[H4CK1T 2016] Belarus – Electronicon Writeup

Standard

Description:

Belarus – Electronicon – PPC – 250 pts
EN: This task is one of the methods for the psychological attacks. It is intended for people who don’t have heart diseases and reached 18 years 😉

h4ck1t{flag.upper()}

paint.txt

As the attached file says, it was real pain. I opened the file in the browser and saw this horrible thing:

h4ck1t_belarus_1

Looks bad and it crashed my browser. This text file was too big for it to handle. So I opened it on Notepad++ and it was’t any better:

h4ck1t_belarus_2

Still terrifying and it was heavy for notepad++ also. But this time something catched my eye. Look at the rows panel on the left, it says only 1 line. Let’s cancel word wrap (View > Word wrap) and check what it is:

h4ck1t_belarus_3

Aah ah! It was a HUGE ascii-art. How huge? 11 rows of 1830661 chars each! It’s a long hex string. So now we need to parse it. I tried using this module but without any success so I decided to go for the hard way. I parsed it myself.

First, I edited the file in order to make it easy for me to parse it. I wanted that every char will be in it’s own line. I wrote a script to separate the characters:

Now let’s open the edited file with EmEditor that is capable of open large files and see how our file is looking like:

h4ck1t_belarus_4

Good! Looks exactly like I wanted! Now in order to parse it we need to tell the code how every letter or digit is looking like so I started to define variable for each letter or digit with the matching ascii-art. It was something like that:

I took the long hex-string and paste in hex editor. It was this photo:h4ck1t_belarus_5

Well, that’s it. We got the flag and we now can rest in peace.

Flag: h4ck1t{1_L0V3_3P1C_F0NT$}

[H4CK1T 2016] HellMath – Mongolia Writeup

Standard

Description:

HellMath – Mongolia – 100 – PPC – NEW

EN: Somebody thinks that you are able to calculate well. Is it true? Pass this task, prove the abilities and maybe we will recommend you to one of the most secret missions in this war.

# nc ctf.com.ua 9988 #

This one was a tricky question. Sometime we tend to think too complicated that we forget the basics of the basics.

Let’s begin. We are given with a netcat command. Let’s run it and see what will happen:

Well, We are given with a number C and we need to find numbers A and B that A^B (Power, not XOR) gives C.

At the beginning I tried to find algorithms online, “Such algorithms must exist!” I thought to myself. I found nothing and gave up for the day because it was late and I wanted to sleep. I was in my bed while message a friend the question and he simply answered:
“Did you tried 1?”
– “What 1?”
 “You know, every number power 1 equals the number” (i.e C = C^1)
– “OMG! It is so simple! You are the smartest person on earth!”

 

So I ran to my computer and wrote this short python script that gave me the flag:

Flag: h4ck1t{R4ND0M_1S_MY_F4V0UR1T3_W34P0N}

 

[H4CK1T 2016] Hex0gator – Paraguay Writeup

Standard

Description:

EN: All Experts of The Silver Shield Project can’t decipher the intercepted data. Who knows, maybe you can do it?
100_00edb54bed7e46bd5cdb7c06059881c2

 

In this PPC 250 pts challenge we got only one file. Let’s run File command on it to determine it’s type.

 

This is a zip file which contains another folder within. The folder contains a file named ‘99‘. Let’s extract it and figure out it’s type:

99 is also a zip file, and inside it has another zip, and another zip… well, I see where it going to. I wrote a simple Powershell script to extract all the archives using the ultimate archive manipulator – 7-zip.

Now let’s run it:

 

[CSAW 2016] Regexpire Writeup

Standard

Description:

I thought I found a perfect match but she ended up being my regEx girlfriend.

nc misc.chal.csaw.io 8001

It wasn’t so hard, I asked google for the best way to generate matched string to a given pattern and wrote the following script. The only headache was when my generator used newlines (“\n”) so I removed them.

And after 1000 tests we got the flag: flag{^regularly_express_yourself$}

[CSAW 2016] Coinslot Writeup

Standard

Description:

#Hope #Change #Obama2008

nc misc.chal.csaw.io 8000

Let’s connect to the server and see what will happen:

So, the server is displaying a wanted amount of money and we need to calculate the number of bills and coins given the amount. All we need is writing a simple python script and a coffee break because it will take about 10 minutes for the flag to come up 🙁

 

The flag is: flag{started-from-the-bottom-now-my-whole-team-fucking-here}