Tags: pgp crypto 


# STEM CTF Cyber Challenge 2019 – Warm Up

* **Category:** Crypto
* **Points:** 50

## Challenge

> Everyone says that PGP is hard to use. Show ‘em how it’s done.

## Solution

The challege gives you [some files](https://github.com/m3ssap0/CTF-Writeups/raw/master/STEM%20CTF%20Cyber%20Challenge%202019/Warm%20Up/warm-up.zip).

The first step is to import the secret key.

$ gpg --allow-secret-key-import --import mitre-ctf-2019-private.asc
gpg: key D70E64BECB374E23: "CTF Competitor (This is private key for a 2019 MITRE CTF Competitor and should not be trusted!) <fake@fake>" not changed
gpg: key D70E64BECB374E23: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys unchanged: 1

Then, using the passphrase into `passphrase.txt` file: `just use ctfd`, decrypt the `key.enc` file.

$ gpg --output key --decrypt key.enc
gpg: encrypted with 2048-bit RSA key, ID 2D312D1F87BA2B5E, created 2018-12-03
"CTF Competitor (This is private key for a 2019 MITRE CTF Competitor and should not be trusted!) <fake@fake>"
gpg: Signature made lun 03 dic 2018 23:48:09 CET
gpg: using RSA key 587735E31F0B06751ACD0D53CDE38825F2FFFCB4
gpg: Can't check signature: No public key

The `flag.html.enc` file is salted and encrypted with OpenSSL.

$ binwalk flag.html.enc

0 0x0 OpenSSL encryption, salted, salt: 0xF61A179-5D7CAE48

The following OpenSSL command can be used to decrypt it.

$ openssl aes-256-cbc -kfile key -d -in flag.html.enc -out flag.html -md md5

The decrypted file contains a false flag and a real one hidden.

$ more flag.html

<title>MITRE CTF 2019 Homepage.</title>
<h1>This is an HTML Page</h1>

Test Flag please ignore:




The flag is the following.


Original writeup (https://github.com/m3ssap0/CTF-Writeups/blob/master/STEM%20CTF%20Cyber%20Challenge%202019/Warm%20Up/README.md).