Monday, March 17, 2014

RuCTF 2014 crypto 100

[RuCTF 2014 with Segfault]

The questions stated :-
Server (python27.quals.ructf.org:12337) accepts only authorized messages.
It works like this:------------------------------- buf = c.recv(4096) digest, msg = buf.split(" ", 1) if (digest == md5(password+msg).hexdigest()): #here I send a secret else: c.send("Wrong signature\n")-------------------------------

You have intercepted one authorized message: "b34c39b9e83f0e965cf392831b3d71b8 do test connection". Construct your own authorized message! Answer starts with 'RUCTF_'

It seemed pretty obvious that it was a hash length extension attack. I did not have any library to automate the attack so I ended up writing a bit of python to wrap around hash extender, a nice C library for performing hash length extension attacks.

We do not know the length of the length of the padding required and need to bruteforce that.

The solution for the same can be found here.

No comments:

Post a Comment