tag:blogger.com,1999:blog-33242194251147061.post9160837778100650470..comments2024-03-26T23:48:32.538-05:00Comments on RaiderSec: SANS Holiday Challenge 2012 Zone 3 WriteupJordanhttp://www.blogger.com/profile/09317580042468804874noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-33242194251147061.post-5076068288279033952013-01-08T21:25:13.141-06:002013-01-08T21:25:13.141-06:00Thanks for the comment, and great question! I knew...Thanks for the comment, and great question! I knew that XOR was a symmetrical algorithm (and likely the one in use), but I wasn't too familiar with performing a Stream Cipher Attack. So, I knew that we would be able to use XOR to derive the new URL, but wasn't quite sure how - as in, not exactly sure how all the pieces fit together. <br /><br />The first thing I did was Google 'XOR reuse key', which showed the first result as the Wikipedia link to Stream Cipher Attacks. From here, I could see the algebra used to perform the attack, and then created the actual exploit in Python. Hope this answered any questions!Jordanhttps://www.blogger.com/profile/09317580042468804874noreply@blogger.comtag:blogger.com,1999:blog-33242194251147061.post-79168218394671286802013-01-08T21:01:22.174-06:002013-01-08T21:01:22.174-06:00Do you have anymore details on how to do this? Thi...Do you have anymore details on how to do this? This stumped me really good on the challenge. I kept trying to dig through the social media stuff for clues, but couldn't find anything.<br /><br />I noted the same things you did: the first parts of the ciphertext for the new and old URLs were identical, and the question asking why key re-use is a terrible idea. Unfortunately, I wasn't able to identify it as a stream cipher or derive how to attack/reverse it.<br /><br />Do you have any references for attacking/identifying stream ciphers?da_667https://www.blogger.com/profile/12074166621621209623noreply@blogger.com