Post

HackTheBox MSS Challenge

Posted
By x3ric
2 min read

Explore the basics of cybersecurity in the MSS Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/630

Description

The military possesses a server containing crucial data about the virus and potential cures, secured with encryption and a key distributed using a secret sharing scheme. However, authorized members holding parts of the key are infected, preventing access to the research. Fueled by your cryptography passion, you and your friends aim to hack into the server and recover the key. Can you succeed in this challenging mission?

Exploitation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

#!/usr/bin/env python3
from pwn import *
import json
import sys
from hashlib import sha256
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from Crypto.Util.number import getPrime
from sympy.ntheory.modular import crt

def connect(host, port):
   return remote(host, port)

def get_share(io, x):
   io.sendlineafter(b'query = ', json.dumps({"command": "get_share", "x": x}).encode())
   response = io.recvline().decode().strip()
   return json.loads(response)

def get_enc_flag(io):
   io.sendlineafter(b'query = ', json.dumps({"command": "encrypt_flag"}).encode())
   io.recvuntil(b'encrypted flag : ')
   data = io.recvline().decode().strip('.\n')
   return json.loads(data)

def main():
   if len(sys.argv) != 2:
       print(f"Usage: python {sys.argv[1]} <ip:port>")
       sys.exit(1)
   host, port = sys.argv[1].split(':')
   io = connect(host, int(port))
   print("[*] Collecting shares using prime numbers...")
   primes = []
   remainders = []
   for i in range(19):
       p = getPrime(15)
       share = get_share(io, p)
       if share['approved'] == 'True':
           y = int(share['y'])
           primes.append(p)
           remainders.append(y % p)
           print(f"[+] Got share {i+1}/19: prime={p}, remainder={y%p}")
   print("[*] Applying Chinese Remainder Theorem...")
   key = int(crt(primes, remainders)[0])
   enc_data = get_enc_flag(io)
   key_bytes = sha256(str(key).encode()).digest()
   iv = bytes.fromhex(enc_data['iv'])
   ct = bytes.fromhex(enc_data['enc_flag'])
   cipher = AES.new(key_bytes, AES.MODE_CBC, iv)
   pt = unpad(cipher.decrypt(ct), 16)
   print(f"[+] Flag: {pt.decode()}")
   io.close()

if __name__ == "__main__":
   main()

Summary

The MSS Challenge on Hack The Box is an easy-level cryptography challenge involving the recovery of an encryption key secured using a secret sharing scheme. Participants must collect modular shares of the key, reconstruct it using the Chinese Remainder Theorem (CRT), and decrypt the provided ciphertext using the key. The exploit script showcases methods for querying and validating shares, performing CRT-based key reconstruction, and decrypting an AES-encrypted flag in CBC mode. This challenge highlights practical applications of modular arithmetic and symmetric encryption in cryptography.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.