# Socket Lab

We will be navigating through a few applications of security through websites.  
This lab is a bit introductory, although it may not feel that way.  
We are going to get used to some of the lower-level tools used to analyze websites and create communication channels.  
This is relevant to our study of RSA, protocols, server communications (namely authentication), and you will learn a lot more in CYBER 210 when you will get more in depth about networking.  

### Look at HTTP vs HTTPS  

Standard internet web-browser traffic used to be served over port `80`.  
you can try this now, open a browser and navigate to [`www.cryptocat.uk:80`](http://cryptocat.uk:80).  

I am running a web-server on port 80.  So you should see a simple webpage.  
A web browser knows that it's supposed to communicate over port 80, so that's what it defaults to.  

However if you notice in the appropriate area (browsers are different) you can see the security lock, indicating a valid SSL connection.  
![image-2.png](attachment:image-2.png) 

https is served over port 443, and when a browser communicates over port `443` there is a security lock displayed.  
(*note*, I have my server set to redirect all traffic to 443, for security purposes.  Nothing but secure connections!)

**RSA!!!**  
SSL is an implementation of RSA, so I created an valid RSA key, and my server is using it to validate with the browser.  
They have created a secure socket layer (SSL) on which to communicate!  Yay!  
If you really want, you can click on the lock and view the certificate also... There is a lot of metadata to view.  

## Let's start capturing some flags
First off, please read the two starter documents if you need to.  
One is on general tools we will be using, another is a primer on using a socket connection.  

**Always feel free to contact me or the other instructors for help!**  

All flags for this class will be of the form `cyber202{...}`, instead of ellipsis there will be a string of 16 bytes in hexadecimal.  
I create flags using command `random.randbytes(16).hex()`  
Here is an example flag:  
$\hspace{5mm}$ `cyber202{381e9f050c0daf0c7e1ec361e542cc9a}`  



### Question 1 (10 points)
We can communicate webtraffic on any port, we just need to agree on it with someone.  
I have setup a webserver on cryptocat on port `2053`.  
Capture the flag and submit it below.  

In [None]:
# Question 1: html plain flag (10 points)




# Please submit just the flag here for autograding
Q1_flag = cyber202{8823f6b15f59f64c40d7cd4739ee4275}

### Question 2 (10 points)

Another way to requst information from web servers is using `curl` (client URL).  
curl is an http(s) service which allows you to use a command line to fetch an http(s) document.  
We can look at this in two ways.  

The first way is to use curl.   
Use your terminal and the curl command to access cryptocat on port 2053.  
There is a hidden flag there if you can find it.   

For fun! If you wanted you could put the contents of the curl into an html document and open index.html in your browser of choice.  
This is the process a browser executes when you navigate to a page.  
You can try it with any website.  

osx / linux: `curl https://cryptocat.uk > index.html; open index.html`  
windows: `curl https://cryptocat.uk > index.html; index.html`

In [None]:
# Question 2: html hidden flag (10 point)




# Please submit just the flag here for autograding
Q2_flag = cyber202{afafc2ffca0c0ee8a0ecf82df0922f26}

### Question 3 (30 poinsts)
We are going to start interacting with a covert communication channel.  
http(s) protocols are convenient, and with dynamic websites there can be *some* back and forth communications.  

But we want a socket connection for rapid and efficient communication.  
We will now connect a direct socket with a server.  

The first server will be an authentication server.  
You will need to authenticate as an instructor to get this flag.  

Remember, you will need to create the proper json,  
you will need one entry for `option`  
and you will need an entry for `name`  

connect to `socket.cryptocat.uk` on port `2020`  

In [None]:
# Question 3: starting comms (30 point)
import socket
HOST = 'socket.cryptocat.uk'
PORT = 2020

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))

buffer = 1024
received = s.recv(1024) 
print(received) 
sendmsg = b'{"option": "authenticate", "name": "Matthew"}' 
s.send(sendmsg)
received = s.recv(1024) 
print(received)
s.close()



# Please submit just the flag here for autograding
Q3_flag = cyber202{ce074adc3c38aec1a10de863d02f81c4}

b'---------------------------------------------\nThis server has 2 options\n    {"option": "authenticate"}\n    {"option": "get_deluxe_flag"}\n\nif you want to authenticate provide your name\n(Only instructors are authorized to proceed.)\n    {"name" = "Charles Edgar Cheeserton III"}\n\nif you want a deluxe flag provide your flag\n    {"credentials" = "crypto{...}"}\n---------------------------------------------\n'
b'{"flag": "cyber202{ce074adc3c38aec1a10de863d02f81c4}"}\n'


### Question 4 (20 poinsts)
Get the *deluxe flag*  
connect to `socket.cryptocat.uk` on port `2020`  

In [None]:
# Question 4 (20 points)
import socket
HOST = 'socket.cryptocat.uk'
PORT = 2020

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))

buffer = 1024
received = s.recv(1024) 
print(received) 
sendmsg = b'{"option": "authenticate", "name": "Matthew"}' 
s.send(sendmsg)
received = s.recv(1024) 
print(received)
sendmsg2 = b'{"option": "get_deluxe_flag", "credentials": "cyber202{ce074adc3c38aec1a10de863d02f81c4}"}' 
s.send(sendmsg2)
received = s.recv(1024) 
print(received)
s.close()




# Please submit just the flag here for autograding
Q4_flag = cyber202{10014c346fe09bf53e3ad0b28718d732}

### Question 5 (25 poinsts)
capture the flag  
`socket.cryptocat.uk` on port `8888`

In [None]:
# Question 5 (25 points)
import socket
HOST = 'socket.cryptocat.uk'
PORT = 8888

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))

buffer = 1024
received = s.recv(1024) 
print(received) 
sendmsg = b'{"option": "get_public_key", "option": "get_square_root_of_1", "option": "get_encrypted_flag"}'
s.send(sendmsg)
received = s.recv(1024) 
print(received)
s.close()

# Decryptioon code
import math

e = 65537
n = 19149419600985628123321965396713132664738046232891774912519253159608828510520753271558033240639155617193932222034883317791187144860452726670264473385567014271985773127573184426333127823777034752003348147088639170334209920807570981182871121206038949780500137630916005652718129547427469247141100657319850508963587320443396519440757183191430792808127621821316971683134263638689202322079233183631942485223374193203952088767803189627838764873058200635945748480134527400986551277617579863742418353147388004132345372802658061966012890685317532442321364757472703803939745800837413827710482891854772688331167609041311041683247
square_root_of_1 = 18382479356476052594852326813301061544844190344496220878692256153319751348543015595680937975855948407780774273720247114866591990698455895553065310156298324955806623615330027066656709447133540243472257689294037952515001303011712469560048578176887657348752336115908987221322515552025216194939065728065738052666006590719264366309422599497766694046561662208362356517651250839990651921344506478178972523875117065218395336287070605323178116161672020447517844810834323639268332277697349921869521476902176751303337761141289428630402692737930992671257247419691986056694034111566203156212014799478895621871507252580586244447140
ciphertext = 3339918760676821345898134545162687449084582689744011584481032770367168441950510786303167409620215719663373131059609029042456965146945945472994571680061087826305801975662430142379906962229078223232523207250346812123066653415631556723649731345612058116131834124154671827692580693071187009353366520438636492524876777076132278502191165271610652063755194545711223977969315794288530449730119255436865425045357454292349992470232829639352854716978713386852520106514895166643316197550877334579794933797265703804909907616136528249955586061811083968867006972698590874518514183187987303783917965675041588751209118713057293823906

p = math.gcd(square_root_of_1 - 1, n)
q = math.gcd(square_root_of_1 + 1, n)
phi = (p - 1) * (q - 1)
d = pow(e, -1, phi)
m = pow(ciphertext, d, n)
print(m.to_bytes((m.bit_length() + 7) // 8, 'big'))


# Please submit just the flag here for autograding
Q5_flag = cyber202{027be084fa4bbc33c40f6dbca3ee8043}

### Question 6 (5 points)
capture the flag  
`socket.cryptocat.uk` on port `4453`

In [None]:
# Question 6 (5 points)
import socket
HOST = 'socket.cryptocat.uk'
PORT = 4453

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))

buffer = 1024
received = s.recv(1024) 
print(received) 
sendmsg = b'{"option": "get_flag"}'
s.send(sendmsg)
received = s.recv(1024) 
print(received)
s.close()

from sympy import integer_nthroot
from Crypto.Util.number import long_to_bytes
ciphertext = 8753775251601464193976610361240201576056886966018576971805701601415078057219909108967688096380459794557786391373901345192624383534867955935586913206884147614380804514101609216928678913852733218942996095409359622705622026387271660033097116835343001737643493861768559460717638600588269500829014303633070517864361643415274594710459625592082775168784843258006612907313886436640148987819348887357911188303441
e = 4

fourth_root = integer_nthroot(ciphertext, e)[0]
decoded_message = long_to_bytes(fourth_root)
print(decoded_message)

# Please submit just the flag here for autograding
Q6_flag = cyber202{a4e60d2bd2e9ddc3c3d7f3c32e99eab5}
