Monday, July 29, 2013

MITRE 2013 Writeup : Network 200

Wireshark .pcap file shows a bunch of TCP and HTTP requests, most notably to vimeo.com.  Saving the TCP stream into a file...

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.4.14
Expires: Sun, 14 Jul 2013 21:17:37 GMT
Vary: User-Agent,Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-DNS-Prefetch-Control: on
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Date: Sun, 14 Jul 2013 20:17:37 GMT
X-Varnish: 155913018
Age: 0
Via: 1.1 varnish
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Varnish-Cache: 0
Connection: close
X-VServer: 10.90.128.147



...and loading it up onto localhost via ncat...

elliptic@elliptic:~/solved/network200$ sudo ncat -l 80 < stream

...yields the vimeo video.

01010100 01101000 01100101 00100000 01101011 01100101 01111001 
T        h        e                 k        e        y
00100000 01101001 01110011 00100000 01001101 01000011 01000001 
         i        s                 M        C        A
00101101 00110101 00111000 01000010 01000101 00110001 00110100 
-        5        8        B        E        1        4
00110111 01000001 00100000 00111010 00101001
7        A                 :        )

MCA-58BE147A

MITRE 2013 Writeup : Binary 200 #2

ELF Linux executable file named Game.bin.  Running it shows usage instructions that show that it takes one parameter:

elliptic@elliptic:~/solved/bin2002$ ./Game.bin
Usage: ./Game.bin

keyFile - The file containing your CD Key


Strings table and cat were both uninteresting.  Disassembling the main function in GDB yielded some nice things.

. Stack initialization
   0x0804896c <+0>:    push   ebp
   0x0804896d <+1>:    mov    ebp,esp
   0x0804896f <+3>:    push   ebx
   0x08048970 <+4>:    and    esp,0xfffffff0
   0x08048973 <+7>:    sub    esp,0x170
. If fewer than 1 parameter, jump to 0x80489AC
   0x08048979 <+13>:    cmp    DWORD PTR [ebp+0x8],0x1
   0x0804897d <+17>:    jg     0x80489ac

. Usage
   0x0804897f <+19>:    mov    eax,DWORD PTR [ebp+0xc]
   0x08048982 <+22>:    mov    eax,DWORD PTR [eax]
   0x08048984 <+24>:    mov    DWORD PTR [esp+0x4],eax
   0x08048988 <+28>:    mov    DWORD PTR [esp],0x8049d90 ; 0x8049d90 = "Usage: %s \n"
   0x0804898f <+35>:    call   0x80487e0
   0x08048994 <+40>:    mov    DWORD PTR [esp],0x8049da8 ; 0x8049da8 = "\nkeyFile - The file containing your CD Key"
   0x0804899b <+47>:    call   0x8048840
   0x080489a0 <+52>:    mov    DWORD PTR [esp],0x0
   0x080489a7 <+59>:    call   0x8048870 ; end
. Body
   0x080489ac <+64>:    mov    eax,DWORD PTR [ebp+0xc]
   0x080489af <+67>:    add    eax,0x4
   0x080489b2 <+70>:    mov    eax,DWORD PTR [eax]
   0x080489b4 <+72>:    mov    DWORD PTR [esp+0x4],0x8049dd3 ; 0x8049dd3 = "rb"
   0x080489bc <+80>:    mov    DWORD PTR [esp],eax
   0x080489bf <+83>:    call   0x80487d0 ; Opens some file with read ("rb") permissions; probably keyFile?
   0x080489c4 <+88>:    mov    DWORD PTR [esp+0x160],eax
   0x080489cb <+95>:    cmp    DWORD PTR [esp+0x160],0x0 ; Check if we can open the file
   0x080489d3 <+103>:    jne    0x80489ed

   0x080489d5 <+105>:    mov    DWORD PTR [esp],0x8049dd8 ; 0x8049dd8 = "Error - couldn't open key file"
   0x080489dc <+112>:    call   0x8048790
   0x080489e1 <+117>:    mov    DWORD PTR [esp],0x1
   0x080489e8 <+124>:    call   0x8048870 ; end

   0x080489ed <+129>:    mov    eax,DWORD PTR [esp+0x160]
   0x080489f4 <+136>:    mov    DWORD PTR [esp+0xc],eax ; file pointer
   0x080489f8 <+140>:    mov    DWORD PTR [esp+0x8],0x1 ; number of elements in buffer (1)
   0x08048a00 <+148>:    mov    DWORD PTR [esp+0x4],0x80 ; size of elements in buffer (0x80 = 128 bytes)
   0x08048a08 <+156>:    lea    eax,[esp+0xb8]
   0x08048a0f <+163>:    mov    DWORD PTR [esp],eax ; buffer
   0x08048a12 <+166>:    call   0x8048850 ; read elements into buffer
   0x08048a17 <+171>:    mov    DWORD PTR [esp+0x15c],eax
   0x08048a1e <+178>:    cmp    DWORD PTR [esp+0x15c],0x1 ; if successful (fread returns the number of elements successfully read)
   0x08048a26 <+186>:    je     0x8048a59

   0x08048a28 <+188>:    mov    eax,ds:0x804a16c
   0x08048a2d <+193>:    mov    DWORD PTR [esp+0xc],eax
   0x08048a31 <+197>:    mov    DWORD PTR [esp+0x8],0x1f
   0x08048a39 <+205>:    mov    DWORD PTR [esp+0x4],0x1
   0x08048a41 <+213>:    mov    DWORD PTR [esp],0x8049df8 ; 0x8049df8 = "Error: couldn't read whole key\n"
   0x08048a48 <+220>:    call   0x80487f0
   0x08048a4d <+225>:    mov    DWORD PTR [esp],0x2
   0x08048a54 <+232>:    call   0x8048870 ; end


Here, the program calls a bunch of really scary things like time and random, probably to compare against the key you enter.  The correct key is 128 bytes of randomness?  Probably not the key you're looking for.

   0x08048a59 <+237>:    mov    DWORD PTR [esp],0x0
   0x08048a60 <+244>:    call   0x8048810


The more interesting part; why is it calling SDL functions?  SDL is used for drawing.

   0x08048b67 <+507>:    mov    DWORD PTR [esp],0x0
   0x08048b6e <+514>:    call   0x80487c0
   0x08048b73 <+519>:    test   eax,eax
   0x08048b75 <+521>:    je     0x8048ba2

   0x08048b77 <+523>:    call   0x8048860
   0x08048b7c <+528>:    mov    edx,DWORD PTR ds:0x804a16c
   0x08048b82 <+534>:    mov    DWORD PTR [esp+0x8],eax
   0x08048b86 <+538>:    mov    DWORD PTR [esp+0x4],0x8049e30
   0x08048b8e <+546>:    mov    DWORD PTR [esp],edx
   0x08048b91 <+549>:    call   0x8048800
   0x08048b96 <+554>:    mov    DWORD PTR [esp],0x4
   0x08048b9d <+561>:    call   0x8048870
   0x08048ba2 <+566>:    mov    DWORD PTR [esp+0xc],0x0
   0x08048baa <+574>:    mov    DWORD PTR [esp+0x8],0x10
   0x08048bb2 <+582>:    mov    DWORD PTR [esp+0x4],0x12c
   0x08048bba <+590>:    mov    DWORD PTR [esp],0x140
   0x08048bc1 <+597>:    call   0x8048780
   ...
   0x08049ce0 <+4980>:    cmp    ax,0x13f
   0x08049ce4 <+4984>:    jle    0x8049c85

   0x08049ce6 <+4986>:    mov    DWORD PTR [esp],0x3
   0x08049ced <+4993>:    call   0x8048830
   0x08049cf2 <+4998>:    mov    eax,0x0
   0x08049cf7 <+5003>:    mov    ebx,DWORD PTR [ebp-0x4]
   0x08049cfa <+5006>:    leave 
   0x08049cfb <+5007>:    ret


We don't actually need the key to get here.  Jumping to 0x08048b67 runs the SDL code:

(gdb) break main
Breakpoint 1 at 0x8048970
(gdb) run
Starting program: /home/elliptic/solved/bin2002/Game.bin
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".

Breakpoint 1, 0x08048970 in main ()
(gdb) jump *0x08048b67
Continuing at 0x8048b67.


..spawning the window:






MCA-B17EC0D3

MITRE 2013 Writeup : Binary 200 #1

This one wasn't even a binary.  It was a JAR file that you disassembled to yield the following:

// Decompiled by Jad v1.5.8e. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.geocities.com/kpdus/jad.html
// Decompiler options: packimports(3)
// Source File Name:   Overrated.java

import java.io.PrintStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Scanner;

public class Overrated
{

    public Overrated()
    {
    }

    public static void main(String args[])
    {
        String s = new String();
        String s1 = "3d38629f056c942d561b63dbe8e94653";
        Scanner scanner = new Scanner(System.in);
        for(; !encrypt(s).equals(s1); s = scanner.nextLine())
            System.out.print("Please enter the correct flag to continue: ");

        System.out.println("Good job!");
    }

    public static String encrypt(String s)
    {
        String s1 = "";
        try
        {
            MessageDigest messagedigest = MessageDigest.getInstance("MD5");
            messagedigest.reset();
            messagedigest.update(s.getBytes());
            byte abyte0[] = messagedigest.digest();
            String s2 = "";
            for(int i = 0; i < abyte0.length; i++)
            {
                String s3 = Integer.toHexString(0xff & abyte0[i]);
                if(s3.length() == 1)
                    s1 = (new StringBuilder()).append(s1).append("0").append(s3).toString();
                else
                    s1 = (new StringBuilder()).append(s1).append(s3).toString();
            }

        }
        catch(NoSuchAlgorithmException nosuchalgorithmexception) { }
        return s1;
    }
}


32-byte MD5.  Pull up your favorite hash cracker and set it up for an 8-byte bruteforce salted with MCA- and with the character set 0123456789ABCDEF:

elliptic@elliptic:~/hashcat-0.46$ ./hashcat-cli32.bin -m20 -a3 --custom-charset1=?dABCDEF --pw-min=8 --pw-max=8 hash.txt ?1?1?1?1?1?1?1?1
Initializing hashcat v0.46 by atom with 8 threads and 32mb segment-size...

Added hashes from file hash.txt: 1 (1 salts)
Activating quick-digest mode for single-hash with salt

NOTE: press enter for status-screen

3d38629f056c942d561b63dbe8e94653:MCA-:8EC28E12

All hashes have been recovered

Input.Mode: Mask (?1?1?1?1?1?1?1?1)
Index.....: 0/1 (segment), 4294967296 (words), 0 (bytes)
Recovered.: 1/1 hashes, 1/1 salts
Speed/sec.: - plains, 10.39M words
Progress..: 254333816/4294967296 (5.92%)
Running...: 00:00:00:24
Estimated.: 00:00:06:28

Started: Mon Jul 29 21:41:45 2013
Stopped: Mon Jul 29 21:42:09 2013
elliptic@elliptic:~/hashcat-0.46$


MCA-8EC28E12

MITRE 2013 Writeup : Binary 100

This one was actually broken and unsolvable for some time.  It was a Linux executable that displayed the following:

elliptic@elliptic:~/solved/bin100$ ./hello
Hello, World!
Don't forget the dash


Wow.  Uninformative.  Let's open it in GDB:

elliptic@elliptic:~/solved/bin100$ gdb --quiet hello
Reading symbols from /home/elliptic/solved/bin100/hello...(no debugging symbols found)...done.
(gdb) info fun
All defined functions:

Non-debugging symbols:
0x080482b8  _init
0x080482f0  puts
0x080482f0  puts@plt
0x08048300  __gmon_start__
0x08048300  __gmon_start__@plt
0x08048310  __libc_start_main
0x08048310  __libc_start_main@plt
0x08048320  _start
0x08048350  deregister_tm_clones
0x08048380  register_tm_clones
0x080483c0  __do_global_dtors_aux
0x080483e0  frame_dummy
0x0804840c  main
0x08048428  MCA02076b3d
0x08048450  __libc_csu_fini
0x08048460  __libc_csu_init
0x080484ba  __i686.get_pc_thunk.bx
0x080484c0  _fini
(gdb)


A basic look at the function list gives the key outright.  MCA-02076B3D

MITRE 2013 Writeup : Cryptography 100

Easy one.  File came in the form of a text file:

qnfzvyxfunxrolxrivaynjirezlzvyxfunxroevatfnyyguro
blfgbgurlnequnafcbvagrqqbjagurfgerrgnggurfznyyteb
hcbslbhatzraurnqvatgurvejnltrfghevatjvguuvfpubpby
ngrfunxrjungqnaybbxrqhcsebzuvfynjazbjrenaqjbaqrer
qjulunafxrcgznxvatzvyxfunxrfnaqgurapbzvatgbuvflne
qjvgubhgoevatvatuvzbarpurpxbhgzlzvyxfunxrrrgfoeva
tvatnyygubfroblfgbzllnequnafgubfrneragoblfgurlerg
urlerabgoblfinggurleryvggyrtveyffnlvatgurleryvxrv
gforggregunalbhefchgbalbhetynffrfunafgurlergbbfyb
jgborlbhatzranggenpgrqolnsebmraqnvelonfrqgerngnaq
gurlerzhggrevatfbzrguvatvguvaxgurlzvtugorbhgsbezb
ergunalbhezvyxfunxrcnyinglbhguvaxgurlzvtugorserap
ugursyntvfzpnfrirakfvkkfvkkavarkfvkkfrirakfvkksvi
rkehavguvaxgurlermbzovrfohgmbzovrfqbagyvxrzvyxfun
xrfgurlernyyynpgbfrvagbyrenagiurernerlbhtbvatinvg
invgsbezrqbagyrggurztrgzlzvyxfunxr

Frequency analysis:

r (114) occurs 11.573472041612484 %
g (103) occurs 9.622886866059818 %
v (118) occurs 7.022106631989597 %
n (110) occurs 6.892067620286085 %
u (117) occurs 6.892067620286085 %
a (97) occurs 6.631989596879063 %
b (98) occurs 6.501950585175553 %
f (102) occurs 6.371911573472042 %
e (101) occurs 5.3315994798439535 %
l (108) occurs 4.4213263979193757 %
y (121) occurs 4.031209362808843 %
z (122) occurs 3.77113133940182 %
x (120) occurs 3.2509752925877766 %
t (116) occurs 3.1209362808842653 %
q (113) occurs 2.47074122236671 %
h (104) occurs 2.2106631989596878 %
o (111) occurs 2.2106631989596878 %
k (107) occurs 1.5604681404421327 %
j (106) occurs 1.4304291287386216 %
i (105) occurs 1.3003901170351105 %
p (112) occurs 1.1703511053315995 %
s (115) occurs 1.0403120936280884 %
c (99) occurs 0.7802340702210663 %
m (109) occurs 0.39011703511053317 %


The most common letters are r at 11.5% and g at 9.6%.  "Hey," says you, "that looks like the standard frequency table!)  So it's probably a substitution cipher.  Even better, it's a Caesar cipher.

Rotated 13 letters forward:

DASMILKSHAKEBYKEVINLAWVERMYMILKSHAKEBRINGSALLTHEBOYSTO
THEYARDHANSPOINTEDDOWNTHESTREETATTHESMALLGROUPOFYOUNGM
ENHEADINGTHEIRWAYGESTURINGWITHHISCHOCOLATESHAKEWHATDAN
LOOKEDUPFROMHISLAWNMOWERANDWONDEREDWHYHANSKEPTMAKINGMI
LKSHAKESANDTHENCOMINGTOHISYARDWITHOUTBRINGINGHIMONECHE
CKOUTMYMILKSHAKEEETSBRINGINGALLTHOSEBOYSTOMYYARDHANSTH
OSEARENTBOYSTHEYRETHEYRENOTBOYSVATTHEYRELITTLEGIRLSSAY
INGTHEYRELIKEITSBETTERTHANYOURSPUTONYOURGLASSESHANSTHE
YRETOOSLOWTOBEYOUNGMENATTRACTEDBYAFROZENDAIRYBASEDTREA
TANDTHEYREMUTTERINGSOMETHINGITHINKTHEYMIGHTBEOUTFORMOR
ETHANYOURMILKSHAKEPALVATYOUTHINKTHEYMIGHTBEFRENCHTHEFL
AGISMCASEVENXSIXXSIXXNINEXSIXXSEVENXSIXXFIVEXRUNITHINK
THEYREZOMBIESBUTZOMBIESDONTLIKEMILKSHAKESTHEYREALLLACT
OSEINTOLERANTVHEREAREYOUGOINGVAITVAITFORMEDONTLETTHEMG
ETMYMILKSHAKE

MCA-76696765.  Very simple; took us (and most of the teams) a few minutes to solve.

MITRE 2013 Writeup : Cryptography 200

Cryptography 200 was an encrypted text file.  At first glance it's not hard to notice that some patterns repeat:

zhdgduknsardyoeyhdxlnikgullksaeshxaqzhtxcntamjoxrehgsbgncglhtbnnel
oahotgkrdjhdgddjldggtkihoabgsdufhjemziseiuzhdhoriolheuglkkylesskrx
btgkfhbenxammeooprbisnelgnvotgzhdzwhytdjlhvvhotgkacbemzuqkoezhdhlt
kczxbttckkvhoisnezjvdtttxenltgksokcjrechamjiwzhdgduknsard

which suggests a repeating encryption pattern of some sort (short, repeating XOR cipher turned out to not be the case).  The text is also rather long, suggesting that frequency analysis is possible.

Frequency analysis:

n (110) occurs 7.04927334838747 %
t (116) occurs 6.216663771640322 %
s (115) occurs 6.035319321405825 %
k (107) occurs 5.705749522320653 %
z (122) occurs 5.688147762144635 %
g (103) occurs 5.573273116785363 %
d (100) occurs 5.568177870418621 %
e (101) occurs 5.521162642580047 %
o (111) occurs 5.445428753401656 %
r (114) occurs 5.301140640379828 %
h (104) occurs 5.066759307509698 %
a (97) occurs 4.228822882288229 %
u (117) occurs 3.9571536100978517 %
m (109) occurs 3.7324995657460485 %
i (105) occurs 3.145619825140409 %
c (99) occurs 3.0988361994094147 %
l (108) occurs 2.954548086387586 %
y (121) occurs 2.8218400787447164 %
x (120) occurs 2.638642811649586 %
q (113) occurs 2.2442244224422443 %
v (118) occurs 1.7567019859880726 %
j (106) occurs 1.7418794511030051 %
b (98) occurs 1.6527126396850211 %
f (102) occurs 1.3185107984482658 %
w (119) occurs 0.9365989230501998 %
p (112) occurs 0.6003126628452319 %


Comparison with an actual frequency list doesn't yield any results (and substituting the letters in by frequency yields gibberish).

It turns out there's a way to solve Vigenère ciphers by finding repetitions in the text and retrieving the number of letters between them.  Vigenère ciphers are essentially interlaced Caesar ciphers.  Ex:

Key:           abcd
Message:       mexicandanceparty
Extended Key:  abcdabcdabcdabcda

Encrypted Msg: mfzlcbpgaoehpbtwy

where each letter of the message is added to that of the key (A = 0, B = 1, etc., so mexicandanceparty + abcdabcdabcdabcda = m, mexicandanceparty + abcdabcdabcdabcda = f, and so on).

The weakness in a Vigenère cipher is that since the key is repeated for the length of the message, if your message has repeated words, there's a chance that the encrypted message will have repetitions as well.  Ex:

Key:           abcd
Message:       whatyouseeiswhatyouget
Extended Key:  abcdabcdabcdabcdabcdab
Encrypted Msg: wicwypwvefkvwicwypwjeu

There's 12 letters from the above example between the first letters of the words (wicwypwvefkv = 12 letters) so we know that since the key repeats, the length of the key must be a factor of this (a length of 1, 2, 3, 4, 6, or 12).  With enough repetitions, you can figure out the length of the key.  And using a dictionary of words, it's possible to algorithmically determine what the key is, similar to how you'd solve a cryptogram.

This is all ~ super great ~ because not only does our text have repetitions but it is ridiculously long and fits both requirements for a solvable Vigenère cipher.  Feeding it through this lazy person cipher solver yields the key (gaz) and the decrypted text:

theadventuresofsherlockholmesbysirarthurconandoyleiascand
alinbohemiaiitheredheadedleagueiiiacaseofidentityivthebos
combevalleymysteryvthefiveorangepipsvithemanwiththetwiste
dlipviitheadventureofthebluecarbuncleviiitheadventureofth
especkledbandixtheadventureoftheengineersthumbxtheadventu
reofthenoblebachelorxitheadventureoftheberylcoronetxiithe
adventureofthecopperbeechesadventureiascandalinbohemiaito
sherlockholmessheisalwaysthewomanihaveseldomheardhimmenti
onherunderanyothernameinhiseyessheeclipsesandpredominates
thewholeofhersexitwasnotthathefeltanyemotionakintolovefor
ireneadlerallemotionsandthatoneparticularlywereabhorrentt
ohiscoldprecisebutadmirablybalancedmindhewasitakeitthemos
tperfectreasoningandobservingmachinethattheworldhasseenbu
tasaloverhewouldhaveplacedhimselfinafalsepositionhenevers
pokeoft..................................................
............et cetera et cetera .........................
...theflagismcafivezerofivetwofourefourseven.............

MCA-50524E47

MITRE 24-Hour CTF

So I did this MITRE 24-hour CTF with Vincent, the president of the hacking club over at the University of Florida, along with two other fellows drjmoo and TobalJackson (also at UF) under the team flag SomethingEpic and landed 12th place.  That was pretty cool.  I crashed for 24 hours at Vincent's house and drjmoo and TobalJackson crashed over at UF and fate twisted our way, landing us five places above Georgia Tech and its many MadHatter clones (and only four places down from the Berkeley team, no less).

Hey look it's us!

For the uninitiated, a CTF (capture-the-flag) is a hacking competition where there are certain puzzles in any form, be it an image, or a virtual disk, or an executable or what-say-you, and the idea is to recover some flag cleverly hidden inside of it.  The topics this time around were:

Binary: digging through executable files
Cryptography: encoded files
Forensics: partially-damaged or unaccessible files
Grab Bag: anything/everything
Networking: ..networking
Web: ..web

Flags were in the format MCA-{8 digits of hex}

Writeups of a few:

Binary 100
Binary 200 #1
Binary 200 #2
Cryptography 100
Cryptography 200
Networking 200