tumb1yc4t
welcome to my twisted hacker guide
4 posts
Don't wanna be here? Send us removal request.
tumb1yc4t · 2 years ago
Text
Welcome Presentation
Details
CATEGORY: forensics OBSERVED DIFFICULTY: 1/5 CTF: Unnamed
Challange
[Text lost but we are given a pptx file]
Solution
We are given a powerpoint presentation, when viewd it is empty.
We can explore the contents of the file by renaming it as a .zip file and extracting it with the unzip command.
Looking around, we find a file named "hidden", inside is the flag base64 encoded.
--1103
0 notes
tumb1yc4t · 2 years ago
Text
The Wizarding World of Crypto
Details
CATEGORY: crypto OBSERVED DIFFICULTY: 2/5 CTF: Unnamed
Challange
[Text lost but we are given a netcat ip/port]
Solution
We are given morse code after conecting and told it is a name.
If we decrypt it, we are given N, e & c, RSA paramters.
After running a few attacks with rsactftool we find that a cube-root attack works most of the time.
Decrypting the c value we get some scrabeled text, probably a rot-13 cypher.
Conter-rotating the text, we get a human name!
If we send this back we are given another morse code sequence.
So we don't get timed out, we use the folowing code:
import base64 as b import re from pwn import * from subprocess import run import codecs # Dictionary representing the morse code chart MORSE_CODE_DICT = { 'A':'.-', 'B':'-...', 'C':'-.-.', 'D':'-..', 'E':'.', 'F':'..-.', 'G':'--.', 'H':'....', 'I':'..', 'J':'.---', 'K':'-.-', 'L':'.-..', 'M':'--', 'N':'-.', 'O':'---', 'P':'.--.', 'Q':'--.-', 'R':'.-.', 'S':'...', 'T':'-', 'U':'..-', 'V':'...-', 'W':'.--', 'X':'-..-', 'Y':'-.--', 'Z':'--..', '1':'.----', '2':'..---', '3':'...--', '4':'....-', '5':'.....', '6':'-....', '7':'--...', '8':'---..', '9':'----.', '0':'-----', ', ':'--..--', '.':'.-.-.-', '?':'..--..', '/':'-..-.', '-':'-....-', '(':'-.--.', ')':'-.--.-'} # Function to encrypt the string # according to the morse code chart def encrypt(message): cipher = '' for letter in message: if letter != ' ': # Looks up the dictionary and adds the # corresponding morse code # along with a space to separate # morse codes for different characters cipher += MORSE_CODE_DICT[letter] + ' ' else: # 1 space indicates different characters # and 2 indicates different words cipher += ' ' return cipher # Function to decrypt the string # from morse to english def decrypt(message): # extra space added at the end to access the # last morse code message += ' ' decipher = '' citext = '' for letter in message: # checks for space if (letter != ' '): # counter to keep track of space i = 0 # storing morse code of a single character citext += letter # in case of space else: # if i = 1 that indicates a new character i += 1 # if i = 2 that indicates a new word if i == 2 : # adding space to separate words decipher += ' ' else: # accessing the keys using their values (reverse of encryption) decipher += list(MORSE_CODE_DICT.keys())[list(MORSE_CODE_DICT .values()).index(citext)] citext = '' return decipher p = remote('[redacted]', 2226) p.readuntil("What does this mean?\r\n") mors = p.recvuntil(' \r\n>>') p.writeline(b'[redacted]') # print(mors) for x in range(5): p.readuntil("What does this mean?\r\n") mors = p.recvuntil(' \r\n>>') mors = mors[:-5] mors = mors.decode("utf-8") mors = mors.replace("/", "-..-. ") mors = decrypt(mors) mors = mors.split("/") tmp = [chr(int(x)) for x in mors] tmp = "".join(tmp) tmp = b.b64decode(tmp) tmp = tmp.splitlines() N = tmp[0][4:].decode("utf-8") e = tmp[1][4:].decode("utf-8") c = tmp[2][4:].decode("utf-8") t = run(f"rsatool --private --attack cube_root --verbosity DEBUG --timeout 5 -n {N} -e {e} --uncipher {c}", shell=True, capture_output=True, encoding="utf-8") #print(t.stdout) m = re.search("utf-8 : (.*)", t.stdout) print(m[1]) tmp = codecs.decode(m[1], "rot_13") print(tmp) tmp = tmp.replace("\x1b[0z", "") tmp = tmp.encode("ascii") print(tmp) p.writeline(tmp) while True: print(p.readline())
--1103
0 notes
tumb1yc4t · 2 years ago
Text
SpaceWars
Details
CATEGORY: misc OBSERVED DIFFICULTY: 1/5 CTF: Unnamed
Challange
[Text lost but we are given one file]
Solution
The file appears to be empty, but on closer inspection contains lots of whitspace (tabs, newlines, ect). This is likely the whitespace esolang.
The flag is found by running the "code" with a whitespace intepreter.
--1103
0 notes
tumb1yc4t · 2 years ago
Text
Back to the basics
Details
CATEGORY: pwn OBSERVED DIFFICULTY: 1/5 CTF: Unnamed
Challange
[Text lost but we are given two files]
Solution
If we look at the first file we see it is ELF, if we de-compile it with cutter we see the flowing:
So this appears to scramble input text by taking each char and mutiplying it by ’\x02’.
If we look at the second file we see scrabled text, this is probably our flag.
We can unscrable it with the folowing code:
import re print((ord("N") * ord('\x02'))) with open("output") as f: i = f.readlines() i = [int(x, 16) for x in i] print(i) i = [(x//ord('\x02')) for x in i] print(i) i = [(chr(x)) for x in i] i = "".join(i) print(i)
--1103
0 notes