The fun thing about CTF’s is that there is no single way to solve them. This CTF gives you a clue to use google and tries to lead you to an old Github page that has this key listed as ‘expired’ ( ) However the point of this post is to show how to do this when someone gives you the private key file. The exception is typically in a contrived situation, like a CTF. You can’t simply google for Microsoft’s private key.
99.999…% of the time you will need to get the private key in a legitimate way. It is also possible to find some using Google searches, however most people have become wise to this method (normally the hard way). He did a presentation at CyberThreat 2018 giving a summary of (redacted) results, amongst them, private keys.
A friend of mine, Kev ‘TheHermit’ Breen created a Pastebin scraper (PasteHunter) that uses Yara rules to check pastes for interesting stuff then indexes them. People don’t publish private keys online! In this instance we can see that the network traffic is using a certificate that has had the private key published online. Hold your horses, there is a lot of useful information in an encrypted PCAP that may help you to find a weakness, or even all the information you need.
It was originally a DEFCON CTF, then was later picked up by, if you want to play along at home click here) Encrypted Traffic in a PCAP? I’m outta here!! (To help me structure this post I am going to use a CTF challenge as a walkthrough. If you have a HTTPS session captured and are looking at unlocking the secrets that lie within, you are probably looking at Wireshark with eternal optimism hoping that somehow the magical blue fin will answer all of problems….
0 kommentar(er)
