{"id":626,"date":"2012-04-01T02:57:29","date_gmt":"2012-04-01T02:57:29","guid":{"rendered":"http:\/\/2012.hackitoergosum.org\/blog\/?page_id=626"},"modified":"2012-04-08T14:20:47","modified_gmt":"2012-04-08T14:20:47","slug":"crypto-challenge","status":"publish","type":"page","link":"http:\/\/2012.hackitoergosum.org\/blog\/crypto-challenge","title":{"rendered":"CHALLENGE"},"content":{"rendered":"<p><strong>CHALLENGE 1<\/strong><\/p>\n<p>Dear crypto-hackers,<\/p>\n<p>I crashed my laptop and lost my access to the database where the encryption key of my backups is stored, can you help me to get it back ?<br \/>\nI know some checks are regularly done on the DB by a bot, maybe it can help&#8230;<\/p>\n<p>Here is some code I got \/ start to code <a href=\"http:\/\/2012.hackitoergosum.org\/blog\/wp-content\/uploads\/2012\/04\/HESCryptoChall1.tar.gz\">HESCryptoChall1.tar.gz<\/a> (990bdaad61bbf9f2b397b296ac478ce6) :<br \/>\n&#8211; attacker.py : a MITM script, you should modify it to get my key.<br \/>\n&#8211; crypto.py and challenge1.py : sources of the database and the bot, they are configured to run locally.<br \/>\n&#8211; keys.py : example keys I&#8217;ve built, server ones are different.<\/p>\n<p>Address of both the database and the bot is games.labs.overthewire.org (ports are the same than the ones in challenge1.py)<br \/>\nPlease try your attack locally before flooding the server or your IP may be banned.<\/p>\n<p><strong>CHALLENGE 2<\/strong><\/p>\n<p>Dear crypto-hackers,<\/p>\n<p>Sorry to bother you again but I&#8217;m in a big trouble.<br \/>\nI booked a room at hackryptotel to go to hackito in order to confirm your reservation and identity you have to send them a code that you get on their server with a python script and a certificate (hey it&#8217;s hackryptotel !).<br \/>\nBecause I didn&#8217;t want to carry my certificate with me at hackito (there is a lot of bad guys there !) and because my code wasn&#8217;t in the hackryptotel database yet when I had to go so I coded a script that gets the code and e-mail it to my secure e-mail address.<br \/>\nUnfortunately, it seems that I&#8217;ve made a typo mistake while writing my e-mail address and I can&#8217;t confirm my reservation !<\/p>\n<p>The good news are :<br \/>\n&#8211; my script use a server I control as a proxy so I can MitM the connexion.<br \/>\n&#8211; because sendmail fail, script is in an infinite loop and is still querying the hackryptotel database.<\/p>\n<p>Maybe you&#8217;ll be able to find a flaw in the protocol and get my code (I really don&#8217;t think so, it seems really secure :\/ ). Code is here <a href=\"http:\/\/2012.hackitoergosum.org\/blog\/wp-content\/uploads\/2012\/04\/HESCryptoChall2.tar.gz\">HESCrypto2Chall.tar.gz<\/a> (7b374ccf59b6225b0df6026bbe727da9)<\/p>\n<p>The address of the MitM server is games.labs.overthewire.org (ports are the same than the ones in challenge.py)<br \/>\nPlease try your attack locally before flooding the server or your IP may be banned .<\/p>\n<p>If I find anything usefull, I&#8217;ll post details on twitter (<a href=\"https:\/\/twitter.com\/#!\/HackitoErgoSum\" title=\"HackitoErgoSum\">@HackitoErgoSum<\/a>)<\/p>\n<p><strong>CONTACT<\/strong><\/p>\n<p>If you have any question or problem don&#8217;t hesitate to contact me :<br \/>\non weekdays : eloi.vanderbeken [{a}] oppida [{.}] fr<br \/>\non weekend\u00a0 : eloi.vanderbeken [{a}] gmail\u00a0 [{.}] com<\/p>\n<p>If you succeed, send your solution (recovered key and how you got it) to hes-cfp [{a}] lists.hackitoergosum [{.}] org<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CHALLENGE 1 Dear crypto-hackers, I crashed my laptop and lost my access to the database where the encryption key of my backups is stored, can you help me to get it back ? I know some checks are regularly done on the DB by a bot, maybe it can help&#8230; Here is some code I [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":40,"comment_status":"open","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-626","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/pages\/626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/comments?post=626"}],"version-history":[{"count":10,"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/pages\/626\/revisions"}],"predecessor-version":[{"id":630,"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/pages\/626\/revisions\/630"}],"wp:attachment":[{"href":"http:\/\/2012.hackitoergosum.org\/blog\/wp-json\/wp\/v2\/media?parent=626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}