The weekend of 04\/01\/2016 is pre-qualification for the Nuit du Hack 2016<\/a><\/strong>\u00a0as a Jeopardy CTF<\/strong>. Having had the opportunity and the time to participate with some colleagues and friends, here\u2019s a write-up resolution of the challenges which we could participate.<\/p>\n This cryptographic challenge concretely illustrates the “cut and paste attack ” on the cipher AES-ECB. The idea is to manipulate the blocks of encrypted data (cut & paste) to forge a different encrypted data with\u00a0our expectations.<\/p>\n When we\u00a0go to the URL of the challenge, we are invited to register us:<\/p>\n Main page<\/p><\/div>\n No control over the field values are applied, inscribe us with a login, password and email with the same value “x”:<\/p>\n Register with “x”<\/p><\/div>\n Your registration is successful, now observed in the various requests the presence of a session cookie:<\/p>\n In addition, AJAX GET request is made from the home page to “\/session,” to see if ads\u00a0are to be displayed on the main page. This simple GET request (with the session cookie) returns JSON in the following format:<\/p>\n Interesting the field\u00a0“is_admin” to “false”. We have to change this value\u00a0to “true” to reach the admin page. Currently an attempt to access this page responds:<\/p>\n Admin page error<\/p><\/div>\n The challenge home page informs that the exchanges are “secure” via Rijndael + 256ROT13, we can deduce that the value of the session cookie is calculated as:<\/p>\n JSON data is encoded to form the session cookie. Re-inscribe us in just modifying a parameter, the email = “z”:<\/p>\n Email updated<\/p><\/div>\n New JSON data :<\/p>\n New session cookie :<\/p>\n Comparing both session cookies from the\u00a0two accounts (x \/ x \/ x and x \/ x \/ z), we see that only the last block is different, and the block size of the AES-ECB is 16:<\/p>\n We conclude that the encrypted data meets JSON syntax similar to:<\/p>\n By distributing equal size to the JSON data from their respective block, we deduce:<\/p>\n The idea will now be playing on the value of the “username” with registration, in order to forge a line containing only “true,” to follow up the line “3a”. So “is_admin: true” will be forged.<\/p>\n By registering with a “username” equal to:<\/p>\n We gain the session cookie :<\/p>\n Distribution :<\/p>\n The line “2b” perfectly matches our expectations.<\/p>\n We must now forge a suitable block for email:<\/p>\n Cookie :<\/p>\n Distribution\u00a0:<\/p>\n We have now all the “material” to forge an administration cookie from valid blocks and to obtain our desired JSON:<\/p>\n A block is independent of the previous block, they are interchangeable as the decrypted data translated in JSON is with a\u00a0valid syntax (cut and paste attack). It therefore takes the blocks that are of interest for previous requests to forge one you want, the 256ROT13 is obvious\u00a0(1a, 2a, 3a, 2b and 5c<\/strong>) :<\/p>\n Test of\u00a0our new cookie on the page “\/session” to see how it is decoded:<\/p>\n JSON valide is_admin true<\/p><\/div>\n Bingo! Just visit the admin page with the new cookie value:<\/p>\n Admin page<\/p><\/div>\n Flag :\u00a0NDH{22cf96f723f08382606119fe574953b9}<\/strong><\/p>\n Greeting to\u00a0nj8<\/a>, St0rn<\/a>, Emiya<\/a>, Mido, downg(r)ade,\u00a0Ryuk@n and\u00a0rikelm, \ud83d\ude09\u00a0\/\/ Gr3etZ<\/p>\n Sources & ressources :<\/strong><\/p>\n <\/p>","protected":false},"excerpt":{"rendered":" Write-up of the challenge \u201cCryptography\u00a0\u2013 Toil33t\u201d of Nuit du\u00a0Hack 2016 CTF qualifications. The weekend of 04\/01\/2016 is pre-qualification for the […]<\/p>\n","protected":false},"author":1337,"featured_media":1963,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58,57,56,524,523,526,527],"tags":[473,474,476,469,475,459],"class_list":["post-1990","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptanalyse","category-cryptographie","category-cryptologie","category-ctf","category-events","category-ndh","category-ndh2k16","tag-aes-ecb","tag-cryptography","tag-cut-and-paste-attack","tag-jeopardy","tag-rot13","tag-write-up"],"_links":{"self":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/1990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/users\/1337"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/comments?post=1990"}],"version-history":[{"count":6,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/1990\/revisions"}],"predecessor-version":[{"id":2002,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/1990\/revisions\/2002"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/media\/1963"}],"wp:attachment":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/media?parent=1990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/categories?post=1990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/tags?post=1990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
![\"Main](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/01-3-300x157.png\")
<\/a>![\"Register](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/03-3-300x268.png\")
<\/a>session=e7a0bb1bd4f4473106e24b374ac5fa5a799a5dc4824d8f51e2a78524b1020705a6eaf0fe5db99c6755c21f277aff95020ea7708a8f28694887deb53b8ecd855b1fe1ccac92e372290593e12777d8260f;<\/pre>\n
{\r\n \"email\": \"x\", \r\n \"is_admin\": false, \r\n \"show_ad\": false, \r\n \"username\": \"x\"\r\n}<\/pre>\n![\"Admin](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/02-3-300x65.png\")
<\/a>session_cookie = 256ROT13 ( AES_ECB ( json ) )<\/pre>\n
![\"Email](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/04-2-300x269.png\")
<\/a>{\r\n \"email\": \"z\", \r\n \"is_admin\": false, \r\n \"show_ad\": false, \r\n \"username\": \"x\"\r\n}<\/pre>\nsession=e7a0bb1bd4f4473106e24b374ac5fa5a799a5dc4824d8f51e2a78524b1020705a6eaf0fe5db99c6755c21f277aff95020ea7708a8f28694887deb53b8ecd855bf1c9c8bf9c982612c9b86320a36e61d0;<\/pre>\n
(x \/ x \/ x)\r\ne7a0bb1bd4f4473106e24b374ac5fa5a 799a5dc4824d8f51e2a78524b1020705 a6eaf0fe5db99c6755c21f277aff9502 0ea7708a8f28694887deb53b8ecd855b 1fe1ccac92e372290593e12777d8260f\r\n(x \/ x \/ z)\r\ne7a0bb1bd4f4473106e24b374ac5fa5a 799a5dc4824d8f51e2a78524b1020705 a6eaf0fe5db99c6755c21f277aff9502 0ea7708a8f28694887deb53b8ecd855b f1c9c8bf9c982612c9b86320a36e61d0<\/pre>\n
session_cookie = 256ROT13 ( AES_ECB ( '{\"username\": \"x\", \"show_ad\": false, \"is_admin\": false, \"email\": \"x\"}' ) )<\/pre>\ne7a0bb1bd4f4473106e24b374ac5fa5a [{\"username\": \"x\"] (1a)\r\n799a5dc4824d8f51e2a78524b1020705 [, \"show_ad\": fal] (2a)\r\na6eaf0fe5db99c6755c21f277aff9502 [se, \"is_admin\": ] (3a)\r\n0ea7708a8f28694887deb53b8ecd855b [false, \"email\": ] (4a)\r\n1fe1ccac92e372290593e12777d8260f [\"x\"}] (5a)<\/pre>\nusername = [xxtrue, ]<\/pre>\n
9d287ba085f621f4d11632215d255584e3264500a02a33efe37921dbd92324aa5d998eabd9fd50d71639ffd19fadaeb23164706a5409b80800d7b98a576d11546cb3b01c5a57390325c7f6a18a4183c2340e00870031efaef32faae48f1dacc3<\/pre>\n
9d287ba085f621f4d11632215d255584 [{\"username\": \"xx] (1b)\r\ne3264500a02a33efe37921dbd92324aa [true, ] (2b)\r\n5d998eabd9fd50d71639ffd19fadaeb2 [\", \"show_ad\": fa] (3b)\r\n3164706a5409b80800d7b98a576d1154 [lse, \"is_admin\":] (4b)\r\n6cb3b01c5a57390325c7f6a18a4183c2 [ false, \"email\":] (5b)\r\n340e00870031efaef32faae48f1dacc3 [ \"x\"}] (6b)<\/pre>\nusername =\u00a0[xxxxxxxxxx]<\/pre>\n
9d287ba085f621f4d11632215d255584853ce76be7095f7a6006aade6d87574f3758e2604a11b75246b4f7fd9d14df598ac9ee8270fdde8d052e27be7d93dd3a5e3e792d648734eb774d0263b4a5b30b<\/pre>\n
9d287ba085f621f4d11632215d255584 [{\"username\": \"xx] (1c)\r\n853ce76be7095f7a6006aade6d87574f [xxxxxxxx\", \"show] (2c)\r\n3758e2604a11b75246b4f7fd9d14df59 [_ad\": false, \"is] (3c)\r\n8ac9ee8270fdde8d052e27be7d93dd3a [_admin\": false, ] (4c)\r\n5e3e792d648734eb774d0263b4a5b30b [\"email\": \"x\"}] (5c)<\/pre>\n{\"username\": \"x\", \"show_ad\": false, \"is_admin\": true, \"email\": \"x\"}<\/pre>\ne7a0bb1bd4f4473106e24b374ac5fa5a [{\"username\": \"x\"] (1a)\r\n799a5dc4824d8f51e2a78524b1020705 [, \"show_ad\": fal] (2a)\r\na6eaf0fe5db99c6755c21f277aff9502 [se, \"is_admin\": ] (3a)\r\ne3264500a02a33efe37921dbd92324aa [true, ] (2b)\r\n5e3e792d648734eb774d0263b4a5b30b [\"email\": \"x\"}] (5c)<\/pre>\ne7a0bb1bd4f4473106e24b374ac5fa5a799a5dc4824d8f51e2a78524b1020705a6eaf0fe5db99c6755c21f277aff9502e3264500a02a33efe37921dbd92324aa5e3e792d648734eb774d0263b4a5b30b<\/pre>\n
![\"JSON](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/05-1-300x58.png\")
<\/a>![\"Admin](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/06-1-300x88.png\")
<\/a>\n