Introduction
For this lab our goal is to decrypt a file and retrieve the hidden flag.
To begin, we need to download the zip archive from the HTB website and unzip the necessary files for this lab.
unzip Weak\ RSA.zip #hackthebox
Next, we will attack the RSA encryption using the RSA CTF Tool within a python virtual environment. These are the installation steps on kali:
git clone https://github.com/RsaCtfTool/RsaCtfTool
cd RsaCtfTool
sudo apt install libgmp3-dev libmpc-dev
virtualenv venv
source venv/bin/activate
pip3 install -r requirements.txt
Recovering the private key
Now that we have set up the environment, we can proceed with decoding the private key. This si the command to attack and decode the key, as run from within the git archive folder where the binary lives and assuming the key files are one folder above, modify the paths if thsi isn’t the case for you:
./RsaCtfTool.py --publickey ../key.pub
When run you can observe it tries a variety of methods before finding one which is effective at exploiting the weakness present in this public key.
Decrypt the file
Unfortunately, at the time of writing, the required modules for file decryption are not available on the current Python3 version in the Python Package Index (PyPI). As a workaround, we will use OpenSSL to decrypt the file and obtain the flag.
Execute the following commands:
openssl rsautl -decrypt -in $ENCRYPTED -out $PLAINTEXT -inkey keys/privkey.pem
openssl pkeyutl -decrypt -in flag.enc -out flag.txt -inkey key
After running these commands, you should now have the decrypted flag stored in the flag.txt file.
Conclusion
In this lab, we successfully exploited a Weak RSA encryption scheme to decrypt a file and retrieve the flag. It is important to note that this lab was conducted for educational purposes to understand the vulnerabilities associated with weak RSA encryption. Always ensure that your encryption schemes are strong and regularly update your software to mitigate such vulnerabilities.