2020 EUROPEAN CYBER SECURITY CHALLENGE

3-7 November 2020

Vienna, Austria

WeakRSA

How difficult did you find this challenge?

1 2 3 4 5
Easy Hard
Event ECSC2018
Tags Crypto Web
Difficulty
Medium
Additional Info
Description

During the OSINT phase of a regular vulnerability assessment evidences of a data breach have been found on pastebin. Further investigation showed that one of the frontend webserver of Know Your Brand PLC had been compromised. The investigation also revealed that the attacker managed to capture network traffic. Analysis of the capture files the attacker left on the compromised machine showed that the capture files should be the source of the recent data breach. Tracing back the attacker’s IP address has been failed. However since the captured communication is encrypted and the private keys of the server are only accessible by the system administrators, the IT operation was incriminated.

Believing in the innocence of his collages, the head of IT operation hire your company to further investigate this case and prove their innocence.
Your company is provided with the network capture file the attacker left on the compromised server. The IP address of the compromised server is 172.30.11.10 and the IP address of the backend server is 172.30.10.10. The URL of the source of the sensitive information is https://172.30.10.10/FLAG.

Note: the provided nextstep.zip file is encrypted by the flag you have to recover by solving the first problem. The zip container contains the last step of this challenge and the questions you have to answer.

Tasks

Task 1: What is the used cipher suite?
Task 2: What is the FLAG?
Task 3: What is the impact of the attack?
Task 4: Who was the original developer of the generator script (genCsr.py)?
Task 5: What is the name of the developer who made the malicious change?
Task 6: Since when were all generated keys vulnerable?