Zeecka zeecka

Rapport d'audit

BreizhCTF 2023 - Cryptography

BreizhCTF 2023 - Rapport d’audit

Challenge details

EventChallengeCategoryPointsSolves
BreizhCTF 2023Rapport d’auditCryptography??????

audit

The company Cybeur-salé sent BreizhCTF an audit report about its infrastructure. Following an incident at Cybeur-salé, the archive leaked on the famous Braidzh-Forum site. The IT services company nevertheless claims that the confidentiality of the report remains guaranteed, since the archive is protected by a strong password. Following on from the incident, you have been mandated by BreizhCTF to impartially confirm Cybeur-salé’s claims.

Author: Zeecka

TL;DR

The challenge provided an encrypted ZIP archive containing several files. Some of these files are publicly available and enable a known-plaintext attack.

Methodology

The archive containing the audit report has a password and a ZIP extension. The zipinfo command and 7z l -slt let us gather information about the archive, such as the lack of compression, the file names, and also confirm the ZipCrypto Store encryption.

zipinfo Rapport_Audit_BreizhCTF.zip
zipinfo -v Rapport_Audit_BreizhCTF.zip
7z l -slt Rapport_Audit_BreizhCTF.zip
Archive:  Rapport_Audit_BreizhCTF.zip
Zip file size: 1357917 bytes, number of entries: 3
-rw-r--r--  3.0 unx   430627 BX stor 22-Nov-28 15:09 20211216_OWASP-MSP_OWASP_Top_Ten_2021.pdf
-rw-r--r--  3.0 unx   688733 BX stor 22-Nov-28 15:05 cvss-v31-specification_r1.pdf
-rw-r--r--  3.0 unx   237871 BX stor 22-Nov-28 15:08 Rapport_Audit_BreizhCTF.docx
3 files, 1357231 bytes uncompressed, 1357231 bytes compressed:  0.0%
7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=C,Utf16=off,HugeFiles=on,64 bits,20 CPUs x64)

Scanning the drive for archives:
1 file, 1357917 bytes (1327 KiB)

Listing archive: Rapport_Audit_BreizhCTF.zip

--
Path = Rapport_Audit_BreizhCTF.zip
Type = zip
Physical Size = 1357917

----------
Path = 20211216_OWASP-MSP_OWASP_Top_Ten_2021.pdf
Folder = -
Size = 430627
Packed Size = 430639
Modified = 2022-11-28 15:09:11
Created = 
Accessed = 
Attributes = _ -rw-r--r--
Encrypted = +
Comment = 
CRC = 435B5F61
Method = ZipCrypto Store
Characteristics = UT 0x7875 : Encrypt Descriptor
Host OS = Unix
Version = 10
Volume Index = 0
Offset = 0
...

Using ZipCrypto is deprecated, notably because of its vulnerability to “known-plaintext” attacks, especially in the absence of compression. The bkcrack tool makes it easier to exploit this vulnerability. It requires knowing one file from the archive (or part of it). Since the file names were not changed, it is possible to retrieve some of the reference documents such as cvss-v31-specification_r1.pdf from the internet:

wget https://www.first.org/cvss/v3-1/cvss-v31-specification_r1.pdf

The attack is then carried out in two steps. The first step consists of recovering the intermediate encryption keys. These require comparing an archive containing the cvss-v31-specification_r1.pdf file in the same storage mode (without compression):

zip -0 origin.zip cvss-v31-specification_r1.pdf
bkcrack -C Rapport_Audit_BreizhCTF.zip -c cvss-v31-specification_r1.pdf -P origin.zip -p cvss-v31-specification_r1.pdf -e
bkcrack 1.5.0 - 2022-09-25
[21:15:45] Z reduction using 688726 bytes of known plaintext
0.7 % (4952 / 688726)
[21:15:46] Attack on 166 Z values at index 684443
Keys: 2cec9bbe 8410cf1b 74078a50
100.0 % (166 / 166)
[21:15:46] Keys
2cec9bbe 8410cf1b 74078a50

The second step therefore lies in using these keys to recover the desired file, here our audit report Rapport_Audit_BreizhCTF.docx.

bkcrack -C Rapport_Audit_BreizhCTF.zip -c Rapport_Audit_BreizhCTF.docx -k 2cec9bbe 8410cf1b 74078a50 -d Rapport_Audit_BreizhCTF.docx

Opening the docx file then gives access to the report in cleartext, and lets us recover the Flag

Rapport

For informational purposes, the password used to generate the archive was 9Sh679pjKawR

Flag

BZHCTF{CryptoKnownFiles!}

Author: Zeecka