Noncense

spbctf

Task: AES-CTR encryption with /dev/zero as random source producing zero nonce. Solution: Known plaintext attack using flag prefix to recover keystream, then XOR to decrypt.

known_plaintext stream_cipher aes nonce_reuse ctr_mode

known_plaintext_attackkeystream_recoveryctr_nonce_reuse_attack

$ ls tags/ techniques/

known_plaintext stream_cipher aes nonce_reuse ctr_mode

known_plaintext_attackkeystream_recoveryctr_nonce_reuse_attack

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[crypto][Pro]SLA— spbctf
[crypto][Pro]XOR Key Recovery — Favourite byte & You either know XOR you don't— cryptohack
[crypto][Pro]AES-CTR— spbctf
[crypto][Pro]ROX — XOR with Key— spbctf
[crypto][free]Broken Decryptor— hackthebox