Static Client 2

cryptohack

Task: interactive DH (socket.cryptohack.org 13378) where Bob keeps a STATIC private exponent b, rejects suspicious g/A, but still computes B'=g^b mod whatever prime p the client sends. Solution: send a ~1605-bit prime whose p-1 = 2 * product of distinct small primes (<2^24, fully smooth) with g=2; Bob returns B'=g^b mod p, and Pohlig-Hellman + BSGS over each small subgroup recovers b mod (p-1) in one query; since b < p_real < p-1 this is the EXACT static b, so shared_real = A_alice^b mod p_real (RFC3526 1536-bit prime) AES-CBC decrypts the eavesdropped flag.

aes_cbc interactive diffie_hellman small_subgroup bsgs pohlig_hellman smooth_prime static_key parameter_confinement

baby_step_giant_steppohlig_hellmansmooth_modulus_confinementstatic_exponent_recovery

$ ls tags/ techniques/

aes_cbc interactive diffie_hellman small_subgroup bsgs pohlig_hellman smooth_prime static_key parameter_confinement

baby_step_giant_steppohlig_hellmansmooth_modulus_confinementstatic_exponent_recovery

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[crypto][Pro]Static Client— cryptohack
[crypto][Pro]Export-grade— cryptohack
[crypto][Pro]The Matrix Revolutions— cryptohack
[crypto][free]Rhome— HackTheBox
[crypto][Pro]Tutor in the middle— duckerz