Weak RSA

Zip Password:

hackthebox

SHA256 HASH for File-->

1cbf890e7a0fe8b404597b565da96c388e5653937631e2dc8710ede9d15bdb7d

Download and extract files from zip.
- Use the password given to unzip.

We get two files.
- A ENC and a PUB file.
Let's check out the PUB file.

cat [Path to key.pub]

Looks like a simple public RSA key.
Now let's check out the ENC file.

cat flag.enc

Looks like we get a bunch of gibberish which makes sense seeing as a .enc file means it was encrypted with some form of software.
- We'll have to try to figure out how to decrypt the file to see it.
I'm going to use the openssl tool on kali to try to decrypt it.

openssl enc -aes-256-cbc -d in [Path to flag.enc] -out flag.decrypted

It asks me for a password so try giving it "password".
Hededitor

As you can see the first four sets of hexadecimal are:

01 A2 5F EF

Unfortunately, doing a quick Google search shows that these are not associated with any well-known set of magic numbers which would make sense if the whole file is encrypted.
Based on the fact that we were given a public key tells me that this is an asymmetric algorithm. This means that the using openssl above was most likely not going to work since it was using AES256 which is a symmetric algorithm.

git clone https://github.com/RsaCtfTool/RsaCtfTool.git
sudo apt-get install libgmp3-dev libmpc-dev
cd RsaCtfTool
pip3 install -r "requirements.txt"
./RsaCtfTool.py

Use command below to create RSA private key:

./RsaCtfTool.py --publickey [Path to public key] --private

Create key.priv and copy over created private key.
Then we need to run openssl to decrypt the file with the new private key.

openssl pkeyutl -decrypt -in [Path to encrypted file] -out myfile_decrypted.txt -inkey key.priv

We can then cat the myfile_decrypted.txt for the flag.

cat myfile_decrypted.txt

The final decrypted key is:

HTB{s1mpl3_Wi3n3rs_4tt4ck}

PreviousFind the easy Pass NextJerry (Windows)

Last updated 2 years ago