This is a CTF challenge (a set of online information security challenges) and I have become stuck.
I noticed in the conversation one person asks for the other person to send the salted password file.
I wanted to grab that data, so I right clicked it and copied as printable text:
Salted__ð£s¯H+^1Y®ê-ié«æ×¹½¦þFÐö}×Gþ|vÎ
At this point, I think I have the salted password, so I save it to file.des3.
In the conversation, the dialog is as follows:
Hey, how do you decrypt this file again? You're serious? Yeah, I'm serious sigh openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123
So I figured this is basically telling me how to do it. So I run the same command:
rasp4@server:/ctf$ openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123
The following output appears:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
139871006373184:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../crypto/evp/evp_enc.c:599:
I look at the contents of file.txt and see this:
à@ %eõý#Äu´;RTÉÒ…²eèmkúì Øß”Êrâês¸qEG
I'm lost on what to do at this point. What am I supposed to do with that output? Why did I get an error from running the same command as the conversation did? My intuition is telling me something didn't copy from the data on Wireshark properly.
Try right-clicking on "Data: 53616..." in the Frame Details window so that you can select "Export Packet Bytes..." Export to a file named "file.des3" then try the decryption command again. Your intuition is right in saying that "something didn't copy from the data on Wireshark properly," because the "Copy" feature tends to add a lot of extra bytes to the data, which simply obfuscates that original hash.