Cryptographic Failures

Crypto Basics

2

base64加密解密,没啥说的。

3

题目给出的密文 {xor}Oz4rPj0+LDovPiwsKDAtOw== 使用了IBM WebSphere Application Server的 XOR编码 加密。需要拿到默认加密的密钥来解密。

Google一下,找到了XOR编码的加密解密脚本

上面的代码有点小问题,修复后的代码如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Decode and Encode WebSphere XOR Password
# Base code from: https://gist.github.com/metall0id/bb3e9bab2b7caee90cb7

import base64
import argparse

parser = argparse.ArgumentParser(description="WebSphere XOR Password Decoder/Encoder")
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('-e', '--encode', help='Encode password (provide password as input)', action='store_true')
group.add_argument('-d', '--decode', help='Decode password (provide encoded password as input)', action='store_true')
parser.add_argument('password', metavar='PASSWORD', help='Password to decode/encode')
args = parser.parse_args()

return_data = ""

if args.password:
    if args.encode:
        try:
            for character in args.password:
                return_data += chr(ord(character) ^ ord('_'))
            # 需要处理字符字符串和字节字符串
            return_data = base64.b64encode(return_data.encode('utf-8')).decode('utf-8')
            print ("Decoded Password: " + args.password)
            print("Encoded Password: {xor}" + return_data)
        except Exception as e:
            print("Exception: " + str(e))
    elif args.decode:
        try:
            if args.password.startswith('{xor}'):
                args.password = args.password.replace('{xor}', '')
            # 需要处理字符字符串和字节字符串
            for character in base64.b64decode(args.password).decode('utf-8'):
                return_data += chr(ord(character) ^ ord('_'))
            print("Encoded Password: {xor}" + args.password)
            print("Decoded Password: " + return_data)
        except Exception as e:
            print("Exception: " + str(e))
    else:
        parser.print_help()
else:
    parser.print_help()

直接运行脚本解密python.exe .\Untitled-2.py -d "{xor}Oz4rPj0+LDovPiwsKDAtOw==",得到:databasepassword

4

未加盐的普通hash值破解。

直接MD5破解网站查,如cmd5

6

题目中出给出了一个私钥,需要我们提供对应的公钥的modulus值以及使用私钥对该modulus进行签名后的签名值。

保存网页提供的私钥到本地文件private.txt,文件内容如下:

1
2
3
-----BEGIN PRIVATE KEY-----
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQC2PNFq9Jq+eCEckqRhRH7vSHlrRjt+2QeDrXvyCQ/BUTdf2CnD2lIeZstuQKy4GPKyulsnaCLLOkQiAcWjDce3sXTU0yuFAhH303DgUI1oaNtzU5EDqKzacALVxJnyCBXlhYw68mi36eJx4bbRkC95xZ0fTNOyrvgosz6VxNzawbtLQYlZuBfafPUCYJGIJhhwYGUIOJ5HQ9avqrTBg77vbP+BPU3bNcyt3HlArFbNRHHInOy5kSbzkFTxYq3XknhAZMYqO8Joz6eTQ3JdAcxguzDFpxT1JdlN0huLLGYlpPLaUP2bBANIPd8WEdMmOr15623juh3Gc+ShFScfacbHAgEFAoIBADar2Gzi+zkkCe74yun68uFiitNh3qYN6KeA2GI16yBlKjZacu30sjxSCdRGmjc6rzWeTovScNaRetcAiBdQ7x2CCXMMJqfnBWPyodzk9zjsQdXMRRqymkGIANm6+vvPOcTbQ6tIuQP5XYiQg6VE2wrue+/KP4JnsNkCksaH29s5m2dBdYh86cq7GYzJJUhXMoKo91FvT3K/kNsRWI+pK8jl39UVb6rDP56iOP0NUfh7/egbs7Q3TKM5i9SuSveIBIbCF1jXBW4g/eQ47uKu72Rm/OO4M8LgiBs6xJtD9wt8M9n8pybDl77Hz9GTGOidPGXHN81UcxQIpnckHbgeY30CgYEA/JJMtgPEfn2dmv4f41N0YYkI9UUeB+3yYj/DWrYSSMvVkUkN9qWk731WX6pNNm05efZoyxjm0I9A0ryxyztxP7gOZ9B4w9XQn86h8Ks9EvwKzeWK17DyX0O3Mwz3XO2d7Cw32/H3+lxnKyobOQmDuz57jpGBm5dzc6f73WC+2nECgYEAuLYaoORTOLkaWi73h0OPDokkN15SODAoPEBYMtc9jttD2XHn4vxbXnUUBkrdZHkYVCHXyp1HVu7lBW/BPg2xKXHPZdxLlyPmZCE5EBN9m2tZF+kLkLqcXwSsWSNSfGcTryzO9H0qucU8qdwMRxVVjj2CeqXJrUGORhag5q5FoLcCgYBlB1HiZ+gymKVxMnMnuvtaNtBiG6WcxZQnTLSKrzqDhLvTttJiqKhfy7wmRB7ikhb9lcOEcFxTbIBUS3pRSvoZfNKP7P0bIlNzH3P53hht/mq4wjeJefqMgXx60fyLkj8rROMkxy/9vo+q3aR9NwF+GP45BwCkovr7D/5YjRkkLQKBgG7TqZO8Me7VdjYcLh31VdWFfCE4l7tQGCQmm1G0WCKDjxwRJLtkNtJGPzb5uAkVdP9HgXmRkTQo79AP2lhunX9EST0dxvRIvW9HIjzYfpBzm9slbVbWXdKcZ2iuyxdxC8+BSPkX5m92V5kdoPdzM1VYGxZjeQGNu8OnLVc1XPoHAoGBAOmYa5PH9a1DxikmHQBG5xdSY2h5awnWpuuNeu2jGdJLwsFOjpZVF0HGEx/CDLqYgdGnqgrB5WIR1YTx5H0v0V/u4LjIjxVlL01RQVdmwsZe13J5lS8uhaOFRZILQ8fYrV+nLXfMCut6gcHwNVc2JZD7FpnWDIfKJyWvCjOTsXto
-----END PRIVATE KEY-----

使用openssl命令,通过私钥生成公钥文件:

1
openssl rsa -in private.txt -pubout > public.txt

公钥文件public.txt内容如下:

1
2
3
4
5
6
7
8
9
-----BEGIN PUBLIC KEY-----
MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtjzRavSavnghHJKkYUR+
70h5a0Y7ftkHg6178gkPwVE3X9gpw9pSHmbLbkCsuBjysrpbJ2giyzpEIgHFow3H
t7F01NMrhQIR99Nw4FCNaGjbc1ORA6is2nAC1cSZ8ggV5YWMOvJot+niceG20ZAv
ecWdH0zTsq74KLM+lcTc2sG7S0GJWbgX2nz1AmCRiCYYcGBlCDieR0PWr6q0wYO+
72z/gT1N2zXMrdx5QKxWzURxyJzsuZEm85BU8WKt15J4QGTGKjvCaM+nk0NyXQHM
YLswxacU9SXZTdIbiyxmJaTy2lD9mwQDSD3fFhHTJjq9eett47odxnPkoRUnH2nG
xwIBBQ==
-----END PUBLIC KEY-----

提取公钥中的modulus值:

1
openssl rsa -in public.txt -pubin -modulus -noout | cut -c 9- | tr -d '\r\n' > pm.txt

得到:

1
B63CD16AF49ABE78211C92A461447EEF48796B463B7ED90783AD7BF2090FC151375FD829C3DA521E66CB6E40ACB818F2B2BA5B276822CB3A442201C5A30DC7B7B174D4D32B850211F7D370E0508D6868DB73539103A8ACDA7002D5C499F20815E5858C3AF268B7E9E271E1B6D1902F79C59D1F4CD3B2AEF828B33E95C4DCDAC1BB4B418959B817DA7CF502609188261870606508389E4743D6AFAAB4C183BEEF6CFF813D4DDB35CCADDC7940AC56CD4471C89CECB99126F39054F162ADD792784064C62A3BC268CFA79343725D01CC60BB30C5A714F525D94DD21B8B2C6625A4F2DA50FD9B0403483DDF1611D3263ABD79EB6DE3BA1DC673E4A115271F69C6C7

使用私钥对该modulus信息进行签名计算,并将结果进行base64编码,得到一个私钥签名的签名值的base64编码结果。

1
openssl dgst -sign private.txt -sha256 pm.txt| base64

得到:

1
2
3
4
5
KIEji62u9Jkd07x3PeyA6qbK1nJ/X3If/0HhsDXsQm0FA2bTt2+1wrVfOBdFfANyHqgYpodZQ2s4
tR+ZmHgwoZ/8wRsKvA/NIINXuYxtBMWPFsZTdhHewqSe5iF2NM32xADMtonyVJdAt56tB8dMTHGy
oCmnRKCvID7Cd4DzcH3gPpStvnheFsqUp5SY05uMfBl9s8OeA/igYxaFFxh0JtrYP+vphFEnXypY
vnlAJaNqWk+bP0LvqSl4cp+RBwzdxekDTVfTC0MHsTOiF6NLu/Ws7gpxUqcfPTlU/sIi9iS2KPOi
uOMrWkslb0ifmIL9DMJqVKQuWEyMvf88HiMOag==

注意:请在Linux系统下运行上面的这些openssl命令!

输入框分别填上这两个值,提交。

8

题目提供了一个docker镜像,这个镜像的/root目录下保存了密码,拿到这个密码,可以解开题目中的加密字符。

运行容器:

1
docker run -d webgoat/assignments:findthesecret

以root用户登录容器:

1
docker exec -it --user root 容器id /bin/bash

找到密码文件:

1
2
cd /root
cat default_secret

显示密码:

1
ThisIsMySecretPassw0rdF0rY0u

解密加密的字符串:

1
echo "U2FsdGVkX199jgh5oANElFdtCxIEvdEvciLi+v+5loE+VCuy6Ii0b+5byb5DXp32RPmT02Ek1pf55ctQN+DHbwCPiVRfFQamDmbHBUpD7as=" | openssl enc -aes-256-cbc -d -a -kfile default_secret

得到解密后的原文:

1
Leaving passwords in docker images is not so secure

把解密后的原文和密码文件名分别填到输入框,提交。

![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZgAAACgCAYAAAAxZXohAAAgAElEQVR4Ae1dTYslx5X1zzC2x2qNpDHCjWUbGYMKCWwGrbSwYRhv1JZX3rTU2s1CdINnYQphMz24MQ2FcIthGqqFCxphqBFUjxjXpv5VDDcibsS5NyLzfWVWvY+zKN7LlxE37seJcyIiX1V947sv/2OQn29+69v8YQ6IAWKAGCAGJsPANygwFFYuLogBYoAYmAMDFBiuViZbrcwBUNok8REDu4sBCgwFhgJDDBADxMAsGKDAEFizAIurzt1ddbJ2rN1UGKDAUGAoMMQAMUAMzIIBCgyBNQuwploB0Q5X08TA7mJgI4F57aVb4ee3b4dfvflm+O3RUbj39tvh43fe4Q9zQAwQA8QAMRDWEhgRll/86McEEAFEDBADxAAxMIiBlQXmrddfNzuVX775k/DW7dvh9X/6Xnj51dfCrVde5Q9zQAwQA8QAMbDaDkaOw/QITIRFRIWCQkElBogBYoAY6GFg6R2M7FxUXH72gzcoLFydEAPEADFADIxiYCmBkWcu+gCf4sKVSm+lws+IC2KAGPAYWEpg9IG+HIt5A7wmqIgBYoAYIAZ6GFgoMLJ70aMxPnMhiHog4mfEBTFADPQwsFBg9ME+dy8EUA9A/Iy4IAaIgSEMLBQY+SVK2cHIV5GHjPBzAowYIAaIAWLAY2ChwMhv6IvA8HiM4PHg4TUxQQwQA2MYWCgw+u0x/hIlgTQGJN4jPogBYsBjYKHA6AN+33Gl63f/Jdz/+N3wfX5nnMeMxAAxQAwcDAbmF5h374XTi4twdXkR/uc/f0mR4eQ6mMm10iKMuCAu9hAD8woMiIsIzNXlSbi/h0kkkfBogBggBoiBFgMTCMxPw4f/cRz+/V9ftyuQRly+DKcPfmrbUGyYD2KAGCAG9hYDGwrMT8O/ff5lPP66+r9n4U+/ySJDcdlbwHCV1q7SmBPmhBjoY2BDgfkg/Nf/pucr8QhMRObj+swlHYtx50Lw9cHHvDAvxMB+Y2BDgXk1fP8398OXKDLxWYuKDsWFE2i/JxDry/oSA8MY2FhgJLl9kaG4EHjDwGNumBtiYP8xMInAtCJDceHk2f/JwxqzxsTAOAYmExgVmbPzM35bjN+K4ZcciAFigBhY/C+TJ/lNfiaak40YIAaIgYPDwKQ7GG4Xx7eLzA/zQwwQA4eEAQoMV1UHt6o6pAnOWCloN4kBCgwFhgJDDBADxMAsGKDAEFizAOsmV00cm6t2YmA7MECBocBQYIgBYoAYmAUDFBgCaxZgcQW5HStI1oF1uEkMUGAoMBQYYoAYIAZmwQAFhsCaBVg3uWri2Fy1EwPbgQEKDAWGAkMMEAPEwCwY2Ehg7j+9CFdP71nH7hyHF5cX4cWj9+znD07Kf7Ts9lu6wPfC6eVZeHynr9DvPzoLV+fH4f2l7WU74h/0W9vOquPuU3uXw5VXkRE7w7Vd2d4+5ZaxWD5hPnYiHxsJzK0eocTPzsILIGshBiTsOQVmbRJysaC/a9s8tEngcrhy3igwO0EaK9f10OYB4y043kxgOoQg4nH64L3w+BxXonJddzVJYE7CKfzvmNMHsCPJu6D0D8vkf8uoLdm96P+akXGgTy6qF4Y4VulzEu73ii/E6NokOyfh9LyO53dlsU3ppz62Pt16JfmN/ho/Y7wn4bHsvtSeE+go5nrv0sYuMb54dDySG5u3uuuUz2Hc8z+HZ1CnRCTge/bzPuZLd7D42SXk2Xxu/Rb7WJ8XT0/Ci1Jrl8ehsQ1WYFyp89jYpl/FZox57N4rCculTn63bvrm3Jpauv7mnou5h1V+VsiLQrf9eNlMYPJkq8SZCEtIPJGeHpPJ55WAE6nU60TUmRzyBK0284QsE9Ha8iBD4sb30s5fm75CRmWM3BaJPJKV8xnaJzJzBFfIAEg6f2Z8UVJSss6CVAQtjg22Y/vqy2g+c42KLXOd/KqC08kR5kX9LHHn2qjf2FbiXMZvbwtwYuqjY+tYel3ELPlS4hwd29cDr/G9TGC8dvEqporPqW3xQX10MZb7KrAaU8HL9hOHqQ39pugNYGBDgcmEpBNEJpROJiSbONEqQUZC1D7iWLxfCdOD15BxnPDLtbX9Fkxa9FeJQ2OJyUOikfetD1ZUcTzsmz43vnXirzlKpFYFF/rnHNa2eUy054nWAKH1y9fCxIR21Q7aNzlc5PfisQ0OmrGdoGjNYk7WGFvjMYKCNRx4j36Z+FP7WBvFUed+ErAWSyb24tuAD7xPgt9SDGwsMHGVmieQkGZdnQmBJFGJZAqCMkqIJVGJgMpRhE7SFQRGV5/JxoJJ7Ca/EYDoExBiJJV6dFZ89MclLhYUCWMfSSr3qTlyeYBjMt151LaZgMCeGaf4o0QFMZV7SM7yHvIW7daFQiRBGAuxYHPvciVYwH5lbPEHxiuf9xYh6GeKp+Jscc5iW80lYFNiGrunxB9zrv2zz3V8za/dERq7pa/kZiBmjJ/vKSI7iIHNBSYSvpCOI6O8/RdSlclYhSefu+OkNmRTyUH7xIm5lsDoRE9klITAEaQWbWWBWYUUWiI3MZn4k89VNNq+SnL6WtvmeMGeGUdjLa9927GPikDJu5K8yx+M1RMYFFX1N75iP+PPQF6b9osFZnDsMp4e4yUBVLwVPwUTWQj0XhEWzQv4VfIG9jH/+L6MAW35mc5Xvu4LFiYQmCQYp4/k68mWfGRCpYfPljTGCNGSVAKanZhCitYeFsO29UDtE2rsv4rArHqM0mlv/ASS0lhqjhKRKsHpfXytbXO8aC+SpK1L7TuQj9g/PaA246JdJUa0b3K4yO/O2D37Ok5zb0xgFo3tcWF3GjU/Hn8d7KFfJv7UN9ZGxQhzpXHxlTuTPcbAJAITheT8bPB3YvDhuUzelQgxTsoLeADfmeRQICRufB9JY2yCO3Jo+jqRiPeNoHYIs/iVCE+PtMrxkRIPklTuY3IU/UZRtQRq2kp/Y8+2tfkf8jn764U82sXffXK2XQ7jYsHYsO1tjgfG1ByamIS8U3vcpUR7ujMezZmPG/1a5V5qW4+40nURZc2X1jn7XHGgO6ihBUArhF78eM0cbTMGJhGYRGjtV1CVBMyEWiQwel/PqGVyOrKIhDrwvKNPWvoMAEnaA9OShbUjbT3xZKFUP/EbZ0qK+KpkE9ufhPhVXyWehjxbEY7+wFiFxDRfSqyNwFTf9binCn4b