Cryptography

Is it a secure strings

We got a password with it’s key to decrypt. The key structure gives it away.

Password:
76492d1116743f0423413b16050a5345MgB8AEEAYQBNAHgAZQAxAFEAVAB
IAEEAcABtAE4ATgBVAFoAMwBOAFIAagBIAGcAPQA9AHwAZAAyADYAMgA2AD
gAMwBlADcANAA3ADIAOQA1ADIAMwA0ADMAMwBlADIAOABmADIAZABlAGMAM
QBiAGMANgBjADYANAA4ADQAZgAwADAANwA1AGUAMgBlADYAMwA4AGEAZgA1
AGQAYgA5ADIAMgBkAGIAYgA5AGEAMQAyADYAOAA=

Key:
(3,4,2,3,56,34,254,222,205,34,2,23,42,64,33,223,1,34,2,7,6,5,35,12)

This is a key used by the cmdlet ConvertFrom-SecureString. It’s a powershell cmdlet. We’ll have to decrypt it using a small powershell script.

We’ll put the password in a file called password.txt.

The script is a powershell script. If the system doesn’t allow scripts to be loaded, we got to make sure that powershell is running as administrator and we’ll have to run the command Set-ExecutionPolicy Unrestricted. Then we just run the script and we’ll get the flag.

$key = (3,4,2,3,56,34,254,222,205,34,2,23,42,64,33,223,1,34,2,7,6,5,35,12)
$password = cat 'password.txt' | convertto-securestring -key $key
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$UnsecurePassword

The flag is FLAG-5tguasm48