ITShield

This guide will walk you through all the steps to solve the challenges in this room, explaining the techniques and tools used for each task.

Task 1: Welcome, Crypto Detective!

This is an introductory task. The answers are found directly in the descriptive text.

Question 1: What is the term for unencrypted text?
- Answer: #####
Question 2: What do we need to convert ciphertext back to plaintext?
- Answer: ###

Task 2: Classical Ciphers

Objective: Decrypt a message that has been encrypted with a Caesar Cipher.
Analysis: The provided text, Gur Synt vf: GU1_15_N_51ZCYR_P7R5N1, looks like a simple alphabetical shift. The hint tells us the alphabet has been shifted by 13 places, which is the well-known ROT13 algorithm.
Tool: CyberChef is the best and fastest tool for this.
Steps to Solve:
1. Copy the ciphertext.
2. Navigate to the CyberChef website.
3. In the Operations search bar, find ROT13 and drag it into the Recipe column.
4. Paste the ciphertext into the Input box.
5. The output will be automatically generated in the Output box.
Result:

Task 3: Polyalphabetic Ciphers

Objective: Decrypt a message that was encrypted with the Vigenère Cipher using a specific key.
Analysis: For this challenge, we have both the ciphertext and the key. This points to a classical cipher that uses a key, with Vigenère being the most likely candidate.
Tool: CyberChef
Steps to Solve:
1. Copy the ciphertext (BPW LEACWJVH JSV BPW RWLB EPERI MW NSJIVLEAC).
2. In CyberChef, find the Vigenère Decode operation and add it to the Recipe column.
3. Paste the ciphertext into the Input box.
4. In the options for Vigenère Decode, enter the key JAFAR into the Key field.
5. The output will be displayed immediately.
Result:
Output: THE PASSWORD FOR THE NEXT STAGE IS #######
Answer: #######

Task 4: The Modern World: Symmetric Encryption & AES

Objective: Decrypt a file using the modern AES-128-CBC algorithm.
Analysis: We have all the necessary information: the algorithm, the key (from the previous task), the IV, and the ciphertext. We will need to use the openssl command-line tool for this.
Information Gathering:
- Password: ####### (from Task 3).
- Key: As described, the password must be padded to 16 bytes: JAFARPASS1234567.
- Key (Hex): We need the hexadecimal equivalent of this key: 4a414641525041535331323334353637.
- IV (Hex): a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6.
- Ciphertext (Hex): f568603503f7e62a1a2e37452d2f7811e56a735c03c51871a398c8c51950e30b.
Steps to Solve (in a Linux terminal):
First, we must convert the provided hex string into a binary file. The xxd command is perfect for this.

echo ‘f568603503f7e62a1a2e37452d2f7811e56a735c03c51871a398c8c51950e30b’ | xxd -r -p > backup.aes

Now, using openssl, we can decrypt the backup.aes file with the specified key and IV.

openssl enc -d -aes-128-cbc -K 4a414641525041535331323334353637 -iv a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6 -in backup.aes -nosalt

################################

Flag: ################################

Task 5: Public & Private Keys: The RSA Challenge

Objective: Decrypt the final message using a provided RSA private key.
Analysis: This is a classic asymmetric cryptography challenge. We have the encrypted file and the private key. The required tool is again openssl.
File Preparation:
1. Private Key File: Save the full content provided for private.pem into a file with that name.
2. Message File: The Base64 content provided for message.enc must first be decoded into a binary file.
Steps to Solve (in a Linux terminal):

base64 -d message.b64 > message.enc

Now that you have private.pem and message.enc, run the following command to decrypt it.

openssl pkeyutl -decrypt -inkey private.pem -in message.enc

Result:
The command’s output will be the decrypted message: Jafar Team’s main server is at ##########. Final Flag: ###############
Answers:

Flag: ###############

IP Address: ##########