HackTheBox ElElGamal Writeup
Explore the basics of cybersecurity in the ElElGamal Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/379
Description
After some minor warnings from IDS, you decide to check the logs to see if anything suspicious is happening. Surprised by what you see, you realise that one of your honeypots has been compromised with a cryptominer. As you look at the processes, you discover a backdoor attached to one of them. The backdoor retrieves the private key from the /key route of a C2. It establishes a session by sending an encrypted initilazation sequence. After the session is established, it waits for commands. The commands are encrypted and executed by the source code you found. Unfortunately, the IDS could not detect the request to /key and the machine was rebooted after the compromise, so the key cannot be found on the stack. Can you find out if any data was exfiltrated from the honeypot to mitigate future attacks?
Exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/usr/bin/env python3
from Crypto.Util.number import bytes_to_long, long_to_bytes, inverse
import base64
import re
def decrypt_message(ciphertext: str, s: int, q: int) -> str:
try:
_, c2 = ciphertext.split("|")
c2 = bytes_to_long(base64.b64decode(c2))
m = (c2 * inverse(s, q)) % q
return long_to_bytes(m).decode()
except Exception as e:
return f"[Decryption failed: {str(e)}]"
def main():
q = 855098176053225973412431085960229957742579395452812393691307482513933863589834014555492084425723928938458815455293344705952604659276623264708067070331
s = 804519413946339833036807676236425366393713828575772089253931453873946915064743259014634759406656096586184230449849670884334808422167611972326858050206
ciphertexts = [
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|EtJdz4TGpsPRxpCfSU1EzHCdn7dwx/wM5ddhCA4PpiGZTUpytbe6qYbNgrtJNmB3aTGCMiaxFr1jQfjtonk=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|ApmwM0ox37numDswK1IMAD5I9sD1OLnV4hCEtv6+j/2kF0wIZeckbfZNas/wczb85jEhV8cmRpgRfOy8SYGu",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|zfdAT+azces+LVK57G+oYrdBA9/A30LMnAFhVG5T21jkLgDRayGHw1yilT90GJ9a0wSsfNbxsmJPqqo1B1U=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AhTIGaZxjVa/UARA76g2ECDoeAUvC0btVMnRo0/HxyS7E0MqmyyJcSttPf9kfGjbN06FrFj56NJrILbGf4K2",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|RHOqLQjEjbID7TyPTp+p/OOznHzyuNI9QaLj8F2/vAZpCDUK1//yFaJO78UwjjgzcQWY9yv2hkgY8ACge/c=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AQZrbR9r7dO+CdPHp8I4SgDP/0MOA0NkvWWcaDImB5HPhubKGbNS9OnNcs2ShdXXJ9+pygF7M1hBgIWWuZYR",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|exHMS0Jj51CnO2Ai2lES3P7Upsfvi33Km/GZ3I0XbAo2aqs4xnNoRaLtV0DwcjI/MgRar2UGSoPTt3oJGu0=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|2x692eZegFskxXnptM8btDeLb0S2foSlo1iKV09bNXWZUuIyzfcYrR3mX0SP9UBeNOz8eRFOwPy2K0Lyc2A=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|gQ83O8Sg19BC4HnMFEknUGHQGOMyGFRX22UUe1YB1yZtYx+aAq6n/4M0gl/GpWZvXURqfaERc25o9Tg2pFE=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|exHMS0Jj51CnO2Ai2lES3P7Upsfvi33Km/GZ3I0XbAo2aqs4xnNoRaLtV0DwcjI/MgRar2UGSoPTt3oJGu0=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AuCkgVY/lWBG5XFgfYwCNC9nOZjI2ncCHKfTcl2K2Ie5Bo6EaShdUsQP4rUMy4t5ZEK1cM0ZB+KdHfCZUiUQ",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|A6S0OgAtdvQ4YIheDtCHvgDCDoB+DV0jUnXzOSu2KV9nHu/zAn18M7ou8V25BsGiqW6IyDCPNFXTRHN4FtnP",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AiZ95CrjFfQQstT8aU+H1t9dUH4i7OlQ1nVkx8SmaTcIGXbZXghaFkOE07+4aK20BuUi3rRhxwjwFh7K5Zmq",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|Mp5n6bs2QtuyR6//cxsqQMzBoXhFqotQBZqeN44geBUHxDAmfw61rZ/GclXTy+SrWNDcM6vhOOTg28Sm6AQ=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|A6Mcdavba6LTd+t2mCiW38A5/1lYamiLLPkFIdjWsXvoIPPrE15R021C4wbaPKWTgXdtRwtDzBL6UxXdLIGe",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|A24NpCGdnRip3aKRE3HvBos6Fc7ywzStdsozn0OzvyLENqyD/IOVdLpW7RYXb1pSBxNrT/eOCjTR9tcHN4oy",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AXUFQXwvC9UmYYv+s4Fp4uZIvRJNsYTpo39EE454rqYJXSExNV/IzeDhq9HTFtyvSpe7tQ/m7iSn7GRBNfMH",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|Ab70nelzVaGrGSreMo7TE3I477UnXwdJnFhiwhKOUONkXFIJqwRPH4ntqtgHTJXIUb3l4IlXl0bDePN834aZ",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|KHShTHH+sId0qHwxjmTjn2J/jc3jVTZdc/9WQmsDHv9ecoMJrl6If7pF7kjdhyNPTTUtVSUChUWE67/xnUU=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|A+wzDdGTsLp8pFbwrG0AqBg3ZErY+Smq9HFV5DOzfcqPoctKhul5RjWlKQzxyF6PyogYc8oiGbzzyBEEvFR0",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AwnfyYhOeJOBGDewNw21q5h6rkqmklF3twyk6RfEw1kLlBxlVjkY/wa9RrH5UKQELFg3b9L6BHe9iz5Z4QtM",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|A1e13VqBQhTFFV0f53Up3gJdexBo1y8CxIuXUhfavnaOG60SDmpywm5qF6CsgdTQlOAPWOpvdzFb2dCbq+Gb",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|K1zTtrfRe/7m9zq2KLEx+TpCe6oDzKXowhWx/Qte+Pm1e8MCcCXyxZXGObSsPfV/LQwEr8/QMhBOtollXfA=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|Ahnm8a3aF3MpjcpMITSCF2/B82sIOhJlizpCv36pi3gJWxxUZOfBSeEuhQVXHRcZPB4zETnWRsXOpV0mlMCF",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AYBg6cwatQfYX/C77xd3gO+LGJaX38iNImpBJ8Uh2RVQOSQ/ZNa727ABEop14ASj2JYwHGV1YRfznGh+CzGE",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AmnmFxw/D1tDDGgeA88kCbkoplBsQkmbP0JJrIkyAC/Pjgz+ZEItIEpvhnY2CHPHJoC40dRaX09beLbZdjcn",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AqABsE2xVZ5n7pGxZmNJVHbo5NQCWKFM5+LlfBdUVHCJQswC+dl+iUE5s3Wf7WSerRHuSAAB1OlBGPUX0i4F",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|BC05EGpSllh0wVHiq8xKZ9XG6LS6wYP/nBaPVtTyl2z1UeNBivNlJ5/t+sM9H5q51B7H9J3lDw/w/lJrtWMT",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AgbGDeskwl6G9K9IsiESe/Sd5Hf/Fcy7wHLf6VEUGO1hzMtdy2UVRNWoPCZV0gM4l7kmfUfSwmKrGH8CORXS",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|+SoF4PFex5x0UnYa0EXb3oBbQ622fHyCNCA9+Lx1GYmVP9AtWUJpRXRC/TxsaMwtBwZV1iNg2xgISeU0Hro=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|ARvSDNTKA21WJuF2wJYmT/fHpwdA17ptvgZKWqPfaPkwDFFXMHibS/7r4Jd6SoQ7AwPOJe51TrVc25uoFPnb",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|A1dGzEQIwMFvsUgxkkusJij1wIfWdJkS6NhluzZkm9w/g9iA6DuXa73NdfKGW5HUYBv3p+zzjdy/9sB41ktd",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|hmbmiCbLKjFYa4YkYBVYxEY/RtJY9i7CnqsaZq5JBOorWolAVktFzEnMSkpbjlWNxAV0UbfoKEBkuW8FOmo=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|EI3rF7Eil+O+Q1ZnMLf3i2tml78mojCya4ddJVfuGDT5fOxgMfd3KokAQawpWH2XZXTjINmprN764RhmWbg=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AnTO1nIF7gCoaIIh+BZ8Rd8tH3pZQeHvgXYwpWxG2gqysFEFq4l364BVRnI7kM3zMSwFUzFbV2egqHgzWw2p",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|yx/r6WE8+zYUYEAgCzl30g7Nld0g/GJhKzUNzZ4auS9YVHSSAAbHN/+5vCCQiEh3J+JPIxmstjYveJZoLuk=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|qU3/SEDVdBlyZF4HwrBzYQDyqqwnBQG2bABUh9KPnwawixN47EhnemUJEq5QVA1+jT0ZmsFbi2T+XAyzdxA=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AvlVyNw8FpRvZwtB3Gq6BCB60zBdKzpL7EUN737p8WS7pGUBJC0O0MiLc5k0Vz80yLiQwOwbXtHVADoQ4nz7",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|Awm9WN3jiTex3fuDBElIyWPm4UoUCt1K2+N99GuQxJT+hOHgFlEHAsKcGxOIu5ZQHoPcR5ELv7kWbEf5KVLs",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|yx/r6WE8+zYUYEAgCzl30g7Nld0g/GJhKzUNzZ4auS9YVHSSAAbHN/+5vCCQiEh3J+JPIxmstjYveJZoLuk=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AZ2UTDvCOY9utPTr7/4N1DhlNgT/hB00aVANw60OJLMXW+xpbkoa6PH5DP3GKqOgUTw7QEZbJVUsu/kIpzIo",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|zcoCxUfT9ruiJVY1MipXLNhoXv1tQh5zaBE3M7QJOWzRPn5lMMEnQTRGjm0DabyyB8DGDWFiniMGI5/5pBE=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|yx/r6WE8+zYUYEAgCzl30g7Nld0g/GJhKzUNzZ4auS9YVHSSAAbHN/+5vCCQiEh3J+JPIxmstjYveJZoLuk=",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|Ar3Kf8wSBKazztCh/ZUN8O/9c6Mb3GlhS/pkdW/R1lii+9suAvhF71TrlORl5zaKJgxYwpFEoWB2UVWSjSIs",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|At2fiWhVfIhl5b64S0Gt6VN23undOdTUxKtb9/fnjf+4dU76qu5CJg13qiy8KDFvSXtoLg732h1hpJYWtjZ+",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|ARPAb/qbCo2R0emUhbEd/DjGw2P6YXZUuj+BiD1burllUucNh1Hd3YXkH9gGyvcSPca0pOBa/Qhct6aV1s3F",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AjEcwHtXwrHxi0vXXvBZ8k24PrW7k9To/nAQcNOX+UbGmXTzwbUEFFixEdJUF7HViJA91luh1da9mOSRcj1I",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AXWLri4wwhHtSLu2B6Yl43lRxOkWA8QhgxCot/4Rlrf39DTiLvgTGUN7yFKEES5Uqqs0iDWTzrvLrTomrSwQ",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AhY1sFJfeqiTfUcuMwmLlTcFdB8KnFC4rDb21Z6YR6Yn8yXNE7fHcN58UNOJF5FzUFJJvR1n7wHso4PzZcbm",
"43zIOhk1ayUoiAXipAm3tdNPwgyzIhZjRUcRc7fw5PiSUN1b3ICzHEFbNhiti2aB2jdvs4uYHUqN1YdZtyY=|AbvkqKFzC9dbZtD/mg0UGhQAa2iI9DfcuVHzGGzb8i+DqFiiLs3KwpSpGdadxyVBtc28VNA5XTnJr/LywwWG",
]
for i, ct in enumerate(ciphertexts, 1):
decrypted = decrypt_message(ct, s, q)
print(f"{decrypted}")
if __name__ == "__main__":
main()
Summary
The ElElGamal Challenge on Hack The Box focuses on exploiting vulnerabilities in the ElGamal encryption scheme. Participants analyze the implementation to identify weaknesses, such as reused randomness or insecure key generation. By leveraging mathematical techniques like the greatest common divisor (GCD) and properties of modular arithmetic, they decrypt the message and retrieve the flag. This challenge offers a hands-on opportunity to deepen understanding of cryptographic protocols and their practical flaws.