# Assignment 1 # Distribution of difficulties <b>Marks: 100</b> # First option (from last year) - Easy (45 marks): 3 challs - Medium (40 marks): 4 challs, solve 2 to get full points - Hard (15 marks): 2 challs, solve 1 to get full points ### Alternative - Easy (40 marks): 4 challs - Medium (40 marks): 4 challs, solve 2 to get full points - Hard (20 marks): 2 challs, solve 1 to get full points ### Why this distribution? - Prof mentions that if students pay enough effort they should get ~80% of marks, both choices allows for this - The more easy/medium challs the better the student feedbacks (lmao!) ## Challenge ideas ADD YOUR CHALL IDEAS HERE, DON'T NEED TO CARE ABOUT DIFFICULTY FOR NOW - InstaHide (the paper prof sent) - AES-ECB (Prof recommendation) - Same IV in ciphers (Prof recommendation) - Frequency attack (classic ciphers) - ROT-13 - Legendre's Symbols (Prof recommendation, but prolly too hard) - Hash collision (extra challenge) - Known plaintext attack in RC4 - Baby shark (Wireshark challenge - Flag is an image file in a password protected file) - Objective: - Network Forensics, Password Cracking, Basic Linux Commands - Difficulty: - Easy - Description: - Some files within the pcap dump, i.e powerpoints, zip files, others - One of the files is a password protected file, can use john the ripper or hashcat to crack the password - One of the image files is the flag (Anti-grep chall) - Difficulty can be increased if we want to also use a secure password and the password is somewhere in the traffic - Suspicious Destination (Wireshark challenge - Exfilteration of information) - Objective: - Network Forensics, Data Exfilteration Techniques - Difficulty: - Medium - Description: - Connect to external server, flag is transmitted one char at a time (through port number)) - i.e cs2107{... -> 99 115 50 49 48 55 123 ... - Then the compromised machine will try to connect to external server port via 99, 115, 50, 49, 48, 55, 123... - This traffic is masked with other rubbish connections - Players will need to analyze the pcap dump, and identify the suspicious connections, get all the port numbers - Decode the port numbers back to ascii - Difficulty can be increased if we want to exfiltrate a file as mini parts, encode as b64 and sent to remote ip - Infinite Castle (Forensics challenge - Many compressed files) - Objective: - Programming & automation, identifying file metadata to know what is it compressed as (i.e 7z, rar, zip, ...) - Difficulty: - Easy (Bonus) - Description: - flag.txt is compressed recursively from a list of file compressions (zip, rar, 7z, tar.gz) - This could be done over a thousand times via scripting - Player will need to probably code a python script to identify -> extract until they obtain the flag.txt - Padding oracle attack # Challenges ## Easy - Rivest–Shamir–Adleman [by Yong Liang] - Objective: - Decrypt RSA with known private keys - Difficulty: - Easy - Description: - Bob and Alice are good friends who have been sending each other secret messages. Unfortunately, Bob accidentally revealed some sensitive information while transmitting the secret message. Using sniffing techniques, Mallory managed to intercept the message from Bob and now wants to decrypt them. But how? - Xor Decryption (Vinh) - Objective: - Decrypt XOR encrypted message. A message is xored 4 times with 4 different keys. Give source code of encryption - Description: - Can you beat my very secure method of encryption?? - Caesar with a capital C [by Yitian] - Objective: - Crack a simple caesar cipher written in C - Difficulty: - Easy - Description: - Did you know that Caesar was assassinated with pugiones? Pugiones were actually a type of daggers used by Roman soldiers. There were some doors we found that used daggers as keys, can you help me find my dagger? - This is a caesar cipher challenge. The source code for the encryption is provided. The flag is in the form of `cs2107{flag_text}` where `flag_text` is replaced by the correctly decoded plaintext. - HashBrowns [By Yong Liang] - Objective: - Hashing, Dictionary Attack, Programming (To lookup hash dictionary for known hashes), lookup hash by hash on platforms such as crackstation to obtain back the character, then form back the flag. - Difficulty: - Easy - Description: - Can you "decode" the hashes? Wait it should be one-way right? Ok your task will be to decode these list of hashes. ## Medium - Salad [by Yitian] - Objective: - Crack a custom shift cipher - Difficulty: - Medium - Description: - We have intercepted an encrypted text file from a malicious hacker group, and we also managed to retrieve this weird python file that we think might have something to do with it, can you help us crack this encrypted message? - Brute forcing: key (15 bits) -> hash -> aes key (Vinh) - AES-ECB [by Ari] (replaced) - Objective: - Realize that AES ECB is just a substitution cipher - Difficulty: - Medium - Description: - I accidentally encrypted my file and forgot my password! Can you decrypt the file for me - Flag: - `CS2107{AES_ECB_1s_l1terally_0nly_subb1ng...}` - AES-CBC Oracle (Yitian + YL) - Baby Shark (Flag is splitted into a few files) [By Yong Liang] - Objective: - Students to hand-ons with Wireshark or similar tools. They will investigate the traffic and observe that the user is requesting for files through HTTP protocol. They can then export the files requested for further analysis. - Difficulty: - Medium - Description: - Baby Shark, doo-doo, doo-doo, doo-doo Baby Shark, doo-doo, doo-doo, doo-doo Baby Shark, doo-doo, doo-doo, doo-doo Baby Shark ... What could be hidden within the pcapng file? ## Hard - Secure Password [by Ari] - Objective: - Identify that it is a substitution cipher with a given substitution function, and simply call the function to undo the substitution - Difficulty: - Hard - Description: - I forgot my password and lost access to my secret vault :( Luckily I downloaded a copy of the website. Could you help me recover the password? - Flag: - `CS2107{1S_4Ct1y_4_Sb0x}` - RSA CRT [by Vinh] # Set up - Export list of students - Populate database of accounts in CTFd - Mail to each student # Deadline - Tues: everything - server + challs - Thurs: meet prof