External Challenge Assistance

General technological topics without their own forum go here

External Challenge Assistance

Post by gkhnoisgtht on Sat Sep 28, 2013 9:44 pm
([msg=77518]see External Challenge Assistance[/msg])

I have been working on runme files from friends and have gotten one that I am a little stumped on. If someone would be willing to help that would be great.

The binary is nothing fancy, it does 4 very simple tasks:
1. send a udp message on port 9030 to 10.56.15.125 containing the message AES KEY:NCo4uVtdPz06rBmazE12jg==
2. send a udp message on port 9030 to 10.56.15.125 containing the message AES CT:WMzwUCxPMG57yQp0tdqRHp1k+OVKeJNTxkfEBBHZ0E8=
3. does a google search for wireshark
4. does a google search for a company

I obviously think that I need to decrypt the AES cipher message with the AES Key, but haven't had any luck actually getting it to decrypt correctly. Anyone have any advice( or code) and would be willing to share?

If someone wants I can send the binary or just the pcap of the session.

Thanks.
gkhnoisgtht
New User
New User
 
Posts: 5
Joined: Sat Sep 28, 2013 9:37 pm
Blog: View Blog (0)


Re: External Challenge Assistance

Post by Amazingred on Sun Sep 29, 2013 6:43 am
([msg=77519]see Re: External Challenge Assistance[/msg])

i'll need to see more...
There are 10 types of people in the world. Those who understand binary and those who don't.
User avatar
Amazingred
Experienced User
Experienced User
 
Posts: 73
Joined: Wed Jul 25, 2012 7:10 pm
Location: Wayyyyyy out there
Blog: View Blog (0)


Re: External Challenge Assistance

Post by gkhnoisgtht on Sun Sep 29, 2013 11:25 am
([msg=77520]see Re: External Challenge Assistance[/msg])

I dropped the file for anyone to look at

http://rapidshare.com/share/5C47027F5E132118C63AA04A000AFC65

-- Mon Sep 30, 2013 11:44 pm --

I cracked the next binary in the challenge and discovered that the password is 97531. However, I'm not sure how to get it from the binary. I would assume that I would decrypt the AES key, but haven't gotten the decryption to work.

Thanks for any help

-- Thu Oct 03, 2013 9:52 pm --

It appears that I need to decode the CT with a NULL IV. Does anyone have any suggestions on how to accomplish that?

Thanks in advance
gkhnoisgtht
New User
New User
 
Posts: 5
Joined: Sat Sep 28, 2013 9:37 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests