cryptoeasy

Broken Decryptor

hackthebox

Task: AES-CTR encryption with biased OTP (no 0x00 bytes) and broken decrypt oracle. Solution: Statistical byte elimination attack - collect ~2000 samples to identify the one missing byte value at each position, then XOR with keystream recovered from encrypting zeros.

$ ls tags/ techniques/

known_plaintext xor aes statistical_attack otp ctr_mode byte_elimination broken_oracle

known_plaintext_attackstatistical_byte_eliminationkeystream_reuse_attack

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]