Ctrl+F to search write-up
Team : yoobi(solo)
Rank : 286/753th
Web
| Sometime you need to look wayback / 25pts / 377 Solves - yoobi |
| Do Something Special / 50pts / 362 Solves - yoobi |
| Obsfuscation Isn't Enough / 50pts / 383 Solves - yoobi |
| Zero is not the limit / 50pts / 247 Solves - whtmdgus56 |
| Find Pass Code - 1 / 50pts / 311 Solves - whtmdgus56 |
| Most Secure Calculator - 1 / 50pts / 338 Solves - whtmdgus56 |
| Can you be Admin? / 50pts / 65 Solves - Team TamilCTF |
| My PHP Site / 50pts / 242 Solves - Team TamilCTF |
| Bypass!! Bypass!! Bypass!! / 150pts / 7 Solves - Team TamilCTF |
| Find Pass Code - 2 / 150pts / 216 Solves - Team TamilCTF |
| Most Secure Calculator - 2 / 250pts / 135 Solves - Team TamilCTF |
Reverse Engineering
| The Flag Vault / 25pts / 389 Solves - yoobi |
| The Encoder / 50pts / 342 Solves - yoobi |
| Baby Shark / 50pts / 294 Solves - yoobi |
| Flag Checker / 100pts / 194 Solves - yoobi |
| Knight Vault / 100pts / 193 Solves - yoobi |
| Droid Flag / 100pts / 154 Solves - Harsh Mehta(1n40) |
| Knight Switch Bank / 200pts / 173 Solves - Harsh Mehta(1n40) |
Hardware
| Blood Of Circuits / 150pts / 92 Solves - AlternoX |
| Fix It Felix! / 150pts / 19 Solves - blackcon |
| Tensed Tom / 200pts / 1 Solves - Shantanu Rahman |
OSINT
| Canada Server / 50pts / 399 Solves - yoobi |
| Explosion In Front Of Bank Of Spain / 100pts / 142 Solves - Paul Jeremiah |
| Find The Camera / 100pts / 291 Solves - Paul Jeremiah |
| Find The Hacker / 100pts / 19 Solves |
| Java In Earth / 100pts / 63 Solves |
| Find The Hacker 2 / 100pts / 9 Solves |
| Find The Hacker 3 / 100pts / 4 Solves |
| Find The Hacker 4 / 150pts / 3 Solves |
Cryptography
| Passwd / 25pts / 536 Solves - yoobi |
| 404 Not Found / 25pts / 143 Solves - Jagsec |
| Jumble / 50pts / 291 Solves - yoobi |
| The Pairs / 50pts / 20 Solves |
| RSA-One / 100pts / 142 Solves - Kabilan S |
| AlphabetknockCode / 100pts / 145 Solves |
| Tony Stark Needs Help / 150pts / 113 Solves |
| Feistival / 150pts / 153 Solves |
| Tony Stark Needs Help Again / 150pts / 35 Solves |
PWN
| What's Your Name / 50pts / 321 Solves - yoobi |
| Hackers Vault / 100pts / 208 Solves - yoobi |
| What's Your Name 2 / 100pts / 187 Solves - Team TamilCTF |
Programming
| Keep Calculating / 25pts / 308 Solves - yoobi |
| Time Complexity / 25pts / 261 Solves - yoobi |
| Reverse The Answer / 50pts / 305 Solves - yoobi |
| Square Sum / 50pts / 301 Solves - Jagsec |
| Something In Common / 50pts / 355 Solves - yoobi |
| Find The Number / 50pts / 328 Solves - yoobi |
| Run The Program / 50pts / 157 Solves |
| Loop In A Loop / 100pts / 303 Solves - yoobi |
Misc
| The Hungry Dragon / 50pts / 196 Solves - Felix |
| Broken Datasheet / 100pts / 161 Solves - gom8 |
| Unzip Me / 100pts / 293 Solves - yoobi |
| Look Closely / 100pts / 169 Solves - Team Red Knights CTF |
Steganography
Networking
| Robots.txt / 25pts / 234 Solves - Adem Hmissa |
| Vuln / 25pts / 176 Solves |
| FTP Flag / 25pts / 215 Solves - Adem Hmissa |
| PHP Version / 25pts / 127 Solves |
| How's The Shark? / 25pts / 355 Solves - yoobi |
| KCTF / 25pts / 96 Solves |
| Find the Flag / 50pts / 328 Solves - Jagsec |
| Compromised CTF Platform / 50pts / 265 Solves - Adem Hmissa |
| Vuln Columns / 50pts / 154 Solves |
| Hashed Password / 50pts / 117 Solves |
| Database Flag / 50pts / 106 Solves |
| Admin Arena / 50pts / 198 Solves - Adem Hmissa |
| Attacker / 50pts / 131 Solves - Jagsec |
Digital Forensics
| The Lost Flag / 25pts / 329 Solves |
| Compromised FTP / 25pts / 313 Solves - Team TamilCTF |
| Unknown File / 50pts / 201 Solves - Team TamilCTF |
| Let's Walk Together / 50pts / 210 Solves - Team TamilCTF |
Web
Sometime you need to look wayback / 25pt / 377 Solves
check source of this site,
we can get github repo URL
go to checking repo101's commit log,
we can get the FLAG
End
Do Something Special / 50pt / 362 Solves
In this site, we can see that '#' letter is not working
Thus, exchange # -> %23
We can get the FLAG
End
Obsfuscation Isn't Enough / 50pt / 383 Solves
encrypted JS Code
We can get real Code by using ".toString()"
Then, we can get decoument.location infomation,
Access that php file, We can get the FLAG
End
Reverse Engineering
The Flag Vault / 25pt / 389 Solves
Using IDA to decompile file,
we can get C code of Chall file
Enter that password, and we can get the FLAG
End
The Encoder / 50pt / 342 Solves
Using IDA to decompile file,
we can get C code of Chall file
Make simple python reverse script & brute forcing it
import string
s = string.ascii_letters + string.punctuation + string.digits
def countChar(s):
v3 = 0
i = 0
while True:
if len(s) == i:
break
if s[i] != 10:
v3 = v3 + 1
i = i + 1
return v3
v7 = 1337
v6 = 0
s2 = "KCTF"
s1 = "1412 1404 1421 1407 1460 1452 1386 1414 1449 1445 1388 1432 1388 1415 1436 1385 1405 1388 1451 1432 1386 1388 1388 1392 1462"
s1 = s1.split(" ")
flag = ""
for i in range(len(s1)):
s1[i] = int(s1[i])
for j in range(len(s1)):
i = 0
while True:
v3 = countChar(s)
if i >= v3:
break
v6 = int(ord(s[i]))
# print(v6+v7)
if (v6+v7) == s1[j]:
flag += s[i]
i = i + 1
print(len(s1))
print(flag)
We can get the FLAG
End
Baby Shark / 50pt / 294 Solves
This Chall is given .jar file
Using Java Decompiler to get JAVA code
in String.class we can get String _0xflag value
Decode from Base64
We can get the Flag
End
Flag Checker / 100pt / 194 Solves
Using IDA to decompile file,
we can get C code of Chall file
Make simple reverse C code and brute forcing it
#define _CRT_SECURE_NO_WARNINGS
#include <stdio.h>
#include <string.h>
int __cdecl main(int argc, const char** argv, const char** envp)
{
char v4[512]; // [rsp+0h] [rbp-240h] BYREF
char v5[51]; // [rsp+200h] [rbp-40h] BYREF
char key[512];
char v6; // [rsp+233h] [rbp-Dh]
int v7; // [rsp+234h] [rbp-Ch]
int j; // [rsp+238h] [rbp-8h]
int i; // [rsp+23Ch] [rbp-4h]
int k;
for (i = 0; v4[i]; ++i)
{
v4[i] = i;
}
strcpy(v5, "08'5[Z'Y:H3?X2K3V)?D2G3?H,N6?G$R(G]");
printf("Give me a flag : ");
//32 ~ 126 means ASCII
for (i = 32; i <= 126; ++i)
{
if (v4[i] <= 64 || v4[i] > 90)
{
if (v4[i] <= 96 || v4[i] > 122)
v4[i] = v4[i];
else
v4[i] = -37 - v4[i];
}
else
{
v4[i] = -101 - v4[i];
}
}
for (j = 32; j <= 126; ++j)
v4[j] -= 32;
v7 = 0;
v6 = 0;
//Fing FLAG
for (i = 0; i <= 35; i++)
{
for (j = 32; j <= 126; j++)
{
if (v5[i] == v4[j])
printf("%c", j);
}
}
exit(0);
}
We can get the FLAG
End
Knight Vault / 100pt / 193 Solves
Using IDA to decompile file,
we can get C code of Chall file
Make simple reverse C code and brute forcing it
#define _CRT_SECURE_NO_WARNINGS
#include <stdio.h>
#include <string.h>
int __cdecl main(int argc, const char** argv, const char** envp)
{
char v4; // [rsp+Bh] [rbp-435h]
int i; // [rsp+Ch] [rbp-434h]
int j;
int v6; // [rsp+Ch] [rbp-434h]
char v7[48]; // [rsp+10h] [rbp-430h] BYREF
char v8[1016]; // [rsp+40h] [rbp-400h] BYREF
unsigned __int64 v9; // [rsp+438h] [rbp-8h]
//v9 = __readfsqword(0x28u);
strcpy(v7, "*9J<qiEUoEkU]EjUc;U]EEZU`EEXU^7fFoU^7Y*_D]s");
puts("Hello There..\nWelcome to KS Vault.");
printf("Please enter vault password : ");
for (i = 0; i < 1016; ++i)
{
v8[i] = i;
}
for (i = 32; i <= 126; ++i)
{
v8[i + 512] = v8[i] - 10;
if (v8[i + 512] == 65)
v8[i + 512] = 42;
//printf("%c ", v8[i]);
}
v6 = 0;
v4 = 0;
//43
for (i = 0; i < 43; i++)
{
for (j = 32; j <= 126; j++)
{
if (v7[i] == v8[j + 512])
printf("%c", j);
}
}
return 0;
}
We can get the FLAG
4K was appeared, change 4K -> K
End
OSINT
Canada Server / 50pt / 399 Solves
FLAG : KCTF{192.99.167.83}
End
Cryptography
Passwd / 25pt / 536 Solves
This Chall is given passwd file
using MD5 attacker to attack given string,
we can get password of knight user
FLAG : KCTF{exploit}
End
Jumble / 50pt / 291 Solves
This Chall is given script and ciphertext
make reverse python script and run it
def ff(t):
c = list(t)
for i in reversed(range(len(t))):
for j in reversed(range(i, len(t) - 1)):
c[j], c[j+1] = c[j+1], c[j]
return "".join(c)
def f(t):
c = list(t)
for i in range(len(t)):
for j in range(i, len(t) - 1):
c[j], c[j+1] = c[j+1], c[j]
return "".join(c)
if __name__ == "__main__":
enc = "0Un5Hfz02zQ=NtVB0=RZfMSX"
#origin = "ababababcdcdcdcd"
#enc = "bbbbddddaaccacca"
#print(f(origin))
print(ff(enc))
We can get encrypted Base64
We can get FLAG by decoding it
End
PWN
What's Your Name / 50pt / 321 Solves
Using IDA to decompile file,
we can get C code of Chall file
We can enter the values to v4[60],
but, the Chall ask us to change v5 value
This is simple BOF Chall
Enter more than 60 bytes to overflow the buffer
We can get the FLAG
End
Hackers Vault / 100pt / 208 Solves
Using IDA to decompile file,
we can get C code of Chall file
Make simple python code to get correct passcode
a = 0
c = 0
tmp = 0
while True:
a = a + 1
print(a)
tmp = a
c = 0
while tmp:
c += int(tmp % 10)
tmp /= 10
print(c)
if int(c) == 48:
print(int(a))
print(int(c))
break
Enter 399999,
We can get the FLAG
End
Programming
Keep Calculating / 25pt / 308 Solves
make python script by given direction
x = 1
y = 2
ans = 0
while True:
if x > 666:
break
ans = ans + ((x*y) + int(str(x)+str(y)))
x = x + 1
print(ans)
We can get the FLAG
FLAG : KCTF{2666664}
End
Time Complexity / 25pt / 261 Solves
Time Complexity of this Algo is θ(n)
FLAG : KCTF{θ(n)}
End
Reverse The Answer / 50pt / 305 Solves
make python script by given direction
x = 1
ans = 0
while True:
if x > 543:
break
cal = (x*(x+1)) + (2*(x+1))
reversed_calc = int(str(cal)[::-1])
if reversed_calc % 4 == 0:
ans = ans + reversed_calc
x += 1
print(ans)
FLAG : KCTF{12252696}
End
Something In Common / 50pt / 355 Solves
make python script by given direction
import math
x = 21525625
y = 30135875
gcd = math.gcd(x, y)
print(gcd)
gcd = str(gcd)
seperation = []
sum = 0
for i in range(len(gcd)):
seperation.append(gcd[i])
for data in seperation:
sum = sum + int(data)
flag = sum * 1234
print(flag)
FLAG : KCTF{24680}
End
Find The Number / 50pt / 328 Solves
make python script by given flowchart
def G_Sum(n):
if n < 0:
return 0
return 1 / (pow(2,n)) + G_Sum(n - 1)
n = 25
print(G_Sum(n))
FLAG : KCTF{1.9999999701976776}
End
Loop In A Loop / 100pt / 303 Solves
This Chall is given under C code
translate to C language and make reverse code
#define _CRT_SECURE_NO_WARNINGS
#include <stdio.h>
#include <string.h>
int main() {
char flag[100] = { 0 };
char x;
puts("Enter\n");
scanf("%s", flag);
printf("%d\n", strlen(flag));
//encrypt
/*
for (int i = 0; i < strlen(flag); i++) {
for (int j = i; j < strlen(flag) - 1; j++) {
char x = flag[j];
flag[j] = flag[j + 1];
flag[j + 1] = x;
}
}
*/
//decrypt
for (int i = 0; i < strlen(flag); i++) {
for (int j = strlen(flag) - 2; j > strlen(flag) - i - 1; j--) {
char x = flag[j];
flag[j] = flag[j + 1];
flag[j + 1] = x;
}
}
for (int i = 0; i < 24; i++)
printf("%c", flag[i]);
if (flag == "CFb5cp0rm1gK{1r4nT_m4}6")
puts("\nCongrats. That's the flag!");
else
puts("\nWrong flag. Bye");
return 0;
}
We can get the FLAG
End
MISC
Unzip Me / 100pt / 293 Solves
This Chall is given unzipme.tar.gz file
after
# tar -xvf unzipme.tar.gz
We can get unzipme file
This file have the FLAG format string
but, it's a little weird
Using Hxd.exe to analyze it
unzipme file have very similar header with .zip file
but, it was reversed each bytes
make simple python script to recover zip file
f = open("./unzipme", "rb")
origin = f.read()
f.close()
flag = []
i = 0
while True:
try:
if i >= len(origin):
break
flag.append(origin[i + 1])
flag.append(origin[i])
i = i + 2
except Exception as e:
print(e)
f = open("./flag.zip", "wb")
for data in origin:
print(hex(data) + " ", end="")
print()
for data in flag:
print(hex(data) + " ", end="")
f.write(bytes(flag))
Now, we got complete zip file
We can get the FLAG by unzip that file
End
Networking
How's the Shark? / 25pt / 355 Solves
This Chall is given one data.pcapng file
First step is Using wireshark to open it,
Export HTTP object list and click "Save All" button to save everything
We can find FLAG in one of the downloaded files
End
'CTFs' 카테고리의 다른 글
| [Real World CTF 4th] review & studies (0) | 2022.01.31 |
|---|---|
| [Real World CTF 4th] write-ups (0) | 2022.01.31 |
| [KnightCTF 2022] review & studies (0) | 2022.01.25 |
| [2020 InCTF] write-ups (0) | 2021.01.17 |
| [2020 SSTF] write-ups (0) | 2021.01.17 |