Challenge #7 was a network capture file (ssl.pcap) containing an encrypted https session. The hint was: does the modulus look familiar?. The goal is obviously to decrypt the https to find the flag. Let's see how we can do that!
- Extract public certificate
- Identify encryption
- Create private certificate
- Decrypt https
1. Extract public certificate
Launch Wireshark and open the capture file. Browse the packets to the TLSv1 Server hello. Open the SSL layer, expand TLSv1 Record Layer containing certificate, select the certificate and use right-click/Export selected packet bytes to save the X.509 certificate in binary DER as public.der.
2. Identify encryption
Using OpenSSL suite, you can see information contained in certificate:
$ openssl x509 -inform DER -in public.der -text [...] Public Key Algorithm: rsaEncryption RSA Public Key: (768 bit) Modulus (768 bit): 00:ca:d9:84:55:7c:97:e0:39:43:1a:22:6a:d7:27: f0:c6:d4:3e:f3:d4:18:46:9f:1b:37:50:49:b2:29: 84:3e:e9:f8:3b:1f:97:73:8a:c2:74:f5:f6:1f:40: 1f:21:f1:91:3e:4b:64:bb:31:b5:5a:38:d3:98:c0: df:ed:00:b1:39:2f:08:89:71:1c:44:b3:59:e7:97: 6c:61:7f:cc:73:4f:06:e3:e9:5c:26:47:60:91:b5: 2f:46:2e:79:41:3d:b5 [...]
The interesting thing here is that the public-key algorithm is RSA, the modulus 768 bits and specifically it's RSA-768 which has been factored!
RSA-768 = 334780716989568987860441698482126908177047 949837137685689124313889828837938780022876 14711652531743087737814467999489 × 3674604366679959042824463379962795263227 915816434308764267603228381573966651127923 3373417143396810270092798736308917
Conclusion: we are able to create our own private certificate, valid to decrypt the SSL.
3. Create private certificate
Thanks to Mister P and Q's Excellent Solution to Didier Stevens' Authenticode Challenge, it was really easy.
I used their CreatePEM.cpp, turned it back into a C program, included e_os.h from OpenSSL and added P & Q of RSA-768bits which gave me create_private.c. Make sure you also have OpenSSL development files installed (package libssl-dev on Debian), then compile with:
$ gcc -lssl -o create_private create_private.c
Then run it to generate private.pem, the private certificate in PEM format:
$ ./create_private $ ls -l private.pem -rw-r--r-- 1 stalkr stalkr 692 2010-03-15 16:17 private.pem
4. Decrypt https
Open Wireshark preferences file:
- on Linux:
- on Windows:
C:\Documents and Settings\<user>\Application Data\Wireshark\preferences
Inform Wireshark that you want it to desegment SSL records and application data, and give it the private certificate for the https server we observed (192.168.100.4):
ssl.desegment_ssl_records: TRUE ssl.desegment_ssl_application_data: TRUE ssl.keys_list: 192.168.100.4,443,http,/home/stalkr/codegate/7/private.pemFix the path to private certificate accordingly, on Windows use regular slashes /.
Again, launch Wireshark and open the capture file. We can now see the application data: an HTTP GET request to index.html, and the response containing the flag.
Interesting challenge isn't it?
Thanks goes to my friend SiD for his help on this challenge.