backdoor CTF 2015: NONAME
Category: Exploit Points: 200 Author: Amanpreet Singh Difficulty: Solves: 25 Description:
Intrestingly enough, even though it was not expected, Chintu found a cool website to play with, though he can't get the flag. Can you? Visit this. Submit the SHA-256 hash of the flag obtained.
Gaylord : At first, (str (all-ns)) to get all namespaces. And then (clojure.repl/dir noname.people.admin) to see what inside. There is including flag and secret. Used (noname.people.admin/flag) to get the a half of the flag.
Chuymichxinhdep: However secret is a private variable variable, I used ((noname.people.admin/secret)) to obtain the other half of the flag. Problem solved.
backdoor CTF 2015: QR
Category: Misc Points: 70 Author: Abhay Bir Singh Rana Difficulty: Easy Solves: 84 Description:
Decode some QR codes at nc hack.bckdr.in 8010
chuymichxinhdep:
from subprocess import Popen, PIPE
i = 0
import socket
sock = socket.socket()
sock.connect(("hack.bckdr.in", 8010))
s= sock.recv(1024)
print(s)
while True:
i=i+1
string = ""
s= sock.recv(65535)
data= s.replace("\x20\x20","0").replace("\xe2\x96\x88\xe2\x96\x88","1")
file = open('qr','w')
for line in data.split("\n"):
string = string+line[1:len(line)-1]+"0"*(47-len(line))+"\n"
file.write(string[46:len(string)-1-46])
file.close()
output = Popen(["python", "sqrd.py", "qr"], stdout=PIPE).communicate()[0]
print i, output.strip()
sock.send(output.strip())
Convert the QR to binary only and use Strong QR to decode. After 50 submissions we've got the flag.
backdoor CTF 2015: RAPIDFIRE
Category: Misc Points: 500 Author: Amanpreet Singh Difficulty: TODO Solves: 0 Description:
I am enjoying it really. Are you? nc hack.bckdr.in 8007. Submit the SHA-256 hash of the flag obtained.
Chuymichxinhdep: Just use a brilliant source code from gaylord.
import socket, hashlib, time, requests
from geopy import GoogleV3
import re
import shelve
import omdb
host = '128.199.107.60'
port = 8008
rep_countrycode = False
def fib(n):
i = h = 1
j = k = 0
while (n > 0) :
if (n%2 == 1) : # when n is odd
t = j*h
j = i*h + j*k + t
i = i*k + t
t = h*h
h = 2*k*h + t
k = k*k + t
n = int(n/2)
return j
def get_country(place_name):
gapi = shelve.open('googly_cache', writeback=True)
try:
wat = place_name.encode('base64')
except UnicodeEncodeError:
wat = u' '.join(place_name).encode('utf-8').strip().encode('base64')
if (wat in gapi):
print('[*] Found in shelf')
loc = gapi[wat]
else:
print('[*] Request from GGAPI')
loc = geolocator.geocode(place_name).raw
gapi[wat] = loc
gapi.sync()
gapi.close()
for comp in loc['address_components']:
if 'country' in comp['types']:
if rep_countrycode:
return comp['short_name'] # TODO: not short_name but something else
else:
return comp['long_name']
def get_release(movie_name):
gapi = shelve.open('moviee_cache', writeback=True)
try:
wat = movie_name.encode('base64')
except UnicodeEncodeError:
wat = u' '.join(movie_name).encode('utf-8').strip().encode('base64')
if (wat in gapi):
print('[*] Found in shelf')
loc = gapi[wat]
else:
print('[*] Request from OMDB')
s = omdb.title(movie_name)
loc = s['year']
gapi[wat] = loc
gapi.sync()
gapi.close()
return loc
def read_until(wat):
buf = ''
while not (wat in buf):
buf += sock.recv(1)
return buf
def read_for_fun(sz):
d = ''
while (sz > 0):
tmp = sock.recv(sz)
sz -= len(tmp)
d += tmp
return d
# init connection
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, port))
geolocator = GoogleV3()
pii = requests.get('http://www.angio.net/pi/digits/pi1000000.txt').text
# read & answer
while True:
s = sock.recv(8192)
if ('code is in CAPS' in s): rep_countrycode = True
if (s == ''): sleep(10)
print(s)
n = 'wat'
res = n
if ('sum' in s):
n = int(re.findall(r'first\ (\d+)\ ', s)[0])
if ('odd' in s):
res = n * n
elif ('fibonacci' in s):
res = fib(n+2) - 1
elif ('natural number' in s):
res = (n * (n + 1) // 2)
res = str(res)
elif ('prime' in s):
n = int(re.findall(r'the\ (\d+)(st|nd|rd|th)', s)[0][0]) + 1
n = str(n)
page = requests.get('http://numbersofprime.com/prime/' + n)
res = re.findall(r'
', page.text)[1]
res = res.replace(',', '')
res = res.strip()
elif ('md5' in s):
n = re.findall(r'of\ (.*)\n', s)[0]
res = hashlib.md5(n).hexdigest()
elif ('pi' in s):
n = int(re.findall(r'the\ (\d+)(st|nd|rd|th)', s)[0][0])
res = pii[n+1]
elif ('fibonacci' in s):
n = int(re.findall(r'the\ (\d+)(st|nd|rd|th)', s)[0][0])
res = str(fib(n))
elif ('binary' in s):
n = int(re.findall(r'of\ (\d+)\ in', s)[0])
res = bin(n)[2:]
elif ('country' in s):
n = re.findall(r'of\ (.*)\n', s)[0]
res = get_country(n)
elif ('release year' in s):
n = re.findall(r'of\ (.*)\n', s)[0]
res = get_release(n)
print '[*] n = ', n
print '[*] res = ', res
sock.sendall(res+'\n')
I added pycountry to get the alpha-2 code of country. After 199 submissions we will get the flag. Not a fun challange because of slow server and too many stupid questions.
-chuymichxinhdep.
BabyPhD.
. Nhưng hai anh đều không muốn lộ ra tổng số tiền mình có cho nhau biết. Do đó mới nảy sinh bài toàn chứng minh bất đẳng thức A ≥ B mà không lộ thông tin nào của A và B cho bất cứ ai, kể cả 2 anh Bin và anh Jobs. Giải quyết xong bài toàn này đã mở ra một kỷ nguyên mới cho bảo mật thông tin đặc biệt là thương mai điện tử, data mining khi muốn so sánh các giá trị, tính toán cộng trừ nhân chia mà vẫn bảo vệ được thông tin mật như số tiền, tổng tiền trong tài khoản khách hàng, thông tin nhân khẩu học v.v.
