Vault - IJCTF 2021

Challenge description A robber broke into our vault in the middle of night. There’s an indication that the robber tried to steal some items which are considered as confidential assets. Could you figure it out? Flag format: IJCTF{[a-f0-9]{32}} Author: Avilia#1337 Hint #1: “When the incident happened, the attacker got into our IP over ICMP tunnel network to access an HTTP/2 web-server with SSL enabled.” Hint #2: “Even so, our captured logs aren’t precise enough....

July 26, 2021 · samiko

Substitution - ångstromCTF 2021

For this challenge we are given a source file and a netcat server which presumably runs the source. Looking through the source code, we see that a integer is taken in as input and using this input, the flag is encrypted. The source is as follows: #!/usr/bin/python from functools import reduce with open("flag", "r") as f: key = [ord(x) for x in f.read().strip()] def substitute(value): return (reduce(lambda x, y: x*value+y, key)) % 691 print("Enter a number and it will be returned with our super secret synthetic substitution technique") while True: try: value = input("> ") if value == 'quit': quit() value = int(value) enc = substitute(value) print(">> ", end="") print(enc) except ValueError: print("Invalid input....

April 8, 2021 · lachlan

notes - UMassCTF '21

notes I may not be familiar with .mem files but memory forensics, and more specifically volatility seems like its going to be our friend here. Starting with volatility -f image.mem imageinfo we get Win7SP1x64 as our top suggested profile, providing confirmation that we’ve got a valid dump. Using one of volatility’s coolest features we can use mkdir shots && volatility -f image.mem --profile=Win7SP1x64 screenshot --dump-dir=shots to get the following wire-frame screenshot from memory....

March 29, 2021 · javad

Chicken - UMassCTF '21

Investigating the mystery PDF File We’re given a modified PDF file of the infamous research paper, “Chicken Chicken Chicken: Chicken Chicken”, by Doug Zongker at the University of Washington. chicken.pdf Since we know this is a published research paper, we can download a copy of the original PDF file and compare the two for any difference: We see that at around line 202, there is an extra OpenAction object inserted into the document, with a data stream beginning with 7z:...

March 29, 2021 · samiko

Heim - UMassCTF '21

The Heim Upon navigating to the given URL, we’re met with a login form which asks the user for a “name”, claiming that “only those who BEARER a token may enter”. After entering a name and hitting “Enter”, we are then redirected to the /auth/authorised page containing our access token: This likely suggests that we’re dealing with some type of bearer token authentication. Bearer tokens allow requests to authenticate by using a cryptic string generated and encrypted by the server, such as a JSON Web Token, which looks something akin to this:...

March 29, 2021 · samiko

Small P Problems - UTCTF 2021

The challenge description starts ‘My buddies Whitfield and Martin were trying to share a secret key’, so googling something like ‘Whitfield Martin cipher’ seems like a good place to begin. Immediately we get results for the Diffie–Hellman key exchange, which fortunately can be described in terms of A, B, p, g, and s (the value of the secret key we need). Scripts to brute-force this secret key are easy to find on GitHub....

March 15, 2021 · javad

Various Vernacular - UTCTF 2021

We’re given the encrypted flag wmysau{foeim_Tfusoli} along with some additional encrypted text to help us ‘Hkgxologflutleiaymt xgf Azutgkrftmtf ltmntf ERW wfr ELW wfmtk Rkweq’. Some familiarity with common ciphers, along with the hint ‘This is a substitution cipher’, give us a pretty good direction to pursue so we decided to use this online tool for brute-forcing the solution. However, trying brute-forcing the text rendered nothing more decipherable than the initial text....

March 15, 2021 · javad

NeverLAN CTF 2020 Write-up

Browser Bias This challenge gives us very little information, just a url to a site that tells us Sorry, this site is only optimized for browsers that run on commodo 64. However, this also narrows our focus down to a singular goal - trying to convince the website that we are accessing it from a whatever a ‘commodo 64’ is. The first thing we need to know is how the browser can determine what type of client is making a request to it....

February 8, 2020 · javad