FM03 - 250pts

Briefing

Download the Veracrypt volume and find a way to get the flag. Contents: dir_volume

Challenge Files:

• fm03.zip

Solution

1. During the competition, a hint was emailed out that said the file for this challenge is a VeraCrypt encrypted volume since no one had solved the challenge after 24 hours.

2. We can try a brute force approach to decrypt the volume since no other files are provided, such as a memory dump of the system that could contain the password. More information about potential attacks can be found in the VeraCrypt User Manual (Internet Archive Link).

3. Brutefocing this volume is possible because the password is early in the rockyou.txt password list. My GTX 1060 Mobile GPU can do about 150 H/s without any configuration changes to hashcat.

4. The following modes are available in hashcat:

   Copy

    137XY | VeraCrypt                                        | Full-Disk Encryption (FDE)
       X  | 1 = PBKDF2-HMAC-RIPEMD160                        | Full-Disk Encryption (FDE)
       X  | 2 = PBKDF2-HMAC-SHA512                           | Full-Disk Encryption (FDE)
       X  | 3 = PBKDF2-HMAC-Whirlpool                        | Full-Disk Encryption (FDE)
       X  | 4 = PBKDF2-HMAC-RIPEMD160 + boot-mode            | Full-Disk Encryption (FDE)
       X  | 5 = PBKDF2-HMAC-SHA256                           | Full-Disk Encryption (FDE)
       X  | 6 = PBKDF2-HMAC-SHA256 + boot-mode               | Full-Disk Encryption (FDE)
       X  | 7 = PBKDF2-HMAC-Streebog-512                     | Full-Disk Encryption (FDE)
        Y | 1 = XTS  512 bit pure AES                        | Full-Disk Encryption (FDE)
        Y | 1 = XTS  512 bit pure Serpent                    | Full-Disk Encryption (FDE)
        Y | 1 = XTS  512 bit pure Twofish                    | Full-Disk Encryption (FDE)
        Y | 1 = XTS  512 bit pure Camellia                   | Full-Disk Encryption (FDE)
        Y | 1 = XTS  512 bit pure Kuznyechik                 | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit pure AES                        | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit pure Serpent                    | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit pure Twofish                    | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit pure Camellia                   | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit pure Kuznyechik                 | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit cascaded AES-Twofish            | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit cascaded Camellia-Kuznyechik    | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit cascaded Camellia-Serpent       | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit cascaded Kuznyechik-AES         | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit cascaded Kuznyechik-Twofish     | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit cascaded Serpent-AES            | Full-Disk Encryption (FDE)
        Y | 2 = XTS 1024 bit cascaded Twofish-Serpent        | Full-Disk Encryption (FDE)
        Y | 3 = XTS 1536 bit all                             | Full-Disk Encryption (FDE)

5. Let's try mode 13722 since that is the default in VeraCrypt. Starting cracking with: hashcat -a 0 -m 13722 dir_volume /usr/share/wordlists/rockyou.txt.

   hashcat output:

   Copy

    dir_volume:redwings                              
   
    Session..........: hashcat
    Status...........: Cracked
    Hash.Type........: VeraCrypt PBKDF2-HMAC-SHA512 + XTS 1024 bit
    Hash.Target......: dir_volume
    Time.Started.....: Thu Apr  8 18:43:44 2021 (4 mins, 34 secs)
    Time.Estimated...: Thu Apr  8 18:48:18 2021 (0 secs)
    Guess.Base.......: File (/home/hhhgohn/Downloads/rockyou.txt)
    Guess.Queue......: 1/1 (100.00%)
    Speed.#1.........:      149 H/s (8.48ms) @ Accel:64 Loops:16 Thr:64 Vec:1
    Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
    Progress.........: 40960/14344384 (0.29%)
    Rejected.........: 0/40960 (0.00%)
    Restore.Point....: 0/14344384 (0.00%)
    Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:499984-499999
    Candidates.#1....: 123456 -> loser69
    Hardware.Mon.#1..: Temp: 87c Util:100% Core:1835MHz Mem:3802MHz Bus:16
   
    Started: Thu Apr  8 18:42:40 2021
    Stopped: Thu Apr  8 18:48:20 2021

   The password redwings is shown in the hashcat output.

6. We can mount the volume using VeraCrypt's GUI with password redwings. The flag is in Flag/flag.txt.

Flag

Us3_5tr0ng_P@55w0Rds!