:::info 我被 hackmd rate-limited 所以 writeup 公開不了 :( ::: # Misc ## 好一隻可愛的貓 1. `cat cat.jpg` 可以看到 flag。 2. `strings cat.jpg | grep -P "is1abCTF\{.+\}"` 可以找到 flag。 3. `binwalk -e cat.jpg` 找到 `flag.txt`。 ``` is1abCTF{Ca7_1s_cU7E_R19H7?} ``` ## huh? 看到每一幀間隔很久，感覺怪怪的開始懷疑這應該是細節，查了一下可能是利用時間差做為編碼。所以用 ImageMagick 的 `identiy` 後拆幀可以得到一串 ASCII： ```shell $ identify -format "%T " huh.gif 105, 115, 49, 97, 98, 67, 84, 70, 123, 72, 117, 72, 63, 72, 117, 72, 63, 72, 117, 72, 63, 72, 117, 104, 63, 72, 85, 72, 63, 104, 117, 72, 63, 72, 85, 72, 63, 104, 117, 104, 63, 72, 85, 72, 63, 104, 117, 104, 63, 72, 117, 72, 63, 72, 117, 72, 63, 72, 117, 72, 63, 125, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, ``` 然後解編碼： ```python enc = [105, 115, 49, 97, 98, 67, 84, 70, 123, 72, 117, 72, 63, 72, 117, 72, 63, 72, 117, 72, 63, 72, 117, 104, 63, 72, 85, 72, 63, 104, 117, 72, 63, 72, 85, 72, 63, 104, 117, 104, 63, 72, 85, 72, 63, 104, 117, 104, 63, 72, 117, 72, 63, 72, 117, 72, 63, 72, 117, 72, 63, 125, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46, 46] for i in a: print(chr(i), end="") ``` ```shell $ python3 dec.py is1abCTF{HuH?HuH?HuH?Huh?HUH?huH?HUH?huh?HUH?huh?HuH?HuH?HuH?} ``` ### Reference - <https://ctf-wiki.org/misc/picture/gif/> ## Are you a lucky guy? - 第一次看到提交 form 的 placeholder 上有 flag，以為那是騙人用的。 - 第二次搜遍所有的 `.css` 查關鍵字，沒查到就放棄了。 - 第三次想說死馬當活馬醫，所以開始把所有 `.js` 都開來看，就發現了 `index.D-cG0AGf.js` 上面寫的 **lucky** 對應到題目，還順便連 [[#This is fine.]] 一起找到了。 ```plain is1abCTF{you_are_really_lucky!!} ``` ## This is fine. 同 [[#Are you a lucky guy?]]。 ``` is1abCTF{You_are_really_hardworking} ``` ## 宇智波一族 看了一下 `ToMyBrother.txt` 可能是單表式替換加密。所以解出了字母表： ``` ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVDXYZABCMEFGHIJKLW ``` 接著看一下 `encode.hex` 的前幾個位元感覺很像 PNG 標頭也看到有 sRGB，但有些位元一看就不是十六進制。然後猜一下可能要用字母表解密 `encode.hex`，把所有小寫字母解密之後就可以拿到類 PNG，這時候前面幾位元可以看到 `89 50 4E 47 0D 0A 1A 0A`，但是 IHDR 是反過來的。 把 IHDR 那四個 bytes 轉回來之後就可以看到 `我都會一直深愛著你`。  接著再把這張圖拿去 `binwalk -e` 會再拿到第二張圖片即為 flag。 ## Pseudo Encryption 用 `binwalk -e` 無濟於事，所以打算先看 hex 裡面有啥： ```shell $ strings Pseudo_Encryption.zip | grep -P "is1abCTF\{.*\}" secret.txtis1abCTF{N0n-P53Ud0-F14g}PK ``` 把其他不相關的東西拿走，就拿到 flag 了： ```plain is1abCTF{N0n-P53Ud0-F14g} ``` ## is1abBestRadio 繞了一大圈回來懷疑音檔格式跟開頭的雜音。 自己手動拿 MP3Stego 練習發現 pattern 一樣，然後聽歌詞「手機錢包**鑰匙等於 1321666**」，所以解密密碼為 `1321666`。 ```shell $ .\Decode.exe -X -P 1321666 .\is1abBestRadio.mp3 MP3StegoEncoder 1.1.19 See README file for copyright info Input file = '.\is1abBestRadio.mp3' output file = '.\is1abBestRadio.mp3.pcm' Will attempt to extract hidden information. Output: .\is1abBestRadio.mp3.txt the bit stream file .\is1abBestRadio.mp3 is a BINARY file HDR: s=FFF, id=1, l=3, ep=off, br=9, sf=0, pd=1, pr=0, m=0, js=0, c=0, o=0, e=0 alg.=MPEG-1, layer=III, tot bitrate=128, sfrq=44.1 mode=stereo, sblim=32, jsbd=32, ch=2 [Frame 1439]Avg slots/frame = 417.670; b/smp = 2.90; br = 127.912 kbps Decoding of ".\is1abBestRadio.mp3" is finished The decoded PCM output file name is ".\is1abBestRadio.mp3.pcm" ``` 打開 `is1abBestRadio.mp3.txt`，可以拿到 flag： ``` is1abCTF{is1ab_B35t_r4Di0_GiV3_u_beS7_mU5!c} ``` > [!IMPORTANT] > 要注意 `huffdec` 是放在 `\MP3Stego_1_1_19\MP3Stego\tables`，如果是直接解壓縮就解密的會吃不到 table、導致解密失敗。 # Crypto ## multicrypto > [!NOTE] Challenge Description > ```! > You got a string of ciphertext: 55 4e 51 56 57 64 7e 31 25 4b 14 2b 52 60 71 0e 59 13 18 02 2a 62 36 6e 59 44 01 1c 3d 3f 1a > This string of ciphertext will have four decryption steps.Decrypt it! > ``` > [!TIP] Hints > ```! > 48 5f 42 30 79 63 21 71 72 53 44 56 1d 1a 42 5f 44 24 27 1d 1a 46 79 77 75 7e 75 62 75 > ``` 把 Hint 拿去 Magic，可以拿到：  > [Recipe](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')Magic(3,true,false,'')&input=NDggNWYgNDIgMzAgNzkgNjMgMjEgNzEgNzIgNTMgNDQgNTYgMWQgMWEgNDIgNWYgNDQgMjQgMjcgMWQgMWEgNDYgNzkgNzcgNzUgN2UgNzUgNjIgNzU) ``` XOR is1abCTF ROT47 Vigenere ``` 提示了密文可能是這幾步驟過來的，但總而言之還是先從上往下解解看：  > [Recipe](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')XOR(%7B'option':'UTF8','string':'is1abCTF'%7D,'Standard',false)ROT47(47)&input=NTUgNGUgNTEgNTYgNTcgNjQgN2UgMzEgMjUgNGIgMTQgMmIgNTIgNjAgNzEgMGUgNTkgMTMgMTggMDIgMmEgNjIgMzYgNmUgNTkgNDQgMDEgMWMgM2QgM2YgMWE&oeol=VT) 可以發現差不多都對了，剩下最後一個替換式加密。  解出來後能知道 key 是 `CTF`。  > [Recipe](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')XOR(%7B'option':'UTF8','string':'is1abCTF'%7D,'Standard',false)ROT47(47)Vigen%C3%A8re_Decode('CTF')&input=NTUgNGUgNTEgNTYgNTcgNjQgN2UgMzEgMjUgNGIgMTQgMmIgNTIgNjAgNzEgMGUgNTkgMTMgMTggMDIgMmEgNjIgMzYgNmUgNTkgNDQgMDEgMWMgM2QgM2YgMWE) ``` is1abCTF{nOw_YOu_1E4rN3D_a_L0T} ``` ## Is they same? Identical Prefix 或 ASCII Collision。 使用 hashclash 的 `generic_ipc.sh`： ```shell echo "is1abcis1abcis1a" > prefix.txt && <hashclash>/scripts/generic_ipc.sh prefix.txt ``` > 記得把 `<hashclash>` 換成你的位置。 等待幾分鐘後可以製作出自訂前綴的 `.bin`，再把 `collision1.bin`、`collision2.bin` 再用腳本把所有的位元拿去轉成 ASCII： ```python import hashlib def read_and_process_file(file_path): # Read the binary content of the file with open(file_path, 'rb') as f: binary_data = f.read() # Print the MD5 hash of the binary content md5_hash = hashlib.md5(binary_data).hexdigest() print(f"MD5 hash of {file_path}: {md5_hash}") # Convert the binary data to its ASCII representation ascii_representation = ",".join([str(byte) for byte in binary_data]) return ascii_representation # File paths file1 = 'collision1.bin' file2 = 'collision2.bin' # Process each file and print the ASCII representation ascii1 = read_and_process_file(file1) ascii2 = read_and_process_file(file2) print(f"ASCII representation of {file1}: {ascii1}") print(f"ASCII representation of {file2}: {ascii2}") ``` ```shell $ python3 to_ascii.py MD5 hash of collision1.bin: 56dcab0a720d8a9d39e71d72f7d00932 MD5 hash of collision2.bin: 56dcab0a720d8a9d39e71d72f7d00932 ASCII representation of collision1.bin: 105,115,49,97,98,99,105,115,49,97,98,99,105,115,49,97,135,51,57,167,177,189,208,113,66,42,8,59,95,24,180,66,212,115,101,238,41,106,186,7,162,253,139,161,213,181,180,60,247,129,249,101,33,139,97,202,161,251,25,118,66,245,48,239,118,12,240,219,2,247,173,47,59,188,215,245,78,92,90,162,20,55,58,104,49,169,78,35,133,252,228,52,118,66,220,237,161,109,207,23,36,3,120,152,207,66,88,11,145,216,83,219,56,34,112,238,9,191,217,133,161,121,32,16,214,172,74,91 ASCII representation of collision2.bin: 105,115,49,97,98,99,105,115,49,98,98,99,105,115,49,97,135,51,57,167,177,189,208,113,66,42,8,59,95,24,180,66,212,115,101,238,41,106,186,7,162,253,139,161,213,181,180,60,247,129,249,101,33,139,97,202,161,251,25,118,66,245,48,239,118,12,240,219,2,247,173,47,59,187,215,245,78,92,90,162,20,55,58,104,49,169,78,35,133,252,228,52,118,66,220,237,161,109,207,23,36,3,120,152,207,66,88,11,145,216,83,219,56,34,112,238,9,191,217,133,161,121,32,16,214,172,74,91 ``` 把結果複製貼上到題目裡： ```shell $ ncat 127.0.0.1 37358 Welcome to the is they same? challenge! In this challenge, you are required to input two strings. These two strings must have different contents, but their MD5 hashes must be identical. Additionally, both strings must start with "is1ab". Input please transform by (",".join([str(i) for i in string]).encode()). For example, if you're string is "is1ab", you're output will be "105,115,49,97,98". Please input your string 1:105,115,49,97,98,99,105,115,49,97,98,99,105,115,49,97,135,51,57,167,177,189,208,113,66,42,8,59,95,24,180,66,212,115,101,238,41,106,186,7,162,253,139,161,213,181,180,60,247,129,249,101,33,139,97,202,161,251,25,118,66,245,48,239,118,12,240,219,2,247,173,47,59,188,215,245,78,92,90,162,20,55,58,104,49,169,78,35,133,252,228,52,118,66,220,237,161,109,207,23,36,3,120,152,207,66,88,11,145,216,83,219,56,34,112,238,9,191,217,133,161,121,32,16,214,172,74,91 Please input your string 2:105,115,49,97,98,99,105,115,49,98,98,99,105,115,49,97,135,51,57,167,177,189,208,113,66,42,8,59,95,24,180,66,212,115,101,238,41,106,186,7,162,253,139,161,213,181,180,60,247,129,249,101,33,139,97,202,161,251,25,118,66,245,48,239,118,12,240,219,2,247,173,47,59,187,215,245,78,92,90,162,20,55,58,104,49,169,78,35,133,252,228,52,118,66,220,237,161,109,207,23,36,3,120,152,207,66,88,11,145,216,83,219,56,34,112,238,9,191,217,133,161,121,32,16,214,172,74,91 You're right is1abCTF{Md5_l5_NOT_sAFe_443fe166cf3a} ``` ### Reference - <https://book.jorianwoltjer.com/cryptography/hashing#md5-ascii-collision> ## steKganoEgraphYy > [!NOTE] Challenge Description > > Salt : 哈瞜！歡迎來到 is1abCTF，我是 Salt。有什麼問題能協助你嗎？ > 者 : 哈瞜！Salt。請問一下這題的 Flag 是什麼？ > Salt : 欸欸欸！不能問這麼直接啦… 但我想我能給你些提示 : > > 我對兩張圖片動了些手腳，一張我使用的是隱寫技術，一張我則使用了加密技術 > KEY 被我藏起來了 找出來會對你有幫助的 > 如果你是新手可以先試著分辨 密碼學 隱寫術 雜湊函數 他們哪裡不同 > 挑戰者 : 謝謝 Salt 很高興認識你 > Salt : 不客氣 我也很高興認識你 祝你好運 is1abCTF歡迎你 > [!TIP] Hints > 1. 有聽過 AES-256-CBC 嗎 ? > 2. 認識一下 LSB 隱寫術 RRRRRRRRRRRR 首先藏在 `Salt_icon_top.png` 下的 key。  也就是 `1321NoLongerHot`。 接著根據用來 AES 加密的腳本建構解密的腳本解密 `Salt_icon_bottom_decrypted.png`： ```bash @echo off setlocal enabledelayedexpansion :: Set paths set "desktop=%USERPROFILE%\Desktop" set "encFile=%desktop%\Salt_icon_bottom.enc" set "outputFile=%desktop%\Salt_icon_bottom_decrypted.png" set "tempHexFile=%desktop%\aes_256_cbc_key.hex" set "tempBinFile=%desktop%\aes_256_cbc_key.bin" :: Prompt user for the original key set /p "userInput=INPUT ORIGINAL KEY: " :: Convert the key to SHA-256 hash and save as binary echo|set /p="%userInput%" > "%TEMP%\temp_input.txt" openssl dgst -sha256 -binary -out "%tempBinFile%" "%TEMP%\temp_input.txt" del "%TEMP%\temp_input.txt" :: Convert binary hash to hexadecimal powershell -command "Get-Content -Path '%tempBinFile%' -Encoding Byte -ReadCount 0 | ForEach-Object { [BitConverter]::ToString($_).Replace('-', '') } | Out-File -FilePath '%tempHexFile%' -Encoding ASCII" set /p hexKey=<%tempHexFile% :: Decrypt the file openssl enc -d -aes-256-cbc -in "%encFile%" -out "%outputFile%" -K %hexKey% -iv 00000000000000000000000000000000 :: Clean up temporary files del "%tempHexFile%" del "%tempBinFile%" :: Notify the user of completion if exist "%outputFile%" ( echo Decryption complete, file saved as Salt_icon_bottom_decrypted.png ) else ( echo Error during decryption, please check the parameters. ) pause ``` 然後就可以拿到 flag 了。  ``` is1abCTF{Hiiiiiii_i_4m_Salt_n1c3_2_m33t_U} ``` ## BabyRSA 這題給了一個 RSA 加密範例腳本跟密文。 ```shell $ py BabyRSA.py Public Key: (44281601002928906569017545371860459318707591, 71087547166903011789709987638473202020047789) Encrypted Message: 25638222526367515610214481719356557354251741 Decrypted Message: picoCTF{DUMMY} ``` ``` Public Key: (23857068200212442500767821064303795956749471, 37537132271592040694438507490332655678895469) Encrypted Message: 13942904496647238780553318677174545568017860 ``` 然後就是照公式解 RSA： ```python from Crypto.Util.number import inverse, long_to_bytes, GCD p = 5402516656957118768653 q = 6948082653896754664673 e = 23857068200212442500767821064303795956749471 n = p * q encrypted_message = 13942904496647238780553318677174545568017860 # φ(n) phi_n = (p - 1) * (q - 1) d = inverse(e, phi_n) decrypted_long = pow(encrypted_message, d, n) decrypted_message = long_to_bytes(decrypted_long).decode('utf-8', errors='ignore') print(decrypted_message) ``` ```shell $ py dec.py is1abCTF{So_B4by.} ``` ## Find P&Q Alpha 暴力解，有更好的解法再麻煩交流一下 🙏 ```python A = 5292223802 B = 3011638202 O = 41408258969526 for P in range(10001): for Q in range(10001): if P * A + Q * B == O: print(f"Found P = {P}, Q = {Q}") exit() print("No solution found") ```  ``` is1abCTF{Y0U-Wi1L-LoVE-cRyp70-0X01-0303} ``` # Pwn ## Poetrier 丟 IDA64 搜一輪看到這個： ```c int setcbuf() { int result; // eax result = x; if ( x == 1 ) { puts("\nis1a"); puts("\nb{0h"); puts("\n~w0w"); puts("\n!!Y4"); puts("\nu_@r"); puts("\n3_a_"); puts("\nstr1"); puts("\nn93r"); return puts("\n~0.<}"); } return result; } ``` ``` is1ab{0h~w0w!!Y4u_@r3_a_str1n93r~0.<} ``` # Web ## 不要跑 Path Traversal，原本以為是 session 偽造，猜中 `/admin` 這個 endpoint 後又看到有一個 `/very-oooooold-admin`。  然後這題有瑞克搖可以看。  把假登入 overlay 拿掉之後直接用當前的 session 可以改自己的分數，然後就是設定跟冠軍一樣，回到主頁就能看到 flag。 ```plain is1abCTF{7h3_p457_n3v3r_f4d35} ``` # Reverse ## Time Machine 用 x64dbg 動態測試的時候意外發現 flag。  ``` is1abCTF{cH4ngE_tImE_$o_34sy} ``` # Forensics ## What is my password? 看到 `vm-disk1.vmdk` 副檔名知道是虛擬硬碟 + 用 Autopsy 搜檔案。 然後 Autopsy 分析到一半的時候無聊用 7z 亂點，點到 flag。 Flag 在：`\vm-disk1.vmdk\2.Basic data partition.ntfs\$Recycle.Bin\S-1-5-21-3018351617-4214396275-922386290-1001\$R5WFCO5.txt`  ``` is1abCTF{forEN5ic_!$_funNy} ``` ## 大駭客 Marco `binwalk` 一下發現好像有壓縮檔。 ```shell! $ binwalk secret DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 16 0x10 Zip archive data, at least v2.0 to extract, uncompressed size: 2497122, name: secret 2500003 0x2625A3 End of Zip archive, footer length: 22 ``` `binwalk -e` 之後裡面還有另一個 `secret`，用 hex editor 打開後能看到 IHDR 跟 `DIE` 開頭貌似 PNG 的檔案，所以直接把 `DIE` 換成 `PNG`，副檔名也加上 `.png`。  然後打開 `secret.png`，可以看到 flag：  ``` is1abCTF{D1D Y0U KN0W MAG1C NUMBER?} ``` ## 不要偷看 這題要看 pcapng，搜了一下網路發現有可視化服務可以輔助解題。 根據題意可以知道要找的目標是 HTTP，所以翻一下可以找到這個：  然後能看到 flag 的 pattern，把 HTML 拿出來單獨開來看：  ``` is1abCTF{1_l1ke_9ur4_5he's_s0_cu7e} ``` # General Skill ## Welcome  ``` is1abCTF{welcome_is1abCTF} ``` ## 教授我想進入 is1ab 前往 is1ab 進場規則，頁面最下面能找到 flag。  ``` is1abCTF{is1ab讚!!} ``` ## Hello Docker ```shell $ sudo docker pull cylinder1811/is1ab-ctf-docker-hello Using default tag: latest latest: Pulling from cylinder1811/is1ab-ctf-docker-hello e40b95b27379: Pull complete Digest: sha256:fd8fa9531289a2064c96bbc391d4174b5f9b9a36b67ab14d729dc3eb1284ca04 Status: Downloaded newer image for cylinder1811/is1ab-ctf-docker-hello:latest docker.io/cylinder1811/is1ab-ctf-docker-hello:latest $ sudo docker run cylinder1811/is1ab-ctf-docker-hello Hello! This message shows that your installation appears to be working correctly. We have a flag for you! flag{0x00-Y0u-CoRrect-rUn-tHe-1m@Ge-Owo8} ``` ## Data Mining 這題照著說明的加鹽方法產生 SHA256，因此可以透過腳本實作： ```py import hashlib RS = "5090" D = "b4754521c04f02d12d68d43f1bed959ba1b964ee174998c6dea0921e1b6c9f04" base_string = f"{RS}_{D}" for iteration in range(1000000): candidate = f"{base_string}_{iteration}" hash_result = hashlib.sha256(candidate.encode()).hexdigest() if hash_result.startswith('aa'): print(f'Found T: {iteration}') print(f'SHA-256: {hash_result}') break ``` ```shell $ ncat 127.0.0.1 16177 Let's data mining! Your challenge: - Random Seed (RS): 5090 - Data (D): b4754521c04f02d12d68d43f1bed959ba1b964ee174998c6dea0921e1b6c9f04 Find a text T to make the result of sha256(RS_D_T), the first two digit is A. (i.e. AA....) Please input your T: 421 The hash sha256(5090_b4754521c04f02d12d68d43f1bed959ba1b964ee174998c6dea0921e1b6c9f04_421) = AA3BD1 ... C31 You mined the gold! Here is your flag: is1abCTF{tRy-70-DATa-m1n1n9-653d0141-bf1a-4c2e-8d3b-3bdecbadc038} ``` ## 問卷調查  ``` is1abCTF{我填完問卷了！} ```