logo

Menu

  • R00T
  • WH0AM1

Suis-moi !

  • Twitter
  • Github

Posts Tagged “CTF”

Almost XOR – Crypto – CSAW17

Almost XOR – Crypto – CSAW17

For this challenge of crypto, we got a ciphered message and a python script. We knew from precedent challenge that flag are always of the form flag{XXXX}, so we make the assumption that it was the same here, so we got the first 5 chars of the ciphered so we got first part of the…

18 September 2017 BadTigrou
CSAW17, CTF, Write UpCSAW17 , CTF , Write Up

Littlequery – Web – CSAW17

Littlequery – Web – CSAW17

Littlequery is a web challenge with a login page : The behaviour is interesting, when we tried to login, the html password input is replaced by the sha1 of the input with this javascript code : $(“.form-signin”).submit(function () { var $password = $(this).find(“input[type=password]”); $password.val(CryptoJS.SHA1($password.val()).toString()); }); So there is a chance that when someone login the…

18 September 2017 BadTigrou
CSAW17, CTF, Write UpCSAW17 , CTF , Write Up

Best Router – Forensic – CSAW17

Best Router – Forensic – CSAW17

For this challenge we have an archive containing a large img file which is a dump of an sd card from a Rasperry Pi. so after extracting it and mounting it we are able to navigate through the files. Nothing in home directory, /etc folder told us that’s there is an apache server on this…

18 September 2017 BadTigrou
CSAW17, CTF, Write UpCSAW17 , CTF , Write Up

Another Xor – Crypto – CSAW17

Another Xor – Crypto – CSAW17

Here is a crypto challenge, we got a ciphered message and the script used, source are available on my github. From the script we can clearly see that : message = flag+key+md5(message) ciphered = xor(message, key) The interesting point is that the key have been xored with itself with an offset, but i will help…

18 September 2017 BadTigrou
CSAW17, CTF, Write UpCSAW17 , CTF , Write Up

Orange v1 – Web – CSAW17

Orange v1 – Web – CSAW17

This is one of the web challenge of CSAW17 event. I wrote a little proxy program in NodeJS for my poems folder. Everyone wants to read flag.txt but I like it too much to share. http://web.chal.csaw.io:7311/?path=orange.txt Looks like we have to find a LFI (Local File Inlcusion), we were able to get the index of…

18 September 2017 BadTigrou
CSAW17, CTF, Write UpCSAW17 , CTF , Write Up

CVV – Misc – CSAW17

CVV – Misc – CSAW17

In this challenge we were asked to give card number, there are different steps, firstly we are asked card number for Visa, Master Card, Discovery, American Express they must be sent only once. The next step is to give cards numbers which start with 4 given digits, next card number finish with one given number…

18 September 2017 BadTigrou
CSAW17, CTF, Write UpCSAW17 , CTF , Write Up

Missed Registration – Forensic – CSAW17

Missed Registration – Forensic – CSAW17

For this challenge we got a pcap containing lot of post request, we opened it with wireshark an apply this filter : http.request.method == “POST” Next we extracted all data from POST requests. name=Amy&lname=Smith&school=University+of+Maine+at+Machias&major=Biological+and+Biomedical+Sciences&c=Italian+Self-Actualization+Music+In+The+Postmodern+Era&s=B&text=Minima+dolor+rerum+ipsam+doloremque+beatae+dolore+autem+minima.+Dolorum+optio+illo+dicta+dolore+eum.+Quidem+repudiandae+labore+officiis+consectetur+excepturi+repudiandae+accusantium.&n=ed51f867229913f8d65128d4d371e9a1e2db71de69aadbd3cc0aaa4725f97e358419798dab291a263936f07b235a89ca173d24dfe149d5b5889de5a6c97a514a30134dda9042eb0eaf5c56c8b78e5119cc69f3d6565897a809a18d94a3d6b4eb99 But some of the paquets got an extra x parameter: name=Tonya&lname=Bush&school=Limestone+College&major=Personal+and+Culinary+Services&c=Populist+Political+Correctness+In+Modern+Paintings&s=F&text=Dolores+consectetur+consequuntur+est+aperiam.+Nesciunt+impedit+tempore+inventore+nulla+iste+libero+earum.+Nam+quae+cum+molestias+similique+consequuntur+omnis.&n=c689fda2a036f389c03ed744078058fe6e3e42d1cd6d4b71475e31691cd3855405d1439b94bff7f25505bbd7f294f91a5284b01602f8f3dc86aac39ab40553a92a0bab3868e4397b57ab2ecb89fdffbfaf629c923705457ef0fa752f529e5ec56f20c87592867d103b758977cf2724fbdc2ec8379768cb312bcabb03e27b5c0d72197bba39f74d195573696e32ab2e7e16675618ff67fc4420c1&x=424d36190000000000003604000028000000e000000018000000010008000000000000000000c40e0000c40e00000001000000010000010203ff0c1416ff10191bff192729ff1c2e32ff1c353aff212a2cff232e31ff273639ff303d3fff253d41ff2a454bff33474bff2c4b53ff So x seems interesting, so we extracted all values of…

18 September 2017 BadTigrou
CSAW17, CTF, Write UpCSAW17 , CTF , Write Up

Serial – Misc – CSAW17

Serial – Misc – CSAW17

Hi everyone, This weekend took place CSAW17 which is one of the largest student-run cyber-security event in the world, featuring an international online CTF. Our team passed the whole week-end trying to capture the flag. Here is the first write up of some of the challenges we flagged. So the first challenge we solved was…

18 September 2017 BadTigrou
CSAW17, CTFCSAW17 , CTF , Write Up

Write Up Merkle Nuit du Hack 2017

Write Up Merkle Nuit du Hack 2017

Il s’agit d’un challenge de crypto, on a un ficher merkle.py qui implémente un client/serveur et un fichier merkle.pcap. Le fonctionnement du script python est relatvement simple il s’agit d’un pseudo diffie-hellman maison. Le serveur génère un tableau de 512 strings de 96 caractères alpha-numériques qu’il va envoyer au client. Le client va alors déchiffrer…

26 June 2017 BadTigrou
CTF, NDH, Write UpCTF , NDH2k16 , Nuit du Hack , Write Up

Write Up Cul air code Nuit du Hack 2017

Write Up Cul air code Nuit du Hack 2017

Encore un des autres challenges de la Nuit du Hack 2017. Le titre et l’image du challenge nous incite à trouver un QR code. Un coup de foremost qui nous permet d’extraire 100 png de 30×30 pixels. Chacune des images ressemble à un bout de QR code. Alors on ouvre gimp on import toutes les…

26 June 2017 BadTigrou
CTF, NDH, Write UpCTF , NDH2k17 , Nuit du Hack , Write Up
Next Page »
Copyright © 2017. BadTigrou