Thursday 15 November 2018

CTF Sharing 19 Nov 2018


P.W.N. University - CTF 2018
https://uni.hctf.fun/

Thinking out of the box
No advanced programming technique is required to solve the following CTF problem

1) Java Script
var http = require('http');
const crypto = require('crypto');
var url = require('url');
var fs = require('fs');

var _0x86d1=["\x68\x65\x78","\x72\x61\x6E\x64\x6F\x6D\x42\x79\x74\x65\x73"];

function generatePart1() {
    return
         {
             x: crypto[_0x86d1[1]](8)

         }[x].toString(_0x86d1[0]);
}
function generatePart2() {
    return [+!+[]]+[!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]];
}

http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/html'});
    passwd = generatePart1() + generatePart2();
    var url_content = url.parse(req.url, true);

    if (passwd == url_content.query.passwd) {
       res.write(fs.readFileSync('flag.txt', 'utf8'));
    } else {
        res.write('<html><body><form method="get"><input type="text" name="passwd" value="password"><input type="submit" value="login" /></form></body></html>');
    }
    res.end();
}).listen(8888);

Source: https://drive.google.com/open?id=1h0xoqLcmBqPolviSZFcl8kmQAV6uZKdN

Tips

2) PHP
<?php
include("flag.php");
if (isset($_GET['passwd'])) {
        if (hash("md5", $_GET['passwd']) == '0e514198428367523082236389979035')        {
                echo $flag;
        } 
} else {
    echo '<html><body><form method="get"><input type="text" name="passwd" value="password"><input type="submit" value="login" /></form></body></html>';
} 
?>


Source: https://drive.google.com/file/d/1Q3Zb444wWUAwLuOe3bQBDObPoDAhuycp/view

Tips

3) Python

from flask import Flask, request, send_from_directory

app = Flask(__name__)

passwd = open("/opt/passwd.txt").read()
flag = open("/opt/flag.txt").read()


@app.route('/')
def index():
    userpw = request.args.get("passwd", "")
    if userpw == passwd:
        return flag, 200, {"Content-Type": "text/plain"}
    else:
        return '<html><body><form method="get"><input type="text" name="passwd" value="password"><input type="submit" value="login" /></form></body></html>'


if __name__ == '__main__':
    assert(len(passwd) == 3)
    assert(passwd.isdigit())
    app.run()


Source: https://drive.google.com/file/d/1HEYoj6ScY3KexZW6eU9SzNue8YFvSIbk/view

Tips

Saturday 15 September 2018

CTFlearn - HYPERSTREAM TEST #2




https://beta.ctflearn.com/problems/443
Cryptography
leg3ndaryphil


Tips: Bacon is a kind of encoding method

Useful link:

CTFlearn - HEXTROADINARY



https://beta.ctflearn.com/problems/158
Cryptography
crypto


Tips: The coder name "ROXy" focus on her name

useful link:
http://xor.pw/#

Remember to include 0x at your answer

Monday 3 September 2018

CTFlearn - C_E_ER



https://beta.ctflearn.com/problems/304
Cryptography
yakatoi


Tips: C_E_ER means Caesar Cipher 

where key is 13


Useful link

Sunday 2 September 2018

CTFlearn - BASE 2 2 THE 6



https://beta.ctflearn.com/problems/192
Cryptography
pedro

Tips: Base 64 Encoded

Useful link:

CTFlearn - REVERSE POLARITY



https://beta.ctflearn.com/problems/230
Cryptography
aglickman

Tips: Binary Encoded


Useful link:

CTFlearn - CHARACTER ENCODING



https://beta.ctflearn.com/problems/115
Cryptography
dknj11902

Tips: Hexadecimal Encode

Useful link:


Saturday 1 September 2018

CTFlearn - SO MANY 64S



https://beta.ctflearn.com/problems/121
Cryptography
voidmercy


Sample Code:
import base64

with open("flag.txt",encoding = 'utf-8') as f:

ctext=f.read()

while True:
  try:
    ctext=base64.b64decode(ctext)
  except Exception as e:
    print(ctext)
    break





CTFlearn - ENCRYPTION MASTER



https://beta.ctflearn.com/problems/243
Cryptography
skywalkrs


Tips, try the following decode sequence:

1) Base64 
2) Hexadecimal
3) Binary
4) Base64

I_AM_PROUD_OF_YOU


Useful link:
https://www.asciitohex.com/

Wednesday 29 August 2018

CTFlearn - BOOK REPORT



https://beta.ctflearn.com/problems/99
Cryptography
natjef20

Python 3x

str=['muffins','safetydance','updateerror','tracebackerror','abcdefghijklmnopqrstuvwxyz','wowneatocool','great','filefolders','goodnessgraious','tombstone','aidanglickman','qwertyuiopasdfghjklzxcvbnm','ABCTFLearn','CornOnTheC*ob*','le14{octobre}','cryptogra\?!FRE"GCN"E','BJblazkowicz','red_HeRRiNGG<>TIME!']

printIndex= [(13,1),(17,3),(14,10),(18,18),(16,13),(15,5),(5,6),(12,8),(8,3),(2,5),(4,10),(11,3),(1,5),(10,1),(7,5),(6,10),(9,4),(3,10),(15,13)]

rtn=['']
for word in str:
  rtn.append(list(word))

result=""
for x,y in printIndex:
  result+=rtn[x][y-1]

print(result)


The result is not AbCEF{filtedittodo}  , there are two spelling mistakes.


Useful link
https://repl.it/ 

CTFlearn - FRIEND JOKE..


https://beta.ctflearn.com/problems/554

Cryptography
kholoud

Tips: BASE64 encoding

d2lzaF95b3VfaGFwcHlfZGF5


Useful Link

CTFlearn - ANCIENT CIPHER


https://beta.ctflearn.com/problems/550
Cryptography
andreigasparovici

Tips: This is Rail Fence (Zig-Zag) Cipher (3 level)

The rail fence cipher is a form of transposition cipher. It derives its name from the way in which it is encoded

ILYWOYFNYRPOASESOCTSA

Useful link

Tuesday 28 August 2018

CTFlearn - 07601


https://beta.ctflearn.com/problems/97
Forensics 
by alexkato29



1) Download the image and vi the AGT.png. you will find the header JFIF which stands for stands for JPEG File Interchange Format.
$ vi AGT.png




2) Used strings to check the image AGT.png, you will get the following result. It looks like a zip instead of JPEG file


$ strings AGT.png

3) Used binwalk to inspect AGT.png. This is what I got.

$ binwalk AGT.png


4) Extract the file 
 $ binwalk -e AGT.png

5) Follow the tips, find the image file "I warned You.jpeg" 


 Secret Stuff.../Don't Open This.../I Warned You.jpegUX

6) Used strings the image and you will find the flag



CTFlearn FORENSICS 101

https://beta.ctflearn.com/problems/96


The image contains the flag string, you can just open the image using any editor and read line by line to find the flag. 

But there is a smart way using the "strings" command





Monday 27 August 2018

CTFlearn - BASIC INJECTION

https://beta.ctflearn.com/problems/88


Step 1
Ensure that this web is SQL injectable, using this input a' or '1'='1


Step 2

This is the answer:






Usable Resource for SQL Injection

  • https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/
  • https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/



Remotely getting the Chrome Browser's  encrypted password file



Background
Chrome browser using a win32 API win32crypt.CryptProtectData and win32crypt.CryptUnprotectData to encrypt and decrypt the "reminder" password DB in sqlite respectively, this file saved at c:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Login Data

Tools:
OS: Kali
Language: Python 3

Target Client OS: Window 10 Professional, with the latest patch and anti-virus enabled

Steps
1)  the Python HTTP Server started up at Kali Linux
2)  a Python Malware Client (PMC) got a single from a Twister Account "fkclai" to start the attack
3)  this PMC sent an HTTP Get request to Kali HTTP server
4)  the server returned a post request with commend "showChromePwd" to instruct the PMC return the Chrome Browser Password
5)  the PMC got the password file and decrypted it using win32 API and returned the result
6)  Kali HTTP server display the result at the console




Welcome - beta.ctflearn.com write-up



as of 28 Aug 2018

https://beta.ctflearn.com
Write-up

Calvin Work A) My Study Plan B) My CTF Record C) My Python Code-  github    1) Crypto    2) Crunch in python (generate d...