Hack The Box Weak RSA Writeup

Hack The Box WeakRSA

Hello world and welcome to haxez, today I will attempt to solve the Weak RSA crypto challenge on Hack The Box. Please note that I got the solution from https://technicalciso.com/. I’m not even going to pretend to know the specifics behind how this all works. I know what encryption is. Furthermore, I know the various types of encryption including RSA. I also know how public and private key pairs work. However, I don’t know how you would break it. I’ve broken SSH keys before using John The Ripper but that’s about it.

Weak RSA Set Up

This challenge requires you to download some files and decrypt the flag so that it can be submitted to Hack The Box. First, we need to do is download the files and extract them. The password for the zip file is ‘hackthebox’. Next, looking at the files we notice that we have a flag.enc file and a key.pub file. I assume that the flag.enc was encrypted using the key.pub file.

└──╼ $unzip Weak\ RSA.zip 
Archive:  Weak RSA.zip
[Weak RSA.zip] flag.enc password: 
  inflating: flag.enc                
  inflating: key.pub          

└──╼ $ls -laSh
total 30K
drwxrwxrwx 1 root root 12K Mar 10 12:31  ..
-rwxrwxrwx 1 root root 826 Mar 10 12:34 'Weak RSA.zip'
-rwxrwxrwx 1 root root 447 May 15  2017  key.pub
-rwxrwxrwx 1 root root 129 Jul  3  2017  flag.enc
drwxrwxrwx 1 root root   0 Mar 10 12:35  . 

File Explanation

Previously, I mentioned public and private key pairs. This is the same type of cryptographic function when you SSH to a server with a private key. Your public key will be stored on the server and then you specify your private key. Next, the server does the maths and if it’s all good then you can access the server. The same theory can be applied to PGP. Someone encrypts a document to your public key which allows you to decrypt the document with your private key.

So, we have a flag.enc (enc probably means encrypted right?), and we have a key.pub. The key.pub is probably the public key used to encrypt the file. The problem is, RSA is an asymmetric cryptosystem. You can encrypt it with your public key but you can’t decrypt it with your public key. If you could, then it would be symmetric encryption where one key is used for both encrypting and decrypting. So, what do we do?

Cracking The Weak RSA Encryption

Turns out, there is a reason why it is a good idea to use long passwords. When it comes to encryption, size does matter. If something has been encrypted with a short encryption key, it may be possible to break it. Shorter likely means fewer sums to do right? That makes sense logically surely. I could be completely wrong, but this is my understanding of it. If the flag was encrypted using a short RSA private key then we might be able to deduce the private key from the public key and then decrypt the file. However, we need a tool.

git clone https://github.com/RsaCtfTool/RsaCtfTool.git
sudo apt-get install libgmp3-dev libmpc-dev
cd RsaCtfTool
pip3 install -r "requirements.txt"

Once installed, we can then point the tool to our public key and politely ask it to produce the private key.

└──╼ $./RsaCtfTool.py --publickey /mnt/hgfs/MOUNT/WeakRSA/key.pub --private
[] Testing key /mnt/hgfs/MOUNT/WeakRSA/key.pub. attack initialized… [] Performing factordb attack on /mnt/hgfs/MOUNT/WeakRSA/key.pub.
[*] Attack success with factordb method !
Results for /mnt/hgfs/MOUNT/WeakRSA/key.pub:
Private key :


Decrypting The File

Now we can use the private key to decrypt the flag and submit the flag to hack the box and win the challenge. Apparently, there is a way to do this with RsaCtfTool but I couldn’t work it out. It wouldn’t output the flag or create a new file. So I will use OpenSSL to decrypt the flag using the private key that RsaCtfTool just magically found for us.

└──╼ $openssl rsautl -in flag.enc -out flag.txt -decrypt -inkey priv.key
└──╼ $ls
flag.enc flag.txt key.pub priv.key RsaCtfTool.py 'Weak RSA.zip'
└──╼ $cat flag.txt

And there you have it, submit the flag and you are done.