forbiddenBits 2013 Write-Up: NaziWar

March 20, 2013

TLDR: Password is derived from username. Password collision for characters above 7-bit ASCII, i.e. we can easily find two usernames with the same password and there is a pattern in that. I liked the service quite much and almost punched myself when I realized I had been looking at the solution for hours but failed when copy-pasting it…

NaziWar was a 200 points challenge where you had to connect to a service using netcat.
When you were connected, the service asked you to tell it your name and then gave you a password (you had to scroll up to see it). With this username and password, you were then able login in a second step.
Once logged in, you could use the commands “help” which listed commands, “list” which listed files and “read”, which outputs the contents of a file. However, you could not read the file “flag” which instead printed that only the fuhrer can read it. So we want to login as “hitler”.
However, you were not allowed to tell the service that you are “hitler”, so you could not get the password as described above. So we need to find another way.

First, we noticed is that for a given username, you always receive the same password, i.e. the password is generated from the username and always starts with “fb” (presumably standing for “forbiddenbits”). We began by trying usernames like “aaaaaaaa” and then “aaaaaaab” and so on, but found no obvious pattern. However, “aaaaaaaaa”, i.e. 9*a gives the same password as 8*a. So it seems that only the first 8 characters of the username are used in the password generation.
Furthermore, we were able to find collisions in the passwords, i.e. the usernames “aaaaaaa” and “aaaaaaah” have the same password.
We then thought that we had to find out the padding used so we could pad the username “hitler” with it and receive the password as described above. However, we did not succeed doing so. But a much simpler method was available: So far, we had only tried 7 bit ASCII characters. Now what happens when we send characters beyond that range? We used a python script to do so, which connected to the service and tried multiple usernames, which we leave as an exercise to the reader.
In pseudocode, we already know:

pw("aaaaaaa" + $a) = pw("aaaaaaaa") where $a = 'h'

So, we are looking for a username that has the same password as “hilter”. But we don’t know that password. However, we can derive it as follows:

pw("hitleq") = pw("hitle" + $q)
pw("hitles") = pw("hitle" + $s)
pw("hitler") = pw("hitle" + $r)

We can easily get the password for “hitles” and “hitleq” and by “bruteforcing” we found that $q = chr(241) and $s = chr(243), so it seems only fitting that $r = chr(242).

In retrospective, we saw that the password generation seems to look at the chars in the username modulo 128. However, we only went as far as getting the password for “hitleò” which is by our theory above equal to that of “hitler”.
We then logged in as “hitler” with that password and “read flag”.

Leave a Reply




Get Adobe Flash player