HTB-Nuclear Sale
Cryptography - Level Easy
ุฑุงูุช ุงุจ ุฌุฏูุฏ ๐ฅณ
ูุตู ุงูุชุญุฏู:
Plutonium Labs is a private laboratory experimenting with plutonium products. A huge sale is going to take place and our intelligence agency is interested in learning more about it. We have managed to intercept the traffic of their mail server. Can you find anything interesting?
ู ุญู ูุช ุงูู ูู ุทูุน pcap file
ุชุตูุญุช ุงูู ูู ูุฒู ู ุง ูู ูุงุถุญ ูุฏุงู ูู ูู mail server
mail server ูุนุฑู ุงูู ูุณุชุฎุฏู ุจุฑูุชูููู SMTP
SMTP: Simple Mail Transfer Protocol
ููุงุท ู ูู ุฉ ูุงุฒู ูุนุฑููุง ุนู ุงูุจุฑูุชูููู
we know that SMTP easily readable by eavesdroppers.
ุณูู ุงูู ูููุฑุฃ ุจุญูู ุฃูู ูุธูุฑ ูู plain text and ASCII ููุฐุง ูุณู ุญ ููู ุฎุชุฑููู ุฃู ูุชูุตุชูู ุนูู ุงูtraffic
STEP 1 :
ุงูู ูู ูุจุฏุฃ ุงูุฎุทูุฉ ุงูุฃููู ุดูุช ุงูุจุฑูุชููููุฒ ูููุง SMTP ูููุช ุฃุจุฏ ุจุณูู follow TCP stream ู ูุดูู ุดุงูุณุงููุฉ
๐ก hint ->
ุญูู ุทูุน ููุง ูู stream 1 ุฏููู ุนูู ุฃู ุงูุนู ููุฉ XOR
STEP 2: collect data
Stream 2 ู ุงุนุทุงูุง ูู:
He is a high profile individual. His information is encrypted below:
6b65813f4fe991efe2042f79988a3b2f2559d358e55f2fa373e53b1965b5bb2b175cf039
Message (XOR) key = C
Stream 3 ู ูู:
ciphertext 1 (C1) encrypted with our key.
fd034c32294bfa6ab44a28892e75c4f24d8e71b41cfb9a81a634b90e6238443a813a3d34
(Message (XOR) key) (XOR) key1(our key) = C1
Stream 4 ู ูู:
ูEncrypted with our key..
de328f76159108f7653a5883decb8dec06b0fd9bc8d0dd7dade1f04836b8a07da20bfe70
(Message) (XOR) key1(our key) = C2
STEP 4: Analysis
ุจุนุฏ
two cipher encrypted with the same key? interesting
ุชุฐูุฑูุง ูุธุฑูุฉ ููุซุงุบูุฑุณ .. ุนูุฏูุง ู ุชุบูุฑูู ุดููู ูุทูุน ุงูุซุงูุซ ๐
STEP 1:
if we (
Message(XOR)key) (XOR) key1(our key)(XOR)Message(XOR)keysince -> Message and key will be cancelled then the output will be -> key1STEP 2:
Then if (Message) (XOR) key1(our key) (XOR) with Key1(our key) [output from STEP1] then -> Key 1 will be cancelled and the output will be -> message.
STEP 5: Coding phase
ุทูุจ ูุงุฒู ูุจุฑู ุฌ ุงุณุชุฎุฏู ุช ุจุงูุซูู ุนุดุงู ูุทูุน ุงูู ุณุฌ
my code
ุฃูุง ูุถุญุช ุงูุฎุทูุงุช ุฃููุฏ ููู ุงุฎุชุตุงุฑุงุช ู ููุฏ ุฃุณูู ู ู ู ูู ุชุณุชุฎุฏู ูู cyberchef
ู ูู ุง ุชุนุฏุฏุช ุงูุทุฑู ุงูุญู ูุงุญุฏ ุงุฎุชุงุฑูุง ุงููู ุชุจููู ู ุน ุงูููุช ุฃููุฏ ุจูุชุทูุฑ ๐๐ป
ุงุณุชู ุชุนุช ู ุฃูุง ุขุญู ุจุญูู ุฃูู ุงุณุชุฑุฌุนุช ูู ู ุนููู ุฉ ููุจู ุงูุฎุชุงู ูุดูุฑ ูููู ๐๐ป
Last updated