cryptofreemedium

Protocol Analysis 6: Sneedham-Chucker

metactf

Task: a DawgCTF protocol analysis challenge implementing the classic Needham-Schroeder Public Key Protocol between Sneed (initiator) and Chuck (responder), with the flag sent as {FLAG}h(nA+nB) at the end. Solution: Lowe's man-in-the-middle attack — use our own attacker identity 'mallory' as Alice's X, relay nA to Bob as-if from sneed, bounce {nA,nB}pubA back to Alice so she encrypts nB to us under pubM, then re-encrypt {nB}pubB to trigger the flag send. The flag is symmetric-encrypted with ChaCha20-Poly1305 under key=SHA256(nA_hex+nB_hex) and nonce=key[:12].

$ ls tags/ techniques/

rsa mitm certificate protocol_analysis dawgctf needham_schroeder lowe_attack public_key_protocol nonce_exchange chacha20_poly1305

lowe_mitmneedham_schroeder_public_key_attackre_encryption_relaynonce_reflectioncross_session_key_reuseaead_with_deterministic_nonce

Protocol Analysis 6: Sneedham-Chucker — metactf

Description

Chuck needs to send Sneed an urgent message regarding the name of their store, but he doesn't want any city slickers listening in. There may be a flag abound.

Source: https://github.com/UMBCCyberDawgs/dawgctf-sp26/blob/main/Protocol%20Analysis%20(1-9)/Protocol_Analysis_chals.pdf

Sixth entry in the DawgCTF Protocol Analysis series. The task description is a direct hint to "Sneed's Feed and Seed (Formerly Chuck's)" from The Simpsons episode Lemon of Troy — the "name of their store" is the key plot point of the running internet joke.

Protocol

From the PDF manual:

Protocol key:
    A = sneed
    B = chuck
    X = any name
   nX = nonce of entity X
 h(x + y) = hash of data x and y (+ means concatenation without pipes or colons)

Alice (sneed)                     Bob (chuck)
                                  send: pubB, B, certB
recv: pubX, X, certX
send: {nA, pubA, A, certA}pubX
                                  recv: {nA, pubA, A, certA}pubB
                                  send: {nA, nB}pubA
recv: {nA, nX}pubA
send: {nX}pubX
                                  recv: {nB}pubB
                                  send: {[FLAG]}h(nA+nB)
recv: {[FLAG]}h(nA+nX)

This is the textbook Needham-Schroeder Public Key Protocol with certificates tacked onto the identity announcements, plus a symmetrically encrypted payload at the end. Chuck is the initiator (Bob column — sends his cert first), Sneed is the responder (Alice column).

Service primer

All operations are HTTP POST against https://protocols.live.

...

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires auth)

Sign in to read this free writeup

This writeup is free — just sign in with GitHub to read it.

$ssh [email protected]