In any event, I decided to do a nice simple one to get back into things.
The "goal" behind hts 6 is to actually code the solution. As a penetration tester, you need to be able to write your own scripts to accomplish very specific tasks. You an find a lot of info on XECryption from here or here. So I'm not going to go through the gory details about how to "crack" XECryption.
This is a good opportunity to pick a language that you do not know well in order to practice it. I picked c# because I wanted to do more with LINQ.
In any event, here is my solution. Pass in the full path to the file you wish to decrypt. Pipe the output to a file. Send the output (minus the first line saying it found the key) to ToxiCo_Watch.
using System;
using System.Collections.Generic;
using System.Linq;
using System.IO;
using System.Text.RegularExpressions;
namespace XECryptionDecrypter
{
class Program
{
static void Main(string[] args)
{
var encryptedFile = ParseArguments(args);
ProcessFile(encryptedFile);
}
private static void ProcessFile(FileInfo encryptedFile)
{
var encryptedContents = File.ReadAllText(encryptedFile.FullName);
var chunks = GetChunks(encryptedContents);
var key = DeterminePasswordKey(chunks);
Console.WriteLine("Found key: " + key);
foreach (var chunk in chunks)
{
PrintDecryptedChunk(chunk,key);
}
}
private static int DeterminePasswordKey(List<ChunkedNumber> chunks)
{
var mostCommonChunkedValue = chunks.GroupBy(x => x.Total).OrderByDescending(x => x.Count()).First();
var key = mostCommonChunkedValue.First().Total - 32;
return key;
}
private static void PrintDecryptedChunk(ChunkedNumber number, int key)
{
Console.Write(char.ConvertFromUtf32(number.Total - key));
}
private static List<ChunkedNumber> GetChunks(string encryptedContents)
{
var encryptedContentsWithoutReturns = encryptedContents.Replace(Environment.NewLine, "");
var chunkPattern = @"(\.\d+\.\d+\.\d+)";
var chunkRegex = new Regex(chunkPattern);
return (from match in chunkRegex.Split(encryptedContentsWithoutReturns) where !String.IsNullOrWhiteSpace(match) select new ChunkedNumber(match)).ToList();
}
private static FileInfo ParseArguments(string[] args)
{
if (args.Length < 1)
{
throw new ArgumentException("Please provide decrypted file path as argument 1");
}
var filePath = args[0];
if (!String.IsNullOrWhiteSpace(filePath) && File.Exists(filePath))
{
return new FileInfo(filePath);
}
throw new ArgumentException(string.Format("File with path {0} not found",filePath));
}
}
class ChunkedNumber
{
public int Number1 { get; private set; }
public int Number2 { get; private set; }
public int Number3 { get; private set; }
public int Total { get; private set; }
public string Raw { get; private set; }
public ChunkedNumber(string raw)
{
var formattedString = raw.Replace(".", ",").Substring(1);
var rawNumbers = formattedString.Split(',');
Raw = raw;
Number1 = int.Parse(rawNumbers[0]);
Number2 = int.Parse(rawNumbers[1]);
Number3 = int.Parse(rawNumbers[2]);
Total = Number1 + Number2 + Number3;
}
}
}
No comments:
Post a Comment