--- tags: 'ctf' --- ctf.synk.io === <i class="fa fa-file-pdf-o" aria-hidden="true"></i> **ctf.synk.io** <i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan <i class="fa fa-clock-o" aria-hidden="true"></i> 2021-10-05 <i class="fa fa-external-link" aria-hidden="true"></i> https://ctf.snyk.io [TOC] ## magician ![](https://i.imgur.com/cgajyew.png) Analizamos que tipo de hash es ![](https://i.imgur.com/jnpfhUF.png) Vemos que el reto es sobre la vulnerabilidad de PHPMagicTricks https://owasp.org/www-pdf-archive/PHPMagicTricks-TypeJuggling.pdf https://github.com/intadd/php_magic_hash https://www.whitehatsec.com/blog/magic-hashes/ https://offsec.almond.consulting/super-magic-hash.html https://github.com/ryanking13/ctf-cheatsheet/blob/master/Cryptography/Useful_Hashes.md https://grocid.net/2019/08/03/finding-magic-hashes-with-hashcat/ https://github.com/spaze/hashes/blob/master/md5.md Usando este string `GGHMVOE` ![](https://i.imgur.com/bTuh859.png) :::success SNYK{5fcde70181e9a9e3b26d014635e125a62899f337b84bb5ac8b7370efdf5bb506} ::: ## not-hot-dog ``` python RsaCtfTool.py -n 609983533322177402468580314139090006939877955334245068261469677806169434040069069770928535701086364941983428090933795745853896746458472620457491993499511798536747668197186857850887990812746855062415626715645223089415186093589721763366994454776521466115355580659841153428179997121984448771910872629371808169183 -e 387825392787200906676631198961098070912332865442137539919413714790310139653713077586557654409565459752133439009280843965856789151962860193830258244424149230046832475959852771134503754778007132465468717789936602755336332984790622132641288576440161244396963980583318569320681953570111708877198371377792396775817 --uncipher 580087704654652718548072347767087713441678375071000498564963353235374511777098333485190394366859651200453688757231829505858552725280311870462095017761444727880100748324874906835296769310122754627620933554008332091299159978573396458947155647454747215038440028347688779707172885517390987973184407689583941483511 private argument is not set, the private key will not be displayed, even if recovered. [*] Testing key /tmp/tmpvimczhe3. Can't load roca because sage is not installed Can't load ecm2 because sage is not installed Can't load ecm because sage is not installed Can't load smallfraction because sage is not installed Can't load boneh_durfee because sage is not installed Can't load qicheng because sage is not installed [*] Performing noveltyprimes attack on /tmp/tmpvimczhe3. [*] Performing comfact_cn attack on /tmp/tmpvimczhe3. [*] Performing siqs attack on /tmp/tmpvimczhe3. [!] Warning: Modulus too large for SIQS attack module [*] Performing factordb attack on /tmp/tmpvimczhe3. Results for /tmp/tmpvimczhe3: Unciphered data : HEX : 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000534e594b7b623665303463653530306639643939386238616334313264376138356533353963613862376663333132363763643666373138326435376536633339613265617d INT (big endian) : 1228101181947026162229875232442124938326002033883180155805050744425091298519878537357492886665975977820339730806333575847563795496889152878139691087102629007696337396093 INT (little endian) : 22539557491306234317840645219898544041354010354539154858227091748755745432448816140550642175049144146305394712350794164123394991970597487029931233718241153641452995002484996458284970713295507696794759015271008814071186574395425795685377395299779789279633852923213674685740604307535879160982299030848141103464448 STR : b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00SNYK{b6e04ce500f9d998b8ac412d7a85e359ca8b7fc31267cd6f7182d57e6c39a2ea}' ``` :::success SNYK{b6e04ce500f9d998b8ac412d7a85e359ca8b7fc31267cd6f7182d57e6c39a2ea} ::: ## qrrr ``` zbarimg flag.png QR-Code:5ff8d4e4958d8007a3897} scanned 1 barcode symbols from 1 images in 0.03 seconds ``` Stegosolve Green plane 6 ![](https://i.imgur.com/DZgvOW4.png) Red plane 7 ![](https://i.imgur.com/3h5zLs3.png) Red plane 6 ![](https://i.imgur.com/nxJTNVq.png) ``` zbarimg * QR-Code:5ff8d4e4958d8007a3897} QR-Code:SNYK{6947bd4818ffc1768f2 QR-Code:12d99aa3a92f1abbb7d40786 QR-Code:5ff8d4e4958d8007a3897} ``` :::success SNYK{6947bd4818ffc1768f212d99aa3a92f1abbb7d407865ff8d4e4958d8007a3897} ::: ## Russian doll ``` Esp qwlr td DOKnGoIgKSsVvizaEAJmEgxiEShQKjjgyfeLhdutuIhObpZr IIEPL pyncjaepo. Alddhzco stye: iiii. ``` ![](https://i.imgur.com/txwFMzQ.png) ``` The flag is SDZcVdXvZHhKkxopTPYbTvmxTHwFZyyvnutAwsjijXwDqeOg XXTEA encrypted. Password hint: xxxx ```
Last changed by  
Johnny Pan
414

Read more

Buffer Overflow Workshop

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Docker como herramienta de entrenamiento y hacking + Labs<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan (codeskill)<i class="fa fa-user-circle-o" aria-hidden="true"></i> Fabian Quesada (rocketman)<i class="fa fa-clock-o" aria-hidden="true"></i> 2023-11-04

11/29/2023
Docker Notes

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Docker Notes<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan (codeskill)<i class="fa fa-clock-o" aria-hidden="true"></i> 2020-09-08

10/10/2023
Wi-Fi Hacking Lab

Wi-Fi Hacking Lab Johnny Pan 2022-10-08 :::info This lab was created for educational purposes and thinking to improve and to audit the security of the following wireless networks: Wired equivalent privacy (WEP) Wi-Fi Protected Access (WPA) Wi-Fi Protected Access v2 (WPA2)

10/14/2022
Brixel CTF Winter Edition

:::info @codeskill 2020-12-26 https://ctf.brixel.space/ ::: [TOC] Programming Are you fast enough?

1/12/2021
Read more from Johnny Pan
Published on HackMD