Trying a variety of inputs over netcat, you’ll quickly discover two key pieces of information from the error messages: The characters ‘f’, ’l’, ‘a’, ‘g’, ‘.’, ’t’, ‘x’, ’t’, and ‘`’ are all blocked Our input can’t have more than eight distinct characters We can infer that our goal is something to the effect of making a system call like cat flag.txt in eight or fewer characters. Looking through Ruby’s pre-defined variables, we can see that $" denotes a long list of module names (loaded by require) which we can potentially character index and frankenstein together to write out “flag....

It turns out that in Python 3, attempting to write non-ASCII characters to a file without using ‘binary mode’ (a mode which deals with ’non-textual data’, hence the name of the challenge) has some less-than-ideal results. Indeed, if you tried providing your plain text to xor.py you might have noticed that there are somehow more bytes in the cypher-text after XORing that you started with in your plaintext. Ultimately, it appears that the write....

Challenge description A robber broke into our vault in the middle of night. There’s an indication that the robber tried to steal some items which are considered as confidential assets. Could you figure it out? Flag format: IJCTF{[a-f0-9]{32}} Author: Avilia#1337 Hint #1: “When the incident happened, the attacker got into our IP over ICMP tunnel network to access an HTTP/2 web-server with SSL enabled.” Hint #2: “Even so, our captured logs aren’t precise enough....

For this challenge we are given a source file and a netcat server which presumably runs the source. Looking through the source code, we see that a integer is taken in as input and using this input, the flag is encrypted. The source is as follows: #!/usr/bin/python from functools import reduce with open("flag", "r") as f: key = [ord(x) for x in f.read().strip()] def substitute(value): return (reduce(lambda x, y: x*value+y, key)) % 691 print("Enter a number and it will be returned with our super secret synthetic substitution technique") while True: try: value = input("> ") if value == 'quit': quit() value = int(value) enc = substitute(value) print(">> ", end="") print(enc) except ValueError: print("Invalid input....

notes I may not be familiar with .mem files but memory forensics, and more specifically volatility seems like its going to be our friend here. Starting with volatility -f image.mem imageinfo we get Win7SP1x64 as our top suggested profile, providing confirmation that we’ve got a valid dump. Using one of volatility’s coolest features we can use mkdir shots && volatility -f image.mem --profile=Win7SP1x64 screenshot --dump-dir=shots to get the following wire-frame screenshot from memory....

Investigating the mystery PDF File We’re given a modified PDF file of the infamous research paper, “Chicken Chicken Chicken: Chicken Chicken”, by Doug Zongker at the University of Washington. chicken.pdf Since we know this is a published research paper, we can download a copy of the original PDF file and compare the two for any difference: We see that at around line 202, there is an extra OpenAction object inserted into the document, with a data stream beginning with 7z:...

The Heim Upon navigating to the given URL, we’re met with a login form which asks the user for a “name”, claiming that “only those who BEARER a token may enter”. After entering a name and hitting “Enter”, we are then redirected to the /auth/authorised page containing our access token: This likely suggests that we’re dealing with some type of bearer token authentication. Bearer tokens allow requests to authenticate by using a cryptic string generated and encrypted by the server, such as a JSON Web Token, which looks something akin to this:...

The challenge description starts ‘My buddies Whitfield and Martin were trying to share a secret key’, so googling something like ‘Whitfield Martin cipher’ seems like a good place to begin. Immediately we get results for the Diffie–Hellman key exchange, which fortunately can be described in terms of A, B, p, g, and s (the value of the secret key we need). Scripts to brute-force this secret key are easy to find on GitHub....

We’re given the encrypted flag wmysau{foeim_Tfusoli} along with some additional encrypted text to help us ‘Hkgxologflutleiaymt xgf Azutgkrftmtf ltmntf ERW wfr ELW wfmtk Rkweq’. Some familiarity with common ciphers, along with the hint ‘This is a substitution cipher’, give us a pretty good direction to pursue so we decided to use this online tool for brute-forcing the solution. However, trying brute-forcing the text rendered nothing more decipherable than the initial text....

Browser Bias This challenge gives us very little information, just a url to a site that tells us Sorry, this site is only optimized for browsers that run on commodo 64. However, this also narrows our focus down to a singular goal - trying to convince the website that we are accessing it from a whatever a ‘commodo 64’ is. The first thing we need to know is how the browser can determine what type of client is making a request to it....