bSidesLisbon 2019 — CTF quals Write-up

One more year, one more bSidesLisbon, and therefore, one more CTF to be qualified.

Being part of team Probely always makes me feel like the fat kid in the school’s football team. There’s a little difference this year, Bruno Barãowas not on vacation, so everything would be easier 😜

Let’s skip this one, it went offline after a few minutes… We will talk about it later…

Name the creator of the exploit used to hack into CityPower Grid Rerouting.

A quick search got us this famous image from Matrix Reloaded with Trinity hacking.

Searching for "sshnuke"we found the SSH CRC32and its creator.

Wake up … (neo)

We got an image file named “neo”…

We got nothing using binwalk, nothing with stegsolver … so let’s look deeper…

After patiently looking at the strings, we found the string “hacker.docx” inside… let’s extract this file.

Lot of spaces (0x20) before and after the “hacker.docx” block

Extracting that area, we got an unrecognized file, but the magic numbers looked familiar… like a zip file… humm… ahhh 💡 they almost fooled us, the magic numbers were switched, they should have been 50 4B 03 04.

unzip failed to extract it, but with 7z we got the “hacker.docx” and we saw a “vbaProject.bin” inside. Humm, a VBA macro…

And we got the flag in hex

We’ve captured some traffic to a highly secure Hardware Security Module. Can you extract the AES key from the module?

Opening the hsm “pcap” file, we saw this UDP communication.

Replaying the payload, we got the encrypted message:

After a few attempts, we discovered that if we send the encrypted base64 with “DEC” we got the decrypted message in base64.

While playing around, trying to get a buffer overflow using large payloads, but without success, we found that if we send the wrong payload to ENC and echo back the response to DEC, we get a dump from some part of the memory…

And decrypting it

A small bash script…

And we got the flag

We’ve been intercepting the cell phone from John McFlurry. Here’s a dump (pun intended) attached.

The attached file (SMS.DMB) had this content

Using an online SMS Deliver PDU Decoder we got the following conversation

Visiting the URL and trying to login with the credentials and the two-factor codes, the access was denied with “Invalid TOTP code”

Well, we tried some known vulnerabilities, but the sessionid was being renewed on every request, so it would be hard to automatize it. While brainstorming, Bruno Barão had the brilliant idea of trying to brute-force the base32 secret for the TOTP code, since we had two OTPs and their timestamps.

A few minutes later

We got the base32 secret

Going back to the web page and try to login with this TOTP code, we got in.

1:24 AM, and we were almost done… One challenge left…. Meanwhile, the first challenge was online again….

bSidesLisbon 2018 badge was cracked, at last!

Here’s the flag:

Keywords: mifare classic aes pbkdf2 cbc 256 openssl

We also got two files, hf-mf-CDEF213E-data.bin and peer.pub.pem, a RFID mifare classic dump and a public key.

Parsing the dump with mfdread and converting the HEX values we got the base64

Which gave us the following private key

So we created the shared secret using the given public key and the found private key

And try to decrypt the given flag

WTF… Why…?! And the funny^Wnot so funny party just started… 🤬

We spent the rest of the night and the next day around this… asking João Poupino (our cryptographic master) for help, brute-forcing with different digests and iterations… long story short… the given flag was encrypted with a shared secret created with a different version of openssl 🤯 and didn’t match.

The encrypted flag was changed in the challenge by the organization, and voila…

We didn’t finish the quals in the first position, that was for the “Dark night of the soul” team: congratulations to them. We’re looking forward to understand how they circumvented the problem with the badge’s challenge.

See you all in the bSidesLisbon on-site CTF.