The objective of this challenge is to retrieve the FLAG which is encrypted with the user input.
The challenge is served using socat so the user can only send data and receive the ciphertext.
Exploitation
Here an oracle is possible as the user can inject and manipulate arbitrary data into the targeted ciphertext as he want and he have the ciphertext output.
By sending 32 bytes, the user can prooved that ECB mode is used :
from pwn import*import jsonp =remote("127.0.0.1", 1337)p.recvuntil(b": ")p.sendline((b"A"*32).hex().encode())ciphertext = json.loads(p.recvline())['ciphertext']assert(ciphertext[0:32]== ciphertext[32:64])print("remote service use ECB mode")
output :
$ python3 exploit.py
[+] Opening connection to 127.0.0.1 on port 1337: Done
remote service use ECB mode
[*] Closed connection to 127.0.0.1 port 1337
As ECB is used, it's possible to bruteforce the FLAG :
from pwn import*import jsonfrom rich.console import Consoleimport stringprintable = [ord(c)for c in string.printable]console =Console()context.log_level ='error'defencrypt(payload): p =remote("127.0.0.1", 1337) p.recvuntil(b": ") p.sendline(payload.hex().encode()) data = json.loads(p.recvline())['ciphertext'] p.close()return dataflag =b""with console.status(f"FLAG = {flag}, Trying byte : ")as a:whilelen(flag)==0or flag[-1]!=125:for c in printable:# set char to test c = c.to_bytes(1,'big')# update the console status a.update(f"FLAG = {flag}, Trying byte : {c}")# Set the payloadiflen(flag)>16: payload = flag[-15:]+ c +b'\x10'* (15- (len(flag)%16))else: payload =b'\x10'* (15-len(flag)) + flag + c +b'\x10'* (15-len(flag)) cipher =encrypt(payload)# Check if the first block and the targeted block are the sameif cipher[0:32]== cipher[32+ (32* (len(flag)//16)) :64+ (32* (len(flag)//16 ))]:# If it is, then the letter is found flag += cbreakprint("FLAG = ", flag)
Note: not all bytes are tester, only printable characters are tested as the flag must be human readable.