# HackTM CTF 2023 ## crypto ### kaitenzushi ``` also known as conveyor belt sushi ``` file: https://drive.google.com/file/d/1_lrr0D9Gn3i3a4kVAO-u8ilaLaLrQ2gM/view?usp=sharing ### broken oracle ``` I have reimplemented a cryptosystem, but it sometimes behaves strangely. But I don't think it matters. nc 34.141.16.87 50001 ``` file: https://drive.google.com/file/d/1y3ZWwkbbBuoeM0MC33hAhuvpj5VgUtOd/view?usp=sharing ### d-phi-enc ``` In CTF, there are many people who mistakenly encrypt p, q in RSA. But this time... ``` file: https://drive.google.com/file/d/1TYUfMRMNbRpMSeuVMoGGsh-YOEVnh-km/view?usp=sharing ### GLP420 ``` I have developed a variant of GLP, GLP420! nc 34.141.16.87 50002 ``` file: https://drive.google.com/file/d/1kfgZhh984eAQzXYndqAualMGt2nKr9oL/view?usp=sharing ### unrandom DSA ``` What if /dev/urandom is unrandom...? nc 34.141.16.87 50000 ``` file: https://drive.google.com/file/d/1TggigpEg-9iciLWiiinH_D8g1t_MAOrs/view?usp=sharing ## misc ### Welcome To HackTM CTF 2023 Quals ``` To help you get started on this 24h journey, please provide a flag that follows the pattern: HackTM{<Name of the city>} The <Name of the city> has the following characteristics: 1. It's the city where the series Hackerville was filmed 2. It's one of the cities that will be the 2023 European Capital of Culture 3. It's the city where the HackTM CTF Finals will take place ``` ### know your lambda calculus ``` Let's have some fun with Lambda Calculus! nc 34.141.16.87 60000 ``` ## pwn ### CS2100 ``` To all my CS2100 Computer Organisation students, I hope you've enjoyed the lectures thus far on RISC-V assembly. I have set-up an online service for you to test your own RISC-V code! Simply connect to the service through tcp: nc 34.141.16.87 10000 Credit: Thanks to `@fmash16` for his emulator! I didn't even have to compile the emulator binary myself :O https://github.com/fmash16/riscv_emulator/blob/main/main ``` file: https://drive.google.com/file/d/1fvZ0rfXOPmH_HqpG0tDVaPl45_bKmpGC/view?usp=sharing ### Level Maker ``` I recently found out about wasm and tried to create a simple game: http://34.141.16.87:20000/index.html ``` file: https://drive.google.com/file/d/1B3nsnRX3p4LabAlKqsFFj1ajhIwDSfAB/view?usp=sharing ### L3v3l M4k3r ``` After a bit of fiddling around with the wasm game I came across web workers and tried to speedup the game even more! http://34.141.16.87:20001/index.html Note; It is recommended to clone the challenge locally first. This is because of some security headers that prevent SharedArrayBuffers being shared across threads on non localhost / https hosts. ``` file: https://drive.google.com/file/d/12nrKYd2LVwDCXihQ6jhOCkgTD5Q0DYtB/view?usp=sharing ### La fabrica ``` So you think you can run a business, ha? Alright then, here are the keys to the Romanian Flag Factory. It's an old factory, with a traditional production line, which consists of 4 workers. They will take care of assembling the Sewing Machine, sewing the Flag and boxing it for delivery. Your only job is to coordinate them and provide materials. nc 34.141.16.87 40000 I'm expecting profit, btw! (Ubuntu 20.04) ``` file: https://drive.google.com/file/d/1cQHKP8X_RhZzIabXYk0oqdf02-rofREY/view?usp=share_link ## rev ### Free play ``` After making my game, I found out about SIMD instructions in wasm to process zeros and ones even faster. See it in action: http://34.141.16.87:20000/index.html ``` file: https://drive.google.com/file/d/1d8l_iAiwr7GSuRcnyVDKlktB4ZzCLrMR/view?usp=sharing ## smart contract ### Dragon Slayer ``` Prove yourself a true champion. Kill the mighty dragon and earn the right to call yourself a dragon slayer. nc 34.141.16.87 30100 ``` file: https://drive.google.com/file/d/157uUEBe86bWxG1rP87KJduuDgNg780EQ/view?usp=sharing ### Diamond Heist ``` Salty Pretzel Swap DAO has recently come out with their new flashloan vaults. They have deposited all of their 100 Diamonds in one of their vaults. Your mission, should you choose to accept it, is to break the vault and steal all of the diamonds. This would be one of the greatest heists of all time. This text will self-destruct in ten seconds. Good luck. nc 34.141.16.87 30200 ``` file: https://drive.google.com/file/d/156e8IG2sRPhlM46YAIYIC1cjdfte1Bls/view?usp=sharing ## web ### Blog ``` We made a new blogging website for everyone to use! It's pretty basic for now, and it has a few limitations like: 1. No comments 2. Semi-working authentication system 3. Lots of random checks slowing down the entire website honestly (i don't know what's going on so i'm not touching it) To mitigate that, we made it such that only you can view your own posts. No one can hack us now >:) (im not sure what kind of blog that is tho...) \- @i\_use\_vscode http://34.141.16.87:30000 The flag can be found in the root directory. ``` file: https://drive.google.com/file/d/1hqxT_4ZMVnusRoRAf9xHwo14uISIUJzb/view?usp=sharing ### Blog Revenge ``` You've pwned our blog once, can you pwn it again? - @i_use_neovim [url=http://34.141.16.87:30001/] http://34.141.16.87:30001 [/url] Note: the dist is the same as Blog, but the flag location is different ``` file: https://drive.google.com/file/d/1hqxT_4ZMVnusRoRAf9xHwo14uISIUJzb/view?usp=sharing ### Crocodilu ``` Check out my new video sharing platform! http://34.141.16.87:25000/ ``` file: https://drive.google.com/file/d/1yla_bpbO_oTJGb1TFjrv3fLa-BMS_QBJ/view?usp=sharing ### Hades ``` Don't stop retrying! [url=http://34.141.16.87:20920/] http://34.141.16.87:20920 [/url] ``` ### secrets ``` A secure and secret note storage system is a platform or application designed to keep your confidential notes safe from unauthorized access. [url=http://secrets.wtl.pw/]http://secrets.wtl.pw/[/url] ```