Pwn2Win CTF 2016

Pwn2Win CTF 2016 writeup Hidden in Plain Sight

Hidden in Plain Sight
Points: 40
Category: Forensics
Description:
Hidden in Plain Sight

HINT: you need to know the basic principle behind how MEGA works in order to solve this challenge. Flag.txt is the flag, but it is hidden... in plain sight ;)

DICA: você precisa saber o princípio básico de funcionamento do MEGA para resolver esse desafio. Flag.txt é a flag, mas ela está escondida... em plena vista ;)

Hints:
2016-03-25 16:49:23 - The flag is in the file, but maybe you shouldn't download the file the usual way ;)
2016-03-25 17:58:46 - When I read PLAIN, it reminds me of PLAINTEXT
2016-03-25 18:51:57 - As we first said in the IRC channel, this challenge should be simple to solve using only a webbrowser (e.g. Firefox or Chrome)
リンクをクリックすると、次のようにオンラインストレージサービス「MEGA」のダウンロードページが表示されます。

no title

そのままflag.txtをダウンロードしても、下記のとおり文字化け?しています。
}ッv#ハヨ學QxJZzム\M�2失��ニ&Nイ<ュzエ犇┥ナ*求�
�k/テテオ
ここで、オンラインストレージサービス「MEGA」の仕組みを調べてみます。
http://www.fortinet.co.jp/security_blog/130618-DotComs-Mega-Encryption-Scheme-Illustrated.html
http://y4miken.blog.jp/archives/mega.co.nz.html

URLの!で囲まれた部分!6N0gmRLK!がファイルID、その後ろの残りの部分VsN9gLdiYbxMVTA-AdsRjsvezMpdEqiR9ngwrS6gR7kが復号鍵になります。ファイルはダウンロードされた後に、この復号鍵を使ってクライアントサイドで復号されるそうです。
ということで、Chromeのデベロッパーツールを使用して、複合化する前のデータを確認してみます。

1

やはり復号前のデータのほうが平文だったようです。
フラグは、
CTF-BR{0_CLUB3_C0s7um4_us4r_CryPt0___mas_nem_sempre}
です。



Pwn2Win CTF 2016 writeup Sum (Hello World Platform)

Sum (Hello World Platform)
Points: 20
Category: Programming Like Marathons
Description:

English:


This problem is an example on how to connect to our server to read inputs and send the outputs for the programming challenges. Given a set of numbers greater than zero, followed by zero and a line break, compute the sum of these numbers. The solution for this problem is available at: https://static.pwn2win.party/solvers-example-platform.tar.gz.  All you need to do in order to obtain the flag is to execute the implementation you see more fit!


openssl s_client -connect programming.pwn2win.party:9000

ダウンロードしたファイルを解凍すると、C++、Java、Pythonで書かれたソースファイルが出来ます。
  • solve_sum.cpp
  • solve_sum.java
  • solve_sum.py
Python-2.7.9の実行環境でPythonプログラムを実行するだけで、下記のとおりフラグが表示されました。
$ /usr/local/lib/python2.7.9/bin/python solve_sum.py
received: 6 3 4 6 5 2 6 6 2 0
sent: 40
received: 8 5 2 3 1 1 9 5 9 2 0
sent: 45
received: 7 1 5 4 2 9 9 0
sent: 37
received: 6 8 4 7 3 9 5 7 9 6 6 1 8 2 2 0
sent: 83
received: 5 5 8 3 8 3 9 7 1 7 1 1 2 2 5 9 5 7 0
sent: 88
received: 5 9 9 1 3 7 3 5 4 4 2 4 6 6 6 1 0
sent: 75
received: 2 7 9 1 2 8 5 6 5 9 6 5 5 8 9 9 2 7 4 0
sent: 109
received: 7 9 7 2 2 2 9 0
sent: 38
received: 5 7 1 3 9 6 2 6 3 3 7 1 4 4 2 1 0
sent: 64
received: 5 2 2 3 2 8 1 8 0
sent: 31
received: 9 7 5 5 1 3 8 1 7 6 1 7 0
sent: 60
received: 6 7 2 9 6 8 1 0
sent: 39
received: 1 1 6 2 3 7 0
sent: 20
received: 4 7 2 5 1 5 3 4 7 7 0
sent: 45
received: 3 3 5 6 5 3 3 6 4 2 6 4 4 1 0
sent: 55
received: 1 4 7 7 7 1 5 4 5 3 0
sent: 44
received: 2 3 5 6 7 1 6 4 9 2 1 0
sent: 46
received: 8 3 6 3 2 5 6 9 6 9 2 2 3 3 9 3 4 1 4 0
sent: 88
received: 2 5 4 3 9 1 1 7 8 6 0
sent: 46
received: 9 1 6 8 2 5 5 4 8 1 0
sent: 49
received: CTF-BR{Congrats!_you_know_how_to_sum!}
フラグは、
CTF-BR{Congrats!_you_know_how_to_sum!}
です。

Pythonプロフェッショナルプログラミング 第2版
株式会社ビープラウド
秀和システム
2015-05-21


Pwn2Win CTF 2016 writeup g00d b0y

g00d b0y
Points: 10
Category: Bonus
Description:
English:
If you were a good kid, get your 10 points.
登録完了メールに記載されている以下のリンクをクリックします。

1

IMPORTANT: read carefully and calmly the information and rules.
以下のページが表示されます。このページをよく読むと、下のほうにフラグが記載されています。
no title

フラグは、
RTFM_1s_4_g00d_3xpr3ss10n_v2.0
です。



Pwn2Win CTF 2016 writeup Skycast

Skycast:
Points: 10
Category: Story
Description:
"The Club - The Power Behind the Scenes"

English:
 
It all started in the 60s and 70s when there was still hope - when there was no Project SKY-80:37...
A small number of the most senior officers from the Brazilian military were unsatisfied with the way their country was being run and decided to create a secret organisation called the "Marble Club" (the original term was born on this occasion, and was used by a presenter later). This club had two main aims; to oust the existing dictatorship and subsequently become the political leaders of the country themselves. The Mentor (sometimes known as 'Fideleeto') set up meetings which were also attended by honorary members and the intellectual elite. Those who were away participated in the meetings via telephone (being a common device at the time).
The Club's rule was absolute, freedom of expression was not allowed and censorship was a core part of their ambitious plans. With their conspiracy beginning to take shape the next task was to establish an idea to use as an excuse for their existence - to try to avoid any 'reluctance' the general population may have about a regime change. The rally cry chosen was "For the defence of national security".
In the period following the regime change, the Club attempted to exert extreme control of the media. This later became known as the "buckshot period." The people however were not so easily fooled and the saying "Brazil, Love it or leave it" became a common catchphrase. Many left the country out of despair and disgust. The "buckshot period" was deemed to be unsuccessful and so the Club started devising more effective strategies to maintain their grasp on power. The approach they settled on was reverse tactics and avoid the use of force directly against the media. Instead they decided they would create and maintain the illusion of a democracy. They declared that one of their members, a "General Peixel", would be chosen as their puppet successor who would slowly set up a pseudo-democracy in the country to placate the opposition. Taking his orders from the Club, General Peixel announced the end the existing government and that elections would be held. This was just the first step. Brazil needed to rescue their exiled talented people so an amnesty law was created. "You need educated citizens but still gullible", said Mentor at a meeting of the Club.
However, even as direct elections were already being celebrated in the streets, the Club was studying and devising ways to have the appearance of a legitimate choosing of political representatives as voted by the the people, but without losing the traditional control that already had over the country. That's when the idea arose of Electronic Ballots, which began to be studied further in the 80s.
Also in the early 80s, a group called Project SKY-80:37 was formed by students (PhD) of Brazilian universities, initially with the aim of peaceful street protests organized by BBSs. The government repression was still in effect against this type of activity so no one was willing to take a leadership role. As a result the groups overt actions were few in number. However the thirst for change country was great meetings held frequently, and a new approach emerged: using knowledge to attack the root problem.
In the 90s, after the return of direct elections, and with the a new puppet government in place, the Club met again with their advisers (including Mentor). Here is a rough translation from the meeting transcript, recorded with the help of a voice recorder created by a member of the Project and left in place the day before the meeting:
"You need to do something I never do, but it will be necessary for the course in Brazil remain in our tracks. These Electronic Booths which have proven to be reliable, that is, easy to tampering, according to reports. The big secret for the popularization is to invest in marketing, through the image that is safe".
At that meeting, the original idea of ​​media censorship was again discussed, and again this time the approach was different. The Club realized that partnering with major media outlets to filter the information that suited them would be much more effective than punishing those that dared stand up to them, and would also benefit both sides.
The electronic voting booths were deployed and media partnerships negotiated. Election after election the people were unwittingly at the mercy of the Club's wishes, seeing only what they were allowed to see, doing exactly what The Club want them to do. The only spark of hope was called Project SKY-80:37.
My friends - we are here now fighting for a decent country using the biggest weapons we have: knowledge, hacking, and courage! Thanks to many old school friends (some still are active) who formed this group, we can get up and shout our cry of freedom because we are still alive and we will not be silenced.
We still have much to learn. We had the idea of broadcasting this message. We need your help in some missions. We have a lot of 'raw'  information about the Club and its activities that still need to be 'processed' quickly in order to be useful for us, for the people of Brazil and for the establishment of a real democracy.
This message was sent by SKYcast, only a select group of hackers can read it. We welcome those privileged few. I hope you can help us.
"For every action there is a reaction, we are the resistance, and the last resort." SKYbit89

Confirm receipt of the message by sending back "CTF-BR{SKYcast_recebido_e_lido}".
 
Greetings, SKYpitain82.
最後のほうにフラグが記載されています。
フラグは、
CTF-BR{SKYcast_recebido_e_lido}
です。


記事検索
ギャラリー
  • TetCTF 2023 NewYearBot
  • UUT CTF writeup Find The Password
  • UUT CTF writeup The Puzzle
  • Hack Zone Tunisia 2019 writeup Microscope
  • Hack Zone Tunisia 2019 writeup Welcome
  • SwampCTF 2019 writeup Brokerboard
  • SwampCTF 2019 writeup Leap of Faith
  • SwampCTF 2019 writeup Last Transmission
  • CBM CTF 2019 writeup Long road
カテゴリー