Merge branch 'master' into 'publish'

Daubner writeups

See merge request csirt-mu-mgmt/threat-management/writeups!6

Author: Matěj Smyčka

docs/content/htb/Challenges/crypto-rlotto.md

@@ -0,0 +1,61 @@
+---
+authors:
+    - Lukas Daubner
+date: 16-01-2024
+---
+
+# Crypto - RLotto
+
+After accessing the app using browser, you can see a lot of gibberish. So, let's try it in telnet. `telnet 167.99.82.136 30363` And it's way better.
+
+Apparently, the goal is to gues the next 5 random numbers, given the 5 previous random numbers. OK, let's check the code. I am specifically looking how the random works and how it is seeded.
+
+* The random is simple `import random`
+* It is initialised with seed `random.seed(seed)`
+* The seed is time `seed = int(time.time())`
+
+## Experiments
+
+According to the docs the used time function is just seconds from epoch https://docs.python.org/3/library/time.html#time.time So, let's run the following few times and see how it is changing.
+
+```
+python3 -c "import time; print(int(time.time()))"
+```
+
+And it is really seconds.
+
+For the second experiment, let's run the app in localhost. When started, it creates a new seed, and prints the expected solution. Like this:
+
+```
+[+] EXTRACTION: 12 90 31 79 20 
+[+] SOLUTION: 35 58 89 51 38
+```
+
+But the important part that a **new seed** is generated. According to the time.
+
+Thus, if we could know the seed, we can simulate the pseudorandom generation on localhost. It would give us the solution we need. Only if we could...
+
+## Matching the seed
+
+We actually can. By running
+
+```
+python3 -c "import time; print(int(time.time()))"; telnet 167.99.82.136 30363
+```
+
+We get the time (the seed), -/+ off-by-one miss, if the timing is bad.
+
+Anyway, we run the command. Supplement the seed to the code and run it on localhost. Compare the first 5 numbers. If they do not match, we run it again. If they match, we write the solution and get the flag.
+
+```
+# Seed: 1705075719
+# Localhost
+[+] EXTRACTION: 12 90 31 79 20 
+[+] SOLUTION: 35 58 89 51 38
+# Remote
+[+] EXTRACTION: 12 90 31 79 20 
+[?] Guess the next extraction!!!
+[?] Put here the next 5 numbers: 35 58 89 51 38
+Good Job!
+HTB{........}
+```

docs/content/htb/Challenges/crypto-the-last-dance.md

@@ -0,0 +1,51 @@
+---
+authors:
+    - Lukas Daubner
+date: 16-01-2024
+---
+
+# Crypto - The Last Dance
+
+This challange was for the stream cyphers.
+
+In the `soruce.py` there are multiple points to look for:
+
+
+1. ChaCha20 is used for encryption
+2. key is reused
+3. IV (nonce) is reused
+
+Since ChaCha20 is a stream cypher based on XOR, this gives a rather straighhtforward hits what to do. The key is in this equation: `ciphertext1 XOR ciphertext2 = plaintext1 XOR plaintext2` See https://cryptosmith.com/2008/05/31/stream-reuse/ for details
+
+And in fact you got two cyphertext (message and flag) and one plaintext (message).
+
+So, you have to try one-by-one, comparing the equation.
+
+```
+c1 = bytes.fromhex("7aa34395a258f5893e3db1822139b8c1f04cfab9d757b9b9cca57e1df33d093f07c7f06e06bb6293676f9060a838ea138b6bc9")
+c2 = bytes.fromhex("7d8273ceb459e4d4386df4e32e1aecc1aa7aaafda50cb982f6c62623cf6b29693d86b15457aa76ac7e2eef6cf814ae3a8d39c7")
+
+# Just the part of a message for a length
+p1 = b"Our counter agencies have intercepted your messages"
+
+def byte_xor(x1 , x2):
+    return bytes(a ^ b for a, b in zip(x1, x2))
+
+p2 = b""
+
+for i in range(1,len(c2)+1):
+    # Compute the pattern for processed range
+    pattern = byte_xor(c1[:i], c2[:i])
+    # Loop the relevant ascii codes
+    for ch in range(32, 127):
+        current = ch.to_bytes()
+        test_pattern = byte_xor(p1[:i], p2+current)
+        if pattern == test_pattern:
+            # Match found, saving byte and moving on...
+            p2 = p2+current
+            break
+
+print(p2)
+```
+
+And thats it

docs/content/htb/Challenges/misc-canvas.md

@@ -0,0 +1,13 @@
+---
+authors:
+    - Lukas Daubner
+date: 16-01-2024
+---
+
+# Misc - Canvas
+
+The source code contains obfuscated javascript
+
+We can use online tool to deopfuscate it (e.g., https://deobfuscate.io/)
+
+But that will still give us bunch of gibberish. But if we look closely, the flag is right there! `var res = String.fromCharCode(72, 84, 66, 123, 87, 51, 76, 99, 48, 109, 51, 95, 55, 48, 95, 74, 52, 86, 52, 53, 67, 82, 49, 112, 55, 95, 100, 51, 48, 98, 70, 117, 53, 67, 52, 55, 49, 48, 78, 125, 10);`

docs/content/htb/Challenges/misc-deterministic.md

@@ -0,0 +1,89 @@
+---
+authors:
+    - Lukas Daubner
+date: 16-01-2024
+---
+
+# Misc - Deterministic
+
+The challange is presented with a text file containing 3-tuples, and a note saying some important details.
+
+* State 0: 69420
+* State N: 999
+* Flag ends at state N
+* Each character of the password is XORed with a very super secret key
+
+## 3-tuples
+
+So now you must figure out what does the 3-tuples mean. You can notice form the "fake" flag that it is always a number, followed by a label, followed by another number. Then the next line is the same as the 3rd number from previous line.
+
+So maybe the 3rd number is a reference to the next one.
+
+You can test out the hypothesis using the known numbers (69420 and 999)
+
+* Really, you can follow the numbers
+* There is no line with "69420" as 3rd number
+* There is no line with "999" as 1st number
+* The lines repeat a lot, but it seems that the refrences are deterministic (lol)
+
+So, this all looks like an Automata (which hints towards the "Deterministic" name) Let's name the tuple (state, value, next).
+
+Now about the password...
+
+## Values
+
+Now you know that the 2nd number is a value. But it is XORed somehow, so it is gibberish. However, you know something extra:
+
+* The last value (20) XOR key is "}" (125).
+* The key is reused for all characters (one-time pad fail)
+
+That allows to reverse the XOR operation to determine the key https://cyberchef.org/#recipe=XOR(%7B'option':'Binary','string':'01101001'%7D,'Standard',false)To_Decimal('Space',false)&input=fQ
+
+So key is: 01101001 (binary) You can try it out on other values if it produces something that makes sense. Especially, locate "HTB{". And it is there! "H" starts at state "0".
+
+## Putting it all together
+
+```
+from dataclasses import dataclass
+
+@dataclass
+class StateData:
+    value: int
+    next : int
+    state : int
+
+states = {}
+# Fill the sctruct
+with open("deterministic.txt") as input:
+    # The lines with text
+    next(input)
+    next(input)
+    for line in input:
+        split = line.split()
+        # Filter out the fake flag
+        if split[1].isnumeric():
+            state = int(split[0])
+            value = int(split[1])
+            next = int(split[2])
+            # Filter out duplicities
+            # I need to go from the end (to avoid cycles)
+            if next not in states.keys():
+                states[next] = StateData(value, next, state)
+
+result = []
+key = 0b01101001
+# Traverse states from the back
+# State "N-1"
+next = 999
+# Until state which I know that got value "H"
+while next != 0: 
+    state = states[next]
+    decrypted = chr(state.value ^ key)
+    result.append(decrypted)
+    next = state.state
+
+result.reverse()
+print(*result, sep="")
+```
+
+And there is the flag!

docs/content/htb/Challenges/misc-man-in-the-middle.md

@@ -0,0 +1,13 @@
+---
+authors:
+    - Lukas Daubner
+date: 16-01-2024
+---
+
+# Misc - Man in the middle
+
+First by simply reading the data we can see the textual header teling us that this is a `btsnoop` file. That can be analysed using `btmon` or `Wireshark`. While the prior can give some statistical information, we need to use Wireshark.
+
+Now the hard part is to figure out what are the packets sayng. We try to decode them using different **bluetoth device profiles** and look closely if there is a mathch. It matches on a MOUSE and KEYBOARD. The packets are mouse movements and key events (shorter packets). The longer packets are the keyboardevents.
+
+If we mimic the keyboard (key presses, shift presses, etc), we get the flag.