAIT-1     192.168.33.166:42116 > 192.168.33.207:2012
1      TIME-WAIT      192.168.33.166:42116 > 192.168.33.207:2012
1      CLOSED         192.168.33.166:42116 > 192.168.33.207:2012
tcpick: done reading from 2012.pcap

98 packets captured
1 tcp sessions detected
len@len-laptop:~/hitcon2012/f2$ l tcpick*
tcpick_192.168.33.166_192.168.33.207_2012.clnt.dat
tcpick_192.168.33.166_192.168.33.207_2012.serv.dat
len@len-laptop:~/hitcon2012/f2$ ruby ssh_decoder.rb tcpick*
 * read handshake
cipher: aes128-ctr, mac: hmac-md5, kex_hash: sha1, compr: none
 * bruteforce DH
DH shared secret : 00ba3804d18c9a8e1d0da4d4688d81be0bfc512de4f59b0e5b522f51c2c891b58316192572d1dbd1f90f7c4df6a1c2552e230d301eebfd9490f5f261c07467096f820f5b462ea5b16370d296f47aca8c096f06f74a8fa2dda0a73b0fc4e2af665ff12e4dd3143d0b2e280d17067dd6282c2e0b56e10df4e4e763013af87359f38e
 * derive keys
 * decipher streams
 * successful authentication packet
{:password=>"1986052o",
 :username=>"root",
 :nextservice=>"ssh-connection",
 :auth_method=>"password",
 :change=>0}
 * deciphered streams saved to "sshdecrypt.0.client.dat" & "sshdecrypt.0.server.dat"
本來以為這樣就結束了 ,很可惜他要的key不是ssh pw

看看decrypt後的內容有沒有什麼資訊


sshdecrypt.0.server.dat

^@^@^@^@^@?^@c^@^@^@^@]^@^@^@^@^@^B^@^@c^@^@^@^@^^@^@^@^@^@^@^A/Last login: Thu Jul 12 13:40:00 2012 from hitcon^M^M
  ___ ___ .__  __                       ^M  
 /   |   \|__|/  |_  ____  ____   ____  ^M  
/    ~    \  \   __\/ ___\/  _ \ /    \ ^M
\    Y    /  ||  | \  \__(  <_> )   |  \^M 
 \___|_  /|__||__|  \___  >____/|___|  /^M 
       \/               \/           \/ ^M
^^@^@^@^@^@^@^@
hitcon:~# ^^@^@^@^@^@^@^@^Ac^^@^@^@^@^@^@^@^Aa^^@^@^@^@^@^@^@^At^^@^@^@^@^@^@^@^A ^^@^@^@^@^@^@^@^Ak^^@^@^@^@^@^@^@^Ae^^@^@^@^@^@^@^@^Ay^^@^@^@^@^@^@^@^A.^^@^@^@^@^@^@^@^At^^@^@^@^@^@^@^@^Ax^^@^@^@^@^@^@^@^At^^@^@^@^@^@^@^@^B^M
^^@^@^@^@^@^@^@"79d6a36476f8479016d54009a88b01ba^M
^^@^@^@^@^@^@^@
hitcon:~# ^^@^@^@^@^@^@^@^Ae^^@^@^@^@^@^@^@^Ax^^@^@^@^@^@^@^@^Ai^^@^@^@^@^@^@^@^At^^@^@^@^@^@^@^@^B^M
b^@^@^@^@^@^@^@^Kexit-status^@^@^@^@^@^^@^@^@^@^@^@^@^Hlogout^M
`^@^@^@^@a^@^@^@^@


key get! : 79d6a36476f8479016d54009a88b01ba




Refernce:

後來提示二就直接提示說那是CVE-2008-0166. XD
http://sh0wrun.blogspot.tw/2008/08/debian-openssl-predictable-prng.html

沒有留言:

張貼留言