PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Cryptography

Compress and Attack

PreviousWhat's your input?NextDachshund Attacks

Last updated 2 years ago

Was this helpful?

Problem

Your goal is to find the flag. compress_and_attack.py nc mercury.picoctf.net 50899

Solution

  1. Searching for the encryption used (Salsa20) suggests that , so we'll need to look for a different attack vector.

  2. Searching online for "compression and encryption" finds . Basically, since compression is applied before encryption and we control part of the text that is encrypted, we can strategically send payloads until the resulting cipher text length decreases. This idea is the basis for the exploit, which the mentions.

  3. Searching for "crime exploit python" reveals this amazing GitHub repository: . My slightly modified version of this script along with the solution to the challenge is in the . The needs to be run with Python 2 because is a very old repository. You can read more about the attack in the .

  4. Running the produces the following output:

    [+] Opening connection to mercury.picoctf.net on port 50899: Done
    In round 0, ran all 29 guesses in 6 seconds
    After round #0, kept: 'picoCTF'+['{']
    In round 1, ran all 29 guesses in 6 seconds
    After round #1, kept: 'picoCTF{'+['s']
    In round 2, ran all 29 guesses in 6 seconds
    After round #2, kept: 'picoCTF{s'+['h']
    In round 3, ran all 29 guesses in 5 seconds
    After round #3, kept: 'picoCTF{sh'+['e']
    In round 4, ran all 29 guesses in 5 seconds
    After round #4, kept: 'picoCTF{she'+['r']
    In round 5, ran all 29 guesses in 6 seconds
    After round #5, kept: 'picoCTF{sher'+['i']
    In round 6, ran all 29 guesses in 5 seconds
    After round #6, kept: 'picoCTF{sheri'+['f']
    In round 7, ran all 29 guesses in 5 seconds
    After round #7, kept: 'picoCTF{sherif'+['f']
    In round 8, ran all 29 guesses in 5 seconds
    After round #8, kept: 'picoCTF{sheriff'+['_']
    In round 9, ran all 29 guesses in 5 seconds
    After round #9, kept: 'picoCTF{sheriff_'+['y']
    In round 10, ran all 29 guesses in 6 seconds
    After round #10, kept: 'picoCTF{sheriff_y'+['o']
    In round 11, ran all 29 guesses in 7 seconds
    After round #11, kept: 'picoCTF{sheriff_yo'+['u']
    In round 12, ran all 29 guesses in 7 seconds
    After round #12, kept: 'picoCTF{sheriff_you'+['_']
    In round 13, ran all 29 guesses in 7 seconds
    After round #13, kept: 'picoCTF{sheriff_you_'+['s']
    In round 14, ran all 29 guesses in 6 seconds
    After round #14, kept: 'picoCTF{sheriff_you_s'+['o']
    In round 15, ran all 29 guesses in 5 seconds
    After round #15, kept: 'picoCTF{sheriff_you_so'+['l']
    In round 16, ran all 29 guesses in 6 seconds
    After round #16, kept: 'picoCTF{sheriff_you_sol'+['v']
    In round 17, ran all 29 guesses in 6 seconds
    After round #17, kept: 'picoCTF{sheriff_you_solv'+['e']
    In round 18, ran all 29 guesses in 5 seconds
    After round #18, kept: 'picoCTF{sheriff_you_solve'+['d']
    In round 19, ran all 29 guesses in 5 seconds
    After round #19, kept: 'picoCTF{sheriff_you_solved'+['_']
    In round 20, ran all 29 guesses in 6 seconds
    After round #20, kept: 'picoCTF{sheriff_you_solved_'+['t']
    In round 21, ran all 29 guesses in 6 seconds
    After round #21, kept: 'picoCTF{sheriff_you_solved_t'+['h']
    In round 22, ran all 29 guesses in 6 seconds
    After round #22, kept: 'picoCTF{sheriff_you_solved_th'+['e']
    In round 23, ran all 29 guesses in 5 seconds
    After round #23, kept: 'picoCTF{sheriff_you_solved_the'+['_']
    In round 24, ran all 29 guesses in 6 seconds
    After round #24, kept: 'picoCTF{sheriff_you_solved_the_'+['c']
    In round 25, ran all 29 guesses in 5 seconds
    After round #25, kept: 'picoCTF{sheriff_you_solved_the_c'+['r']
    In round 26, ran all 29 guesses in 5 seconds
    After round #26, kept: 'picoCTF{sheriff_you_solved_the_cr'+['i']
    In round 27, ran all 29 guesses in 6 seconds
    After round #27, kept: 'picoCTF{sheriff_you_solved_the_cri'+['m']
    In round 28, ran all 29 guesses in 5 seconds
    After round #28, kept: 'picoCTF{sheriff_you_solved_the_crim'+['e']
    Retrying connection...
    [+] Opening connection to mercury.picoctf.net on port 50899: Done
    In round 29, ran all 29 guesses in 6 seconds
    After round #29, kept: 'picoCTF{sheriff_you_solved_the_crime'+['}']
    Flag: picoCTF{sheriff_you_solved_the_crime}
  5. I modified the code to not use threading since it messed with pwntools, exit when the } character is kept, and of course added the details specific to this challenge.

Flag

picoCTF{sheriff_you_solved_the_crime}

compress_and_attack.py
Source
there are no published attacks
this StackOverflow question
CRIME
StackOverflow question
EiNSTeiN-/compression-oracle
solution script
solution script
EiNSTeiN-/compression-oracle
EiNSTeiN-/compression-oracle README
solution script
EiNSTeiN-/compression-oracle