Crypto

[offlinemark]

Using pycrypto, encrypt the communications b/t server and client.

[offlinemark]

Brainstorming:

so this is actually an interesting challenge. currently the communications between client and server are extremely informal. server binds to a port and listens for connections. upon receiving a connection (client connecting to that port) the server base64 encodes a string and sends to client. client then decodes and executes the string. boom.

the challenge is in designing some sort of handshake to communicate the AES key for encrypting communication. i guess one idea would be to simply hardcore the AES key in the client and server, however the victim would easily be able to grab this key then and decrypt the communications.

here's an initial brainstorm.

server has rsa key pair. client has public key hardcoded. client does similar deal where it continually tries to connect to a port. if that fails, handle it identically as now (error message). If a connection is successful, generate a 16 byte AES key, encrypt it with the public key, and send it over. server decrypts the packet and uses the AES key to encrypt the command string (maybe base64 somewhere too b/c why not??) and send it back. client decrypts and executes.

[offlinemark]

Actually, can I assume the victim conveniently has pycrypto installed? Should I? Probably not.

[offlinemark]

http://the.randomengineer.com/2014/01/29/using-ssl-wrap_socket-for-secure-sockets-in-python/ http://www.reddit.com/r/AskNetsec/comments/2fnu7e/feedback_on_a_postexploitation_tool_i_wrote/ckb4v73 http://bobthegnome.blogspot.com/2007/08/making-ssl-connection-in-python.html http://security.stackexchange.com/questions/61021/how-does-the-ssl-connection-protocol-work-with-self-signed-certificate

[offlinemark]

what's the crypto design with the best simplest/secure tradeoff. i could do a dumb xor cipher? key could be a config or generated by the client/server independently based on some predetermined algo