一、Modes of Operation Starter
题目:The previous set of challenges showed how AES performs a keyed permutation on a block of data. In practice, we need to encrypt messages much longer than a single block. A mode of operation describes how to use a cipher like AES on longer messages.
All modes have serious weaknesses when used incorrectly. The challenges in this category take you to a different section of the website where you can interact with APIs and exploit those weaknesses. Get yourself acquainted with the interface and use it to take your next flag!
Play at Modes of Operation Starter
翻译:前面的一组挑战展示了AES如何对数据块执行有键排列。实际上,我们需要加密的消息比单个块要长得多。操作模式描述如何在较长的消息上使用AES之类的密码。
如果使用不当,所有模式都有严重的弱点。这方面的挑战将把你带到网站的另一个部分,在那里你可以与api交互并利用这些弱点。让自己熟悉界面,并使用它来获得下一个旗帜!
在http://aes.cryptohack.org/block_cipher_starter播放
原题代码:
from Crypto.Cipher import AES
KEY = ?
FLAG = ?
@chal.route('/block_cipher_starter/decrypt/<ciphertext>/')
def decrypt(ciphertext):
ciphertext = bytes.fromhex(ciphertext)
cipher = AES.new(KEY, AES.MODE_ECB)
try:
decrypted = cipher.decrypt(ciphertext)
except ValueError as e:
return {"error": str(e)}
return {"plaintext": decrypted.hex()}
@chal.route('/block_cipher_starter/encrypt_flag/')
def encrypt_flag():
cipher = AES.new(KEY, AES.MODE_ECB)
encrypted = cipher.encrypt(FLAG.encode())
return {"ciphertext": encrypted.hex()}原题网站给了我们两个数据处理模块,我们只需点击encrypt_flag()即可得到我们所需的密文,原题目中已经给与了我们decrypt(ciphertext),直接将已知的明文代入即可,当然,也可以使用python写出脚本求解:
wp:
import requests
result = requests.get('http://aes.cryptohack.org/block_cipher_starter/encrypt_flag')
ciphertext = result.json()["ciphertext"]
print(ciphertext)
M = requests.get(f'http://aes.cryptohack.org/block_cipher_starter/decrypt/{ciphertext}')
m = M.json()["plaintext"]
print(bytes.fromhex(m))得到:
b'crypto{bl0ck_c1ph3r5_4r3_f457_!}'二、 Passwords as Keys
题目:It is essential that keys in symmetric-key algorithms are random bytes, instead of passwords or other predictable data. The random bytes should be generated using a cryptographically-secure pseudorandom number generator (CSPRNG). If the keys are predictable in any way, then the security level of the cipher is reduced and it may be possible for an attacker who gets access to the ciphertext to decrypt it.
Just because a key looks like it is formed of random bytes, does not mean that it necessarily is. In this case the key has been derived from a simple password using a hashing function, which makes the ciphertext crackable.
For this challenge you may script your HTTP requests to the endpoints, or alternatively attack the ciphertext offline. Good luck!
Play at Passwords as Keys
翻译:对称密钥算法中的密钥必须是随机字节,而不是密码或其他可预测的数据。随机字节应该使用加密安全的伪随机数生成器(CSPRNG)生成。如果密钥以任何方式都是可预测的,那么密码的安全级别就会降低,从而有可能让访问密文的攻击者对其进行解密。
仅仅因为一个键看起来像是由随机字节组成的,并不意味着它一定是这样。在这种情况下,密钥是从使用哈希函数的简单密码中获得的,这使得密文很容易被破解。
对于这种挑战,您可以将HTTP请求脚本化到端点,或者脱机攻击密文。好运!
在http://aes.cryptohack.org/passwords_as_keys播放
原题代码:
from Crypto.Cipher import AES
import hashlib
import random
# /usr/share/dict/words from
# https://gist.githubusercontent.com/wchargin/8927565/raw/d9783627c731268fb2935a731a618aa8e95cf465/words
with open("/usr/share/dict/words") as f:
words = [w.strip() for w in f.readlines()]
keyword = random.choice(words)
KEY = hashlib.md5(keyword.encode()).digest()
FLAG = ?
@chal.route('/passwords_as_keys/decrypt/<ciphertext>/<password_hash>/')
def decrypt(ciphertext, password_hash):
ciphertext = bytes.fromhex(ciphertext)
key = bytes.fromhex(password_hash)
cipher = AES.new(key, AES.MODE_ECB)
try:
decrypted = cipher.decrypt(ciphertext)
except ValueError as e:
return {"error": str(e)}
return {"plaintext": decrypted.hex()}
@chal.route('/passwords_as_keys/encrypt_flag/')
def encrypt_flag():
cipher = AES.new(KEY, AES.MODE_ECB)
encrypted = cipher.encrypt(FLAG.encode())
return {"ciphertext": encrypted.hex()}原题网站给了我们两个数据处理模块,我们只需点击encrypt_flag()即可得到我们所需的密文,二是我们已经知道了这个aes解密时需要密钥的,其中
KEY = hashlib.md5(keyword.encode()).digest() 既是密钥生成的算法。
我们又可以从代码中发现网站https://gist.githubusercontent.com/wchargin/8927565/raw/d9783627c731268fb2935a731a618aa8e95cf465/words
打开并将文件下载出来,我们所需的密钥就在其中,接下来我们的工作便是暴力破解,从其中取得我们所需的密文。
首先,我尝试了将数值返回的网页进行运算,结果由于密钥中的数据太过庞大,根本计算不出来。(代码如下)
import requests
import tqdm
from Crypto.Cipher import AES
import hashlib
from Crypto.Util.number import *
import tqdm
import random
import binascii
result = requests.get('http://aes.cryptohack.org/passwords_as_keys/encrypt_flag')
ciphertexthex = result.json()["ciphertext"]
# print(ciphertext_hex)
# ciphertexthex='c92b7734070205bdf6c0087a751466ec13ae15e6f1bcdd3f3a535ec0f4bbae66'
with open('words.txt','r')as f:
for words in f:
words=words.strip()
ciphertext=bytes.fromhex(ciphertexthex)
key_1 = hashlib.md5(words.encode()).hexdigest()
key=bytes.fromhex(key_1)
print(key)
m = requests.get(f'http://aes.cryptohack.org/passwords_as_keys/decrypt/{ciphertext}/{key}')
m = m.json()["ciphertext"]
if b'crypto{' in m:
print(m)
break
于是,转换思路,,直接从文件中提取数据,自己构建aes算法进行运算求解。
import requests
import tqdm
from Crypto.Cipher import AES
import hashlib
from Crypto.Util.number import *
import tqdm
import random
import binascii
result = requests.get('http://aes.cryptohack.org/passwords_as_keys/encrypt_flag')
ciphertexthex = result.json()["ciphertext"]
# print(ciphertext_hex)
# ciphertexthex='c92b7734070205bdf6c0087a751466ec13ae15e6f1bcdd3f3a535ec0f4bbae66'
with open('words.txt','r')as f:
# for words in f:
# words=words.strip()
# ciphertext=bytes.fromhex(ciphertexthex)
# key_1 = hashlib.md5(words.encode()).hexdigest()
# key=bytes.fromhex(key_1)
# print(key)
# m = requests.get(f'http://aes.cryptohack.org/passwords_as_keys/decrypt/{ciphertext}/{key}')
# m = m.json()["ciphertext"]
# if b'crypto{' in m:
# print(m)
# break
words=words.strip()
# print(words)
key_1 = hashlib.md5(words.encode()).hexdigest()
key=bytes.fromhex(key_1)
cipher = AES.new(key, AES.MODE_ECB)
ciphertext = bytes.fromhex(ciphertexthex)
decrypted = cipher.decrypt(ciphertext)
if b'crypto{' in decrypted:
print(decrypted)
print(decrypted)
1305
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
