Hack The Box – Weak RSA

Posted on by haxez
Hack The Box Weak RSA

Hello world and welcome to haxez, today I will attempt to solve the Weak RSA crypto challenge on Hack The Box. Please note that I got the solution from https://technicalciso.com/. I’m not even going to pretend to know the specifics behind how this all works. I know what encryption is. Furthermore, I know the various types of encryption including RSA. I also know how public and private key pairs work. However, I don’t know how you would break it. I’ve broken SSH keys before using John The Ripper but that’s about it.

Weak RSA Set Up

This challenge requires you to download some files and decrypt the flag so that it can be submitted to Hack The Box. First, we need to do is download the files and extract them. The password for the zip file is ‘hackthebox’. Next, looking at the files we notice that we have a flag.enc file and a key.pub file. I assume that the flag.enc was encrypted using the key.pub file.

┌─[joe@parrot]─[/mnt/hgfs/MOUNT/WeakRSA]
└──╼ $unzip Weak\ RSA.zip 
Archive:  Weak RSA.zip
[Weak RSA.zip] flag.enc password: 
  inflating: flag.enc                
  inflating: key.pub       

┌─[joe@parrot]─[/mnt/hgfs/MOUNT/WeakRSA]
└──╼ $ls -laSh
total 30K
drwxrwxrwx 1 root root 12K Mar 10 12:31  ..
-rwxrwxrwx 1 root root 826 Mar 10 12:34 'Weak RSA.zip'
-rwxrwxrwx 1 root root 447 May 15  2017  key.pub
-rwxrwxrwx 1 root root 129 Jul  3  2017  flag.enc
drwxrwxrwx 1 root root   0 Mar 10 12:35  .

File Explanation

Previously, I mentioned public and private key pairs. This is the same type of cryptographic function when you SSH to a server with a private key. Your public key will be stored on the server and then you specify your private key. Next, the server does the maths and if it’s all good then you can access the server. The same theory can be applied to PGP. Someone encrypts a document to your public key which allows you to decrypt the document with your private key.

So, we have a flag.enc (enc probably means encrypted right?), and we have a key.pub. The key.pub is probably the public key used to encrypt the file. The problem is, RSA is an asymmetric cryptosystem. You can encrypt it with your public key but you can’t decrypt it with your public key. If you could, then it would be symmetric encryption where one key is used for both encrypting and decrypting. So, what do we do?

Cracking The Weak RSA Encryption

Turns out, there is a reason why it is a good idea to use long passwords. When it comes to encryption, size does matter. If something has been encrypted with a short encryption key, it may be possible to break it. Shorter likely means fewer sums to do right? That makes sense logically surely. I could be completely wrong, but this is my understanding of it. If the flag was encrypted using a short RSA private key then we might be able to deduce the private key from the public key and then decrypt the file. However, we need a tool.

git clone https://github.com/RsaCtfTool/RsaCtfTool.git
sudo apt-get install libgmp3-dev libmpc-dev
cd RsaCtfTool
pip3 install -r "requirements.txt"
./RsaCtfTool.py

Once installed, we can then point the tool to our public key and politely ask it to produce the private key.

┌─[joe@parrot]─[/opt/RsaCtfTool]
└──╼ $./RsaCtfTool.py --publickey /mnt/hgfs/MOUNT/WeakRSA/key.pub --private
[] Testing key /mnt/hgfs/MOUNT/WeakRSA/key.pub. attack initialized… [] Performing factordb attack on /mnt/hgfs/MOUNT/WeakRSA/key.pub.
[*] Attack success with factordb method !
Results for /mnt/hgfs/MOUNT/WeakRSA/key.pub:
Private key :
-----BEGIN RSA PRIVATE KEY-----
MIICOQIBAAKBgQMwO3kPsUnaNAbUlaubn7ip4pNEXjvUOxjvLwUhtybr6Ng4undL
tSQPCPf7ygoUKh1KYeqXMpTmhKjRos3xioTy23CZuOl3WIsLiRKSVYyqBc9d8rxj
NMXuUIOiNO38ealcR4p44zfHI66INPuKmTG3RQP/6p5hv1PYcWmErEeDewKBgGEX
xgRIsTlFGrW2C2JXoSvakMCWD60eAH0W2PpDqlqqOFD8JA5UFK0roQkOjhLWSVu8
c6DLpWJQQlXHPqP702qIg/gx2o0bm4EzrCEJ4gYo6Ax+U7q6TOWhQpiBHnC0ojE8
kUoqMhfALpUaruTJ6zmj8IA1e1M6bMqVF8srlb/NAiBhwngxi+Cbie3YBogNzGJV
h10vAgw+i7cQqiiwEiPFNQJBAYXzr5r2KkHVjGcZNCLRAoXrzJjVhb7knZE5oEYo
nEI+h2gQSt1bavv3YVxhcisTVuNrlgQo58eGb4c9dtY2blMCQQIX2W9IbtJ26KzZ
C/5HPsVqgxWtuP5hN8OLf3ohhojr1NigJwc6o68dtKScaEQ5A33vmNpuWqKucecT
0HEVxuE5AiBhwngxi+Cbie3YBogNzGJVh10vAgw+i7cQqiiwEiPFNQIgYcJ4MYvg
m4nt2AaIDcxiVYddLwIMPou3EKoosBIjxTUCQQCnqbJMPEQHpg5lI6MQi8ixFRqo
+KwoBrwYfZlGEwZxdK2Ms0jgeta5jFFS11Fwk5+GyimnRzVcEbADJno/8BKe
-----END RSA PRIVATE KEY-----

Score.

Decrypting The File

Now we can use the private key to decrypt the flag and submit the flag to hack the box and win the challenge. Apparently, there is a way to do this with RsaCtfTool but I couldn’t work it out. It wouldn’t output the flag or create a new file. So I will use OpenSSL to decrypt the flag using the private key that RsaCtfTool just magically found for us.

┌─[joe@parrot]─[/mnt/hgfs/MOUNT/WeakRSA]
└──╼ $openssl rsautl -in flag.enc -out flag.txt -decrypt -inkey priv.key
┌─[joe@parrot]─[/mnt/hgfs/MOUNT/WeakRSA]
└──╼ $ls
flag.enc flag.txt key.pub priv.key RsaCtfTool.py 'Weak RSA.zip'
┌─[joe@parrot]─[/mnt/hgfs/MOUNT/WeakRSA]
└──╼ $cat flag.txt
HTB{sxxxx_Wxxxxrs_xxxxck}

And there you have it, submit the flag and you are done.