Last active
April 16, 2019 04:18
-
-
Save roycewilliams/1d629dc7ea18ad88875fbfd059acb813 to your computer and use it in GitHub Desktop.
crackthecon-nsec3-argon2i-puzzle.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# As told to a friend on IRC - 2019-04 | |
# Line breaks added and a few edits for readability | |
omg you should have heard me yell | |
so you download a 7z before the contest starts | |
but it's password-encrypted ;) | |
and they give you the password when the contest starts | |
normally when they unzip there are some text files, with hashes in them | |
one of the text files contained only this single line: | |
$ cat InTheZone.txt | |
dig +short +dnssec starthere.crackthecon.0x23.pw TXT | |
... which is [in other words, which, when run, returns this DNS response]: | |
TXT 13 4 3600 20190423031048 20190409014048 38593 crackthecon.0x23.pw. P7B6eCR2dR784OLFFj75Ka8VC2qvZ8ssCJqq+akuPzsLSuIqLVbP2Fzm iD5ixoDWdMgZ8xzVDHXEOsRm8A7rTA== | |
we never did crack the 128-byte hash that is behind that base64 part | |
but | |
it turns out that because of how some DNSSSEC works, there's a zone enumeration problem (like a zone transfer) | |
that they can't really work around, except they *hash the hostnames* | |
they're called NSEC3 hashes | |
and they're one of those cases where hashes are public by design | |
so | |
https://www.google.com/search?q=crack+dnsssec+hashes | |
first hit is: | |
https://github.com/anonion0/nsec3map | |
basically it does a binary walk by searching for randomly named hostnames within the zone | |
and the server has to either say "yep, that's a host" or, crucially, "no, that's not a host, but here's a hash of the next available hostname" | |
next available by hash, i think | |
when i learned about this a couple of years ago | |
i actually used censys.io data to get a list of all zones doing dnssec nsec3 | |
and used this tool to harvest all of the hosts i could find | |
and try to crack them | |
and if anyone looked at the issue history for the project, you'd see me, e.g. https://github.com/anonion0/nsec3map/issues/6 | |
i know these guys, and i think they knew about my interest in this | |
so in some ways they crafted this puzzle for me specifically | |
i had to figure out what name server to hit | |
there were no NS records for the zone: | |
$ host -t ns starthere.crackthecon.0x23.pw | |
starthere.crackthecon.0x23.pw has no NS record | |
$ host -t ns crackthecon.0x23.pw | |
crackthecon.0x23.pw has no NS record | |
$ host -t ns 0x23.pw | |
0x23.pw has no NS record | |
... but there is one mentioned in the WHOIS! | |
$ whois 0x23.pw | grep 'Name Server' | |
Name Server: NS.0X23.PW | |
[the actual n3map command was:] | |
$ n3map -v --ldh --max-retries=1 --timeout=30000 -o crackthecon.0x23.pw.zone ns.0x23.pw crackthecon.0x23.pw | |
there were like 35000 hashes | |
so i'm happily cracking them | |
and then i think | |
they're kinda long and random-ish | |
but valid DNS hostnames - lower, digits, and dash | |
so i think to myself | |
"hey, these are real hostnames, i wonder if these are real hosts" | |
so I do a dig on one of the cracked hostnames | |
0beo6hqibsaj4q4aafi5o670ka0isfun:.crackthecon.0x23.pw:4754464f214e6f7468696e6748657265:19:heartyomonon | |
^ that's what the crack looks like, and 'heartyomonon' is the hostname | |
and the DNS lookup reveals: | |
$ host -t any heartyomonon.crackthecon.0x23.pw | |
heartyomonon.crackthecon.0x23.pw descriptive text "$argon2i$v=19$m=131072,t=3,p=2$M6YUQqg1BkAIwVgrRYjRGg$RaiqjFwP7/nAF6c8z5/EX+HMYli0YXvMnZa1mkWwjkk" | |
heartyomonon.crackthecon.0x23.pw has RRSIG record TXT 13 4 3600 20190423031048 20190409014048 38593 crackthecon.0x23.pw. GXvOrxMXL1ar8LnXXpvPkgFSuMOx8cNgTb9Q/evuL3DqLbV4IXyNalox Bf8NQiS85HTTasNdC1NCzfXN0SpOSw== | |
that TXT record | |
contains | |
a DIFFERENT PASSWORD HASH | |
type argon2i is SUPER HARD | |
like, so hard that hashcat hasn't even bothered to add *support for it* | |
only software that currently support it is john the ripper | |
so | |
the contest dynamics are interesting, right? | |
i have to crack the nsec3 to even get the corresponding argon2i | |
the nsec3 is only worth 100 points (or 200 if you crack it before anyone else does) | |
the argon2i is worth 1000 points, or 2000 if first | |
so | |
it's like scavenger hunt + capture-the-flag | |
so one guy is cracking nsec3s, and feeding them to another guy who is trying to crack them | |
the argon2is i mean | |
but its suuuuuuuuuuuper slow to crack argon2i | |
and so then we realize that the argon2i plains are either the hostname itself, or the hostname modified by a password-mangling rule (all caps, leet, reversed, etc.) | |
so it was a race | |
that's just one example | |
there were many puzzles some of which we never solved at all | |
it also sucked because it was in the middle of the work week, so i couldn't devote as much time/attention to it, nor sleep as little as usual :) | |
[comment from friend about polyphasic sleep] | |
heh, did dabble in that briefly in college but couldn't pull it off for an extended period | |
but during contest, I'd sleep 2 hours, then be up for 22 | |
finding those argon2is was the killer edge for us - other teams found and cracked the NSEC3s but appear to have never explored that they might be real hostnames | |
argon2i cracks were literally 1/3 of our total score |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment