CTF 流量分析Wireshark Certificate例题
前言
昨晚6点多的时候,朋友突然给我发了一道流量分析题,当时在吃饭,结果一直到8点多才开始分析这个流量包,这种题在网上太少碰到
题目附件
链接:https://pan.baidu.com/s/1Vz8XBen_nrkfqRxSDbN2sg#7xq8解题
先打开附件,一看上去就只有TLSv1.2和TCP两种协议,以往流量包解的最多都是HTTP协议,所以我们要进行解密才能看到里面的包加密信息,然后由于前段时间的羊城杯CTF比赛也是有一题流量分析,里面有很多TCP协议,我就看一下是不是TCP隐写,结果不是。。。。。。
然后我根据我之前的方法进行TLS解密流量,依然毫无进展。但是我没放弃,一个一个包的找,突然被我发现了第11个包里面有一个Certificate证书被截取了
直接把证书导出来,右键选择’导出分组字节流’,保存格式为’All files’,命名,后缀是.der, 比如zoe.der
然后我们把它放进kali用openssl命令行工具进行检查,让我们获取证书的可读形式。
:33:45~Tony]openssl x509 -inform DER -in zoe.der -textCertificate:Data:Version:3 (0x2)SerialNumber:9e:6e:0d:aa:09:10:fa:fbSignatureAlgorithm: sha256WithRSAEncryptionIssuer:C = US, ST = New York, L = New York, O = E Corp, CN = pki.e-corp.com, emailAddress = pki@e-corp.comValidityNotBefore: Feb 1 00:39:00 2017 GMTNotAfter : Feb 1 00:39:00 2018 GMTSubject:C = US, ST = New York, L = New York, O = E Corp, CN = pki.e-corp.com, emailAddress = [email protected]SubjectPublic Key Info:PublicKey Algorithm: rsaEncryptionRSAPublic-Key: (4103 bit)Modulus:72:6f:6f:74:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:1b:00:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:ff:77:77:77:7b:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:1f:ff:ff:22:22:22:2b:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:26:52:93:c4:42:2b:e3:53:26:38:fe:eb:2a:63:5e:86:5e:5b:cc:d4:86:2d:14:91:f8:e4:6e:d4:1a:fd:ab:32:ab:1e:91:3c:29:6c:45:a7:23:a3:71:cc:4a:d2:18:d2:73:a4:94:ac:50:1a:1c:67:75:76:b8:4d:3a:17:00:b2:4e:38:f3:d7:c8:09:0c:95:27:67:f8:a9:da:53:2e:b4:49:6a:95:3f:a2:b2:64:1f:93:af:58:32:1e:49:1a:d6:b3:e1:f6:60:0e:a1:75:76:35:a2:d4:75:62:df:f2:f2:45:bf:c8:ed:51:14:20:93:1d:e2:46:d5:63:34:d8:89:7d:64:65:b2:27:f6:c0:95:ec:e1:ad:99:4c:75:51:f0:8d:bc:21:f8:b4:06:91:ee:51:f5:f7:2d:05:2d:93:52:06:2f:90:b0:e7:c5:2c:2e:b1:81:96:c2:c9:85:10:1a:f4:ea:c6:74:99:39:6c:62:41:ad:4f:24:39:ed:11:f8:7d:67:e7:3a:23:9b:86:5c:45:d6:5a:61:cf:0f:56:08:2d:e8:31:b9:7f:b2:8a:e8:22:2a:71:95:e0:ec:06:c0:82:81:ff:c1:6e:71:06:e7:7e:68:b8:c4:51:04:24:be:eb:55:82:fe:21:cc:34:5f:53:53:46:82:b7:5c:36:8d:73:c9Exponent:31337 (0x7a69)X509v3extensions:X509v3Subject Key Identifier:4D:EC:FC:58:C3:9F:6B:A7:C9:0F:FC:0B:25:FD:46:F2:7C:AB:F8:44X509v3Authority Key Identifier:keyid:4D:EC:FC:58:C3:9F:6B:A7:C9:0F:FC:0B:25:FD:46:F2:7C:AB:F8:44X509v3Basic Constraints:CA:TRUESignatureAlgorithm: sha256WithRSAEncryption0d:f1:f7:4f:e1:a7:7d:0c:92:d7:29:69:09:0e:5a:49:2b:25:b5:95:1c:32:f6:6e:04:52:5e:fc:82:d1:9e:6a:6a:60:23:42:62:8a:37:24:7b:ac:f1:e6:d9:8b:d9:b7:53:a8:d5:c6:a9:9a:e8:7d:28:a2:41:74:1e:c5:1f:08:8c:de:7a:f1:28:f1:a9:ba:bf:fb:11:29:2a:3d:4f:d1:5b:a2:5f:86:ba:e8:09:30:d3:c4:40:67:b2:57:bd:80:b2:c9:bf:98:d2:9e:ab:2c:07:65:9f:5e:3f:44:8c:5f:d9:b7:a0:aa:85:5c:9d:f1:46:90:0c:7f:41:35:24:73:99:49:03:5f:a3:a8:45:26:c0:51:ce:0b:a5:e0:30:2a:59:4e:98:77:fb:4a:83:3c:af:09:e8:61:47:a5:80:1f:b0:8c:f0:7e:9a:b5:75:54:bd:b0:8f:05:9e:04:75:d8:c0:e6:4b:b5:6b:ba:20:0c:14:fb:4c:87:c3:e9:8f:47:ba:1e:23:70:9d:5b:bd:11:63:a3:45:e2:91:54:02:b2:af:f6:ff:cb:c7:bd:0e:b1:87:bf:19:11:59:93:77:1c:a0:f5:b7:1a:c1:24:d6:1d:b2:70:0b:96:ac:34:45:80:8d:27:53:45:15:d9:75:89:02:45:60:aa:ee:0e:8f:0a:a0:36:e8:2a:00:18:09:d9:0a:2d:78:bb:06:f4:14:b4:04:2c:f6:c0:b6:5c:a3:f8:28:1b:91:b5:2b:9e:e4:af:35:cf:fb:b8:7b:ed:9f:73:7b:b6:14:a8:5e:21:5f:a0:66:76:3d:25:65:07:ff:02:ed:24:1f:07:d9:6a:79:db:c1:7f:ce:83:2c:bd:2f:1c:3a:22:41:a3:f3:30:27:b4:01:59:49:32:90:32:96:f0:a2:8b:b7:36:61:64:cf:7e:c1:97:bd:7b:25:e8:74:65:f4:d4:71:21:24:ba:10:95:c0:f7:9c:4d:c9:e8:82:1e:71:4d:d6:3b:9b:5c:f2:72:01:41:cc:34:f7:42:e2:e8:f5:a2:9c:21:61:08:5c:d4:b5:bf:fe:f4:ce:9f:b8:0e:fc:a8:9d:9f:8e:0f:a3:f6:41:98:73:77:cc:0b:d9:7b:5a:1f:54:fd:1f:75:bd:ba:d0:a1:de:ac:6f:43:a9:64:31:07:91:de:b4:0e:53:da:0d:08:07:dc:0a:f1:8a:03:30:6b:75:f5:96:43:b3:75:30:79:a9:8e:fd:06:5e:d1:c4:54:09:c7:f3:2f:69:a9:5a:8d:33:02:09:9d:4e:a3:63:33:66:ca:9a:82:f8:5f:5b:dc:3f:45:16:35:de:68:d2:17:bf:0b:15:b9:d9:ae:8bCERTIFICATE-----MIIFyzCCA7KgAwIBAgIJAJ5uDaoJEPr7MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxDzANBgNVBAoMBkUgQ29ycDEXMBUGA1UEAwwOcGtpLmUtY29ycC5jb20xHTAbBgkqhkiG9w0BCQEWDnBraUBlLWNvcnAuY29tMB4XDTE3MDIwMTAwMzkwMFoXDTE4MDIwMTAwMzkwMFowfDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEPMA0GA1UECgwGRSBDb3JwMRcwFQYDVQQDDA5wa2kuZS1jb3JwLmNvbTEdMBsGCSqGSIb3DQEJARYOcGtpQGUtY29ycC5jb20wggIhMA0GCSqGSIb3DQEBAQUAA4ICDgAwggIJAoICAXJvb3QAAAAAAAAAAAAAAAAAAAAAABsAAAAAAAAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH///d3d3ewAAAAAAAAAAH///////+wAAAAAAAAAAH//////7AAAAAAAAAAAAH//////7AAAAAAAAAAAAH///////+wAAAAAAAAAAH///IiIiKwAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH//7AAAAAAAAAAAAAAAAH//7AAAAAAAAACZSk8RCK+NTJjj+6ypjXoZeW8zUhi0UkfjkbtQa/asyqx6RPClsRacjo3HMStIY0nOklKxQGhxndXa4TToXALJOOPPXyAkMlSdn+KnaUy60SWqVP6KyZB+Tr1gyHkka1rPh9mAOoXV2NaLUdWLf8vJFv8jtURQgkx3iRtVjNNiJfWRlsif2wJXs4a2ZTHVR8I28Ifi0BpHuUfX3LQUtk1IGL5Cw58UsLrGBlsLJhRAa9OrGdJk5bGJBrU8kOe0R+H1n5zojm4ZcRdZaYc8PVggt6DG5f7KK6CIqcZXg7AbAgoH/wW5xBud+aLjEUQQkvutVgv4hzDRfU1NGgrdcNo1zyQICemmjUDBOMB0GA1UdDgQWBBRN7PxYw59rp8kP/Asl/UbyfKv4RDAfBgNVHSMEGDAWgBRN7PxYw59rp8kP/Asl/UbyfKv4RDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAgAN8fdP4ad9DJLXKWkJDlpJKyW1lRwy9m4EUl78gtGeampgI0Jiijcke6zx5tmL2bdTqNXGqZrofSiiQXQexR8IjN568Sjxqbq/+xEpKj1P0VuiX4a66Akw08RAZ7JXvYCyyb+Y0p6rLAdln14/RIxf2begqoVcnfFGkAx/QTUkc5lJA1+jqEUmwFHOC6XgMCpZTph3+0qDPK8J6GFHpYAfsIzwfpq1dVS9sI8FngR12MDmS7VruiAMFPtMh8Ppj0e6HiNwnVu9EWOjReKRVAKyr/b/y8e9DrGHvxkRWZN3HKD1txrBJNYdsnALlqw0RYCNJ1NFFdl1iQJFYKruDo8KoDboKgAYCdkKLXi7BvQUtAQs9sC2XKP4KBuRtSue5K81z/u4e+2fc3u2FKheIV+gZnY9JWUH/wLtJB8H2Wp528F/zoMsvS8cOiJBo/MwJ7QBWUkykDKW8KKLtzZhZM9+wZe9eyXodGX01HEhJLoQlcD3nE3J6IIecU3WO5tc8nIBQcw090Li6PWinCFhCFzUtb/+9M6fuA78qJ2fjg+j9kGYc3fMC9l7Wh9U/R91vbrQod6sb0OpZDEHkd60DlPaDQgH3ArxigMwa3X1lkOzdTB5=CERTIFICATE-----
有更多信息,但这里最有趣的是模数,它看起来更像是ASCII艺术,而不是适当的模数。你有点可疑吗?指数看起来也不是通常的,但让我们集中精力尝试尝试计算模数。
为此我将使用RsaCtfTool工具,项目的一个分支是在CTF挑战中简化针对RSA的攻击。我添加了一堆可能适用于此处的攻击类型,因此让我们来看看。
https://github.com/RsaCtfTool/RsaCtfTool首先,我将DER格式密钥转换为兼容的密钥格式,为此,我再次使用DER格式密钥单独提取公钥openssl,得出一个文件为key.pub
┌─[root@root~11:42:10~Tony]└──────────►~/桌面# openssl x509 -inform DER -in zoe.der -pubkey -noout > key.pub
这里要给一些这个工具运行前的一些报错的坑教程
我下载完这个工具,然后一运行,它就一直给我报错,说我缺少gmpy库,因为这个工具是在python2环境下跑的,我的Kali因为没有安装pip2,只有pip3和pip,结果一直使用pip3和pip安装的gmpy都是python3的库,这里我提供一下Kali安装pip2和pip3的教程
0x01pip2(python2)安装:wgethttps://bootstrap.pypa.io/2.6/get-pip.pypython2get-pip.pypip2-V0x02pip3(python3)安装wgethttps://bootstrap.pypa.io/get-pip.pypython3get-pip.pypip3-V
然后,我使用RsaCtfTool尝试对此公钥采取任何有意义的方法来计算模数。
┌─[root@root~11:44:11~Tony]└──────────►~/RsaCtfTool/usr/local/lib/python2.7/dist-packages/requests-2.24.0-py2.7.egg/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.25.9)orchardet(4.0.0) doesn't match a supported version!RequestsDependencyWarning)[*] Performing hastads attack.[*] Performing factordb attack.-----BEGIN RSA PRIVATE KEY-----MIIJKgIBAAKCAgFyb290AAAAAAAAAAAAAAAAAAAAAAAbAAAAAAAAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB///3d3d3sAAAAAAAAAAB////////sAAAAAAAAAAB//////+wAAAAAAAAAAAB//////+wAAAAAAAAAAAB////////sAAAAAAAAAAB///yIiIisAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB//+wAAAAAAAAAAAAAAAB//+wAAAAAAAAAmUpPEQivjUyY4/usqY16GXlvM1IYtFJH45G7UGv2rMqsekTwpbEWnI6NxzErSGNJzpJSsUBocZ3V2uE06FwCyTjjz18gJDJUnZ/ip2lMutElqlT+ismQfk69YMh5JGtaz4fZgDqF1djWi1HVi3/LyRb/I7VEUIJMd4kbVYzTYiX1kZbIn9sCV7OGtmUx1UfCNvCH4tAaR7lH19y0FLZNSBi+QsOfFLC6xgZbCyYUQGvTqxnSZOWxiQa1PJDntEfh9Z+c6I5uGXEXWWmHPD1YILegxuX+yiugiKnGV4OwGwIKB/8FucQbnfmi4xFEEJL7rVYL+Icw0X1NTRoK3XDaNc8kCAnppAoICAWGMrtRH47OiP+ZhlwZpsZ/IUX8a/+9H21YctO7FYrWJh4lAiZiC9JAjbAF4cHlthnUyUq6X0dG2hpSQ7DCGf6cecGKuzwBX/K5r+zJMUTPRaTzFZuRMSMHuE59fwHnSA/7r8ckR0bzMuLkl5a28aoUcIHK+vOoADIxIUHNqacCGXjEIJPnn3jZCnLPjL/iL9+9MyznnWF3p7Tof6uqF0IdIa6NcUh4L6SikeNUaWRXzZytnPCJHODZwulmRQns9zOjS5cS9fnwPCjqW7/Sg3ncXZ6jiD0bJeo5fnXh41vMRbM5ruEYgFL4hh11VcTe9JI6zWQ2V/Oehe9y90iNGXMAX1vx2+/4uS5zMSSQbpFL9+E0cgYXK0zqDxbWsQ9lG30w2SK9PdxTNWE2x7NFEWMiCesIiw8oIKAwrpofBmqjfd9SYz69wDJAZ9QU4Cni6Q/LxvNgqFeGcTao7MwUdMa7BqU4EP4G3+yGvGXVYj9qg2/smnxGOXE6eJpIsFECrhTV6qxEDYWYpJ7dPL+J4Jbrp6deqNB2DQbk1iO2i54DNma15CsKBRvETs9CfRw5kwHoL1R2LS3RwyakxQUMFpT/aChaFYaK4kGzn/0IVwJEiSNVco+BJmvH1mHe3igejd+Vw8bn+cLm1zZRhv2vDn4c06ge04/anESkXm0GD0+TwqQKCAQEKsoul29Z6S4tMILdpWK1X71UT6gGvKtWbFpGktg5+7gWKpHdryWo7ezs6uYp0P/DhbCIDNIHf0Mg2VDEeFTsU1QZ+pGZNQZuXuiim7laTsArLfHBGdisNjs4r29xMeEkjF4vrHIx4/RIwA/TBB/Kqdyp/IvMFLuaVYaJlrPYYUTrNdjIdLDptzWRWFSxAMtj9KF7gE3RusUOfTJxmuf/ZA7YyCLuwv4K1LPxr0S35bz2foSyWRW/ZTn9cEjiz1Qiea+ZKxVX4RoPt4SzB/6Gmb75eTSyDDhTWlUxIdHvBzsYFgqMS7pcnSp9yEeMhP/IIHZ9psHp7D6j4nt0DfnMP9QKCAQEKsoul29Z6S4tMILdpWK1X71UT6gGvKtWbFpGktg5+7gWKpHdryWo7ezs6uYp0P/DhbCIDNIHf0Mg2VDEeFTsU1QZ+pGZNQZuXuiim7laTsArLfHBGdisNjs4r29xMeEkjF4vrHIx4/RIwA/TBB/Kqdyp/IvMFLuaVYaJlrPYYUTrNdjIdLDptzWRWFSxAMtj9KF7gE3RusUOfTJxmuf/ZA7YyCLuwv4K1LPxr0S35bz2foSyWRW/ZTn9cEjiz1Qiea+ZKxVX4RoPt4SzB/6Gmb75eTSyDDhTWlUxIdHvBzsYFgqMS7pcnSp9yEeMhP/IIHZ9psHp7D6j4nt0DfnMUBQKCAQEFwuI+HSXSCwPAhere37+oR6uYARADFIUxT+kfjjQ/aMj9rku8j+vf5+jtjK6ht6oFQQiKEjCGoZB7kMVSNY4J66hN7SnBdz+mvZKyDKay8V/txjM8eIP8JpaCq7aozdktNE1fdxebdHfkaoigp4KomQLW/rngpvRvgtPayhZ/iAkY6wXGJ8po0XC5uob9sN+7lmhxFP3TfVwJBsTznCPpZxGsVbnfRJOih1JUjRw5UzWDbLJBuDjptxTPNkuIwhBluV0Icx4CxHG+tNVQKS/c6rFdPjkhrlnX+apaiXuIoVUOWPEIOBm1OrvCO8KOg0kIwfpqZtjAfc05dWCfMnSjHQKCAQEKrTb2jv6g9YOAmQjxb+z+8HvlV95jyJbXnVNtw0FJ3lKZfFZp3IXdy3/f7oRJUIn4HFqTWoPDBj5mNZbeNtz2dYlxg0OBfs6C1Dc+s4eHtcC+egX4gQxgEthGkZDu7AGHsYQGLROlPBHkB5NVQQsxAhKkMJsJwY3Ej+k6I8ohiK4BXpfrcmfqfQPdwv94e3zZqvWTqFWWXhEFXcXAenCh/R676lv1CLGbMjNGydQaz4DLNEAKg18rikhUJcJyw+eZJ4RgWwNEuu/h48RuU8JY8hp/kBXHtSPJygBXFYBgeksD+M/7RQfS4CeaRwjF2DfsIN2MX+FQVVRkiNLpORVTCQKCAQEDUodu1cDjhT8zdXvqz3rCcvJM1L0Tsfr01/522QjuzlrUKrXT8AghvC417k03TfNtZUagAsTjyfNZvB4GJJ/jRR1XFgM3/nf0Ss0eLvIG+d/oD0Ncxqtm6x8MJQWmhN2bZBzurocyYFIz1efUkP3T9UGhFe5uKeOs6uB3s4CdtMwb34omG0ZUz0w1UeYczNaXfInGFcvKv2xi85vlz+vEoWYfyRzA/HagJVsyOVXoyqwAGbAQJc/IqN8vjI0uAWzE5PUP1mVI7Ivtknzqh0UonUojsBdspCCQbeBOoD0VDcHugulLDI/t7RV1ZY4sDLi1Om5PWQaIMG7RJ3494phpog==-----END RSA PRIVATE KEY-----
我们把上面的私钥复制出来,并命名为private.key
因此我们就有了一个使用fermat分解的私钥!如果我们检查私钥的细节,我们会更了解它为什么起作用。我们可以openssl再次检查它:
:56:16~Tony]openssl rsa -in private.key -text -nooutRSAPrivate-Key: (4103 bit, 2 primes)modulus:72:6f:6f:74:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:1b:00:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:ff:77:77:77:7b:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:00:1f:ff:ff:ff:ff:ff:fb:00:00:00:00:00:00:00:00:1f:ff:ff:22:22:22:2b:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:00:00:00:00:00:1f:ff:fb:00:00:00:00:00:00:00:26:52:93:c4:42:2b:e3:53:26:38:fe:eb:2a:63:5e:86:5e:5b:cc:d4:86:2d:14:91:f8:e4:6e:d4:1a:fd:ab:32:ab:1e:91:3c:29:6c:45:a7:23:a3:71:cc:4a:d2:18:d2:73:a4:94:ac:50:1a:1c:67:75:76:b8:4d:3a:17:00:b2:4e:38:f3:d7:c8:09:0c:95:27:67:f8:a9:da:53:2e:b4:49:6a:95:3f:a2:b2:64:1f:93:af:58:32:1e:49:1a:d6:b3:e1:f6:60:0e:a1:75:76:35:a2:d4:75:62:df:f2:f2:45:bf:c8:ed:51:14:20:93:1d:e2:46:d5:63:34:d8:89:7d:64:65:b2:27:f6:c0:95:ec:e1:ad:99:4c:75:51:f0:8d:bc:21:f8:b4:06:91:ee:51:f5:f7:2d:05:2d:93:52:06:2f:90:b0:e7:c5:2c:2e:b1:81:96:c2:c9:85:10:1a:f4:ea:c6:74:99:39:6c:62:41:ad:4f:24:39:ed:11:f8:7d:67:e7:3a:23:9b:86:5c:45:d6:5a:61:cf:0f:56:08:2d:e8:31:b9:7f:b2:8a:e8:22:2a:71:95:e0:ec:06:c0:82:81:ff:c1:6e:71:06:e7:7e:68:b8:c4:51:04:24:be:eb:55:82:fe:21:cc:34:5f:53:53:46:82:b7:5c:36:8d:73:c9publicExponent:31337 (0x7a69)privateExponent:61:8c:ae:d4:47:e3:b3:a2:3f:e6:61:97:06:69:b1:9f:c8:51:7f:1a:ff:ef:47:db:56:1c:b4:ee:c5:62:b5:89:87:89:40:89:98:82:f4:90:23:6c:01:78:70:79:6d:86:75:32:52:ae:97:d1:d1:b6:86:94:90:ec:30:86:7f:a7:1e:70:62:ae:cf:00:57:fc:ae:6b:fb:32:4c:51:33:d1:69:3c:c5:66:e4:4c:48:c1:ee:13:9f:5f:c0:79:d2:03:fe:eb:f1:c9:11:d1:bc:cc:b8:b9:25:e5:ad:bc:6a:85:1c:20:72:be:bc:ea:00:0c:8c:48:50:73:6a:69:c0:86:5e:31:08:24:f9:e7:de:36:42:9c:b3:e3:2f:f8:8b:f7:ef:4c:cb:39:e7:58:5d:e9:ed:3a:1f:ea:ea:85:d0:87:48:6b:a3:5c:52:1e:0b:e9:28:a4:78:d5:1a:59:15:f3:67:2b:67:3c:22:47:38:36:70:ba:59:91:42:7b:3d:cc:e8:d2:e5:c4:bd:7e:7c:0f:0a:3a:96:ef:f4:a0:de:77:17:67:a8:e2:0f:46:c9:7a:8e:5f:9d:78:78:d6:f3:11:6c:ce:6b:b8:46:20:14:be:21:87:5d:55:71:37:bd:24:8e:b3:59:0d:95:fc:e7:a1:7b:dc:bd:d2:23:46:5c:c0:17:d6:fc:76:fb:fe:2e:4b:9c:cc:49:24:1b:a4:52:fd:f8:4d:1c:81:85:ca:d3:3a:83:c5:b5:ac:43:d9:46:df:4c:36:48:af:4f:77:14:cd:58:4d:b1:ec:d1:44:58:c8:82:7a:c2:22:c3:ca:08:28:0c:2b:a6:87:c1:9a:a8:df:77:d4:98:cf:af:70:0c:90:19:f5:05:38:0a:78:ba:43:f2:f1:bc:d8:2a:15:e1:9c:4d:aa:3b:33:05:1d:31:ae:c1:a9:4e:04:3f:81:b7:fb:21:af:19:75:58:8f:da:a0:db:fb:26:9f:11:8e:5c:4e:9e:26:92:2c:14:40:ab:85:35:7a:ab:11:03:61:66:29:27:b7:4f:2f:e2:78:25:ba:e9:e9:d7:aa:34:1d:83:41:b9:35:88:ed:a2:e7:80:cd:99:ad:79:0a:c2:81:46:f1:13:b3:d0:9f:47:0e:64:c0:7a:0b:d5:1d:8b:4b:74:70:c9:a9:31:41:43:05:a5:3f:da:0a:16:85:61:a2:b8:90:6c:e7:ff:42:15:c0:91:22:48:d5:5c:a3:e0:49:9a:f1:f5:98:77:b7:8a:07:a3:77:e5:70:f1:b9:fe:70:b9:b5:cd:94:61:bf:6b:c3:9f:87:34:ea:07:b4:e3:f6:a7:11:29:17:9b:41:83:d3:e4:f0:a9prime1:0a:b2:8b:a5:db:d6:7a:4b:8b:4c:20:b7:69:58:ad:57:ef:55:13:ea:01:af:2a:d5:9b:16:91:a4:b6:0e:7e:ee:05:8a:a4:77:6b:c9:6a:3b:7b:3b:3a:b9:8a:74:3f:f0:e1:6c:22:03:34:81:df:d0:c8:36:54:31:1e:15:3b:14:d5:06:7e:a4:66:4d:41:9b:97:ba:28:a6:ee:56:93:b0:0a:cb:7c:70:46:76:2b:0d:8e:ce:2b:db:dc:4c:78:49:23:17:8b:eb:1c:8c:78:fd:12:30:03:f4:c1:07:f2:aa:77:2a:7f:22:f3:05:2e:e6:95:61:a2:65:ac:f6:18:51:3a:cd:76:32:1d:2c:3a:6d:cd:64:56:15:2c:40:32:d8:fd:28:5e:e0:13:74:6e:b1:43:9f:4c:9c:66:b9:ff:d9:03:b6:32:08:bb:b0:bf:82:b5:2c:fc:6b:d1:2d:f9:6f:3d:9f:a1:2c:96:45:6f:d9:4e:7f:5c:12:38:b3:d5:08:9e:6b:e6:4a:c5:55:f8:46:83:ed:e1:2c:c1:ff:a1:a6:6f:be:5e:4d:2c:83:0e:14:d6:95:4c:48:74:7b:c1:ce:c6:05:82:a3:12:ee:97:27:4a:9f:72:11:e3:21:3f:f2:08:1d:9f:69:b0:7a:7b:0f:a8:f8:9e:dd:03:7e:73:0f:f5prime2:0a:b2:8b:a5:db:d6:7a:4b:8b:4c:20:b7:69:58:ad:57:ef:55:13:ea:01:af:2a:d5:9b:16:91:a4:b6:0e:7e:ee:05:8a:a4:77:6b:c9:6a:3b:7b:3b:3a:b9:8a:74:3f:f0:e1:6c:22:03:34:81:df:d0:c8:36:54:31:1e:15:3b:14:d5:06:7e:a4:66:4d:41:9b:97:ba:28:a6:ee:56:93:b0:0a:cb:7c:70:46:76:2b:0d:8e:ce:2b:db:dc:4c:78:49:23:17:8b:eb:1c:8c:78:fd:12:30:03:f4:c1:07:f2:aa:77:2a:7f:22:f3:05:2e:e6:95:61:a2:65:ac:f6:18:51:3a:cd:76:32:1d:2c:3a:6d:cd:64:56:15:2c:40:32:d8:fd:28:5e:e0:13:74:6e:b1:43:9f:4c:9c:66:b9:ff:d9:03:b6:32:08:bb:b0:bf:82:b5:2c:fc:6b:d1:2d:f9:6f:3d:9f:a1:2c:96:45:6f:d9:4e:7f:5c:12:38:b3:d5:08:9e:6b:e6:4a:c5:55:f8:46:83:ed:e1:2c:c1:ff:a1:a6:6f:be:5e:4d:2c:83:0e:14:d6:95:4c:48:74:7b:c1:ce:c6:05:82:a3:12:ee:97:27:4a:9f:72:11:e3:21:3f:f2:08:1d:9f:69:b0:7a:7b:0f:a8:f8:9e:dd:03:7e:73:14:05exponent1:05:c2:e2:3e:1d:25:d2:0b:03:c0:85:ea:de:df:bf:a8:47:ab:98:01:10:03:14:85:31:4f:e9:1f:8e:34:3f:68:c8:fd:ae:4b:bc:8f:eb:df:e7:e8:ed:8c:ae:a1:b7:aa:05:41:08:8a:12:30:86:a1:90:7b:90:c5:52:35:8e:09:eb:a8:4d:ed:29:c1:77:3f:a6:bd:92:b2:0c:a6:b2:f1:5f:ed:c6:33:3c:78:83:fc:26:96:82:ab:b6:a8:cd:d9:2d:34:4d:5f:77:17:9b:74:77:e4:6a:88:a0:a7:82:a8:99:02:d6:fe:b9:e0:a6:f4:6f:82:d3:da:ca:16:7f:88:09:18:eb:05:c6:27:ca:68:d1:70:b9:ba:86:fd:b0:df:bb:96:68:71:14:fd:d3:7d:5c:09:06:c4:f3:9c:23:e9:67:11:ac:55:b9:df:44:93:a2:87:52:54:8d:1c:39:53:35:83:6c:b2:41:b8:38:e9:b7:14:cf:36:4b:88:c2:10:65:b9:5d:08:73:1e:02:c4:71:be:b4:d5:50:29:2f:dc:ea:b1:5d:3e:39:21:ae:59:d7:f9:aa:5a:89:7b:88:a1:55:0e:58:f1:08:38:19:b5:3a:bb:c2:3b:c2:8e:83:49:08:c1:fa:6a:66:d8:c0:7d:cd:39:75:60:9f:32:74:a3:1dexponent2:0a:ad:36:f6:8e:fe:a0:f5:83:80:99:08:f1:6f:ec:fe:f0:7b:e5:57:de:63:c8:96:d7:9d:53:6d:c3:41:49:de:52:99:7c:56:69:dc:85:dd:cb:7f:df:ee:84:49:50:89:f8:1c:5a:93:5a:83:c3:06:3e:66:35:96:de:36:dc:f6:75:89:71:83:43:81:7e:ce:82:d4:37:3e:b3:87:87:b5:c0:be:7a:05:f8:81:0c:60:12:d8:46:91:90:ee:ec:01:87:b1:84:06:2d:13:a5:3c:11:e4:07:93:55:41:0b:31:02:12:a4:30:9b:09:c1:8d:c4:8f:e9:3a:23:ca:21:88:ae:01:5e:97:eb:72:67:ea:7d:03:dd:c2:ff:78:7b:7c:d9:aa:f5:93:a8:55:96:5e:11:05:5d:c5:c0:7a:70:a1:fd:1e:bb:ea:5b:f5:08:b1:9b:32:33:46:c9:d4:1a:cf:80:cb:34:40:0a:83:5f:2b:8a:48:54:25:c2:72:c3:e7:99:27:84:60:5b:03:44:ba:ef:e1:e3:c4:6e:53:c2:58:f2:1a:7f:90:15:c7:b5:23:c9:ca:00:57:15:80:60:7a:4b:03:f8:cf:fb:45:07:d2:e0:27:9a:47:08:c5:d8:37:ec:20:dd:8c:5f:e1:50:55:54:64:88:d2:e9:39:15:53:09coefficient:03:52:87:6e:d5:c0:e3:85:3f:33:75:7b:ea:cf:7a:c2:72:f2:4c:d4:bd:13:b1:fa:f4:d7:fe:76:d9:08:ee:ce:5a:d4:2a:b5:d3:f0:08:21:bc:2e:35:ee:4d:37:4d:f3:6d:65:46:a0:02:c4:e3:c9:f3:59:bc:1e:06:24:9f:e3:45:1d:57:16:03:37:fe:77:f4:4a:cd:1e:2e:f2:06:f9:df:e8:0f:43:5c:c6:ab:66:eb:1f:0c:25:05:a6:84:dd:9b:64:1c:ee:ae:87:32:60:52:33:d5:e7:d4:90:fd:d3:f5:41:a1:15:ee:6e:29:e3:ac:ea:e0:77:b3:80:9d:b4:cc:1b:df:8a:26:1b:46:54:cf:4c:35:51:e6:1c:cc:d6:97:7c:89:c6:15:cb:ca:bf:6c:62:f3:9b:e5:cf:eb:c4:a1:66:1f:c9:1c:c0:fc:76:a0:25:5b:32:39:55:e8:ca:ac:00:19:b0:10:25:cf:c8:a8:df:2f:8c:8d:2e:01:6c:c4:e4:f5:0f:d6:65:48:ec:8b:ed:92:7c:ea:87:45:28:9d:4a:23:b0:17:6c:a4:20:90:6d:e0:4e:a0:3d:15:0d:c1:ee:82:e9:4b:0c:8f:ed:ed:15:75:65:8e:2c:0c:b8:b5:3a:6e:4f:59:06:88:30:6e:d1:27:7e:3d:e2:98:69:a2
我们在这里看到prime1和prime2,也称为p和q,素因子相乘在一起形成我们的模数(n)。当主要因素靠拢时,费马因子分解在大型复合材料上的效果很好。在这种情况下,它们相差仅16个最低有效位!因此,该4103位复合数的时间少于一秒。
因此,现在我们有了用于TLS v1.2连接的私钥,我们可以将Wireshark设置为能够解密会话。为此,我们只需在Wireshark中打开PCAP,转到“编辑”->“首选项”,展开“Protocols”列表,然后在列表中找到“ TLS”。接下来,我们在“ RSA密钥列表”部分中单击“编辑”,然后填写密钥的详细信息。
我们指定IP(4.3.2.1),端口(443),要解码的协议(http)和密钥文件名(我们刚刚从RsaCtfTool输出保存的文件名)。保存后,返回Wireshark主窗口,您现在将能够看到HTTP解密的流量:
直接选中该HTTP流量右键选中"追踪流"->“TLS流”
我们即可获得这个流量包里的加密流量信息模量
我们将模数的十六进制字节解码为ASCII,直接获得Flag
┌─[root@root~12:07:57~Tony]└──────────►~/RsaCtfTool# cat 5.txt | sed -e s/://g| tr -d 'n'726f6f7400000000000000000000000000000000001b000000000000000000000000001ffffb0000000000000000000000001ffffb0000000000000000000000001fffff7777777b00000000000000001ffffffffffffb00000000000000001ffffffffffb0000000000000000001ffffffffffb0000000000000000001ffffffffffffb00000000000000001fffff2222222b00000000000000001ffffb0000000000000000000000001ffffb0000000000000000000000001ffffb0000000000000000000000001ffffb0000000000000000000000001ffffb0000000000000000000000001ffffb0000000000000000000000001ffffb00000000000000000000001fff00fffb000000000000000000001f000000fb0000000000000000001f0000000000fb00000000000000001f0000000000fb000000000000001f00000000000000fb0000000000001f00000000000000fb000000000000001f0000000000fb00000000000000001f0000000000fb0000000000000000001f000000fb000000000000000000001fff00fffb0000000000000000000000001b0000000000000000000000000000000000000000666c61673a7768656e5f736f6c76696e675f70726f626c656d735f6469675f61745f7468655f726f6f74735f696e73746561645f6f665f6a7573745f6861636b696e675f61745f7468655f6c6561766573
flag:when_solving_problems_dig_at_the_roots_instead_of_just_hacking_at_the_leaves
下面附上我解题时参考链接
http://bobao.360.cn/learning/detail/249.htmlhttps://blog.csdn.net/u014786330/article/details/88399498https://medium.com/@ethicalevil/tls-handshake-protocol-overview-a39e8eee2cf5
————————————————
版权声明:本文为CSDN博主「晚安這個未知的世界」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:
https://blog.csdn.net/weixin_47598409/article/details/113243861原文始发于微信公众号(利刃信安攻防实验室):【熵密杯】CTF 流量分析Wireshark Certificate例题
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论