Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

CryptOMG Walkthrough - Challenge 1

It has been about 3 months since CryptOMG was released and I will start going through the challenges one-by-one. CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. It is available for free on the SpiderLabs Github.

The walkthroughs are written in a way to go over the methodology and thought process of testing for cryptographic flaws as oppose to just listing out the steps. Hopefully, this will help you apply this knowledge elsewhere.

The goal for the first challenge is to pull the contents of /etc/passwd (assuming you are on a *nix system). This lets us know that there is most likely a path traversal flaw in the application since the object is to pull a file that is otherwise not accessible. Opening the application does not yield anything too interesting and it seems to function like a normal website. Clicking on the links opens up their respective pages, however, instead of having a URL such as /links or /pictures we have a URL parameter 'c' with a whole bunch of gibberish at the end, in this case:


Since this is the only parameter that differentiates between pages we can safely assume that this is most likely how the pages are being grabbed. Taking a closer look at the parameter values (or the encoding setting that is conveniently placed on the top of the page), we can tell that the data is encoded in hex. The first step is to try decoding the hex data to see if it gives us anything interesting.



Decoding just gives us garbage but taking a closer look at it, the length of the data is divisible by 8, so its worth treating this as some kind of ciphertext. The next step is to alter the data and see if we can get the application to spit out some useful errors. Lets see what happens when we change our ciphertext to this:


….and now we have our crypto flaw. This particular flaw is called a padding oracle very similar to the one found in older ASP.NET installations. Lucky for us there is a nice tool to help out with exploiting this flaw. padBuster can be downloaded here and it is also installed by default in BackTrack under /pentest/web/ We want to run padBuster against our ciphertext in an effort to decrypt it and see what the format of the text is. The command we will use is:

./ "http://bts/cryptomg/ctf/challenge1/?&c=3349c4de2eaa6119ed92c916501d0b47a574f888dbc12cb7fee5dcc0c24e778c" 3349c4de2eaa6119ed92c916501d0b47a574f888dbc12cb7fee5dcc0c24e778c 16 -noiv -encoding 1

The first parameter is the full URL with all parameters including a valid ciphertext sample. The second parameter is the sample ciphertext from the URL. The third parameter is the blocksize of the ciphertext, this is almost always 16 or 8. The -noiv switch is telling padBuster that there is no initialization vector in the ciphertext sample and that the entire ciphertext should decrypt. I generally will try it with the -noiv option first and if that does not work then I will try it without. More often than not the IV will not be in the given ciphertext. The last option is specifying the encoding used in the ciphertext sample which in this case is lower hex.


After starting padBuster we get this nice table asking us which response signatures we would like to test against. We will go ahead and use padBuster's recommendation here and select ID 2.


And bam! We have our decrypted ciphertext but we are not done yet. It looks like the format is <random_text>|<file path>. So now we need to encrypt our own text to try and gain access to /etc/passwd. We can do this by adding the -plaintext option to padBuster. Since we do not know exactly where the file is being stored we can just encrypt a bunch of "../" in front of /etc/passwd to make sure that we do get to the root of the filesystem. Our new command will look like this:

./ "http://bts/cryptomg/ctf/challenge1/?&c=3349c4de2eaa6119ed92c916501d0b47a574f888dbc12cb7fee5dcc0c24e778c" 3349c4de2eaa6119ed92c916501d0b47a574f888dbc12cb7fee5dcc0c24e778c 16 -noiv -encoding 1 -plaintext "spiderlabs_is_awesome|../../../../../../../etc/passwd"

And now we have our new ciphertext. It's important to note that because we do not have control over the IV in this case, the first block of data will be garbled when encrypting data using the CBC-R technique (which is what padBuster uses).


Lets just copy/pasta this into the ciphertext parameter so our new URL looks like this:


And now we have the /etc/passwd file <insert victory dance here>




Latest SpiderLabs Blogs

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising

During an Advanced Continual Threat Hunt (ACTH) investigation that took place in early December 2023, Trustwave SpiderLabs discovered Ov3r_Stealer, an infostealer distributed using Facebook...

Read More