Pragyan CTF 2017

[Pragyan CTF] Evil Corp

Standard

Description:

fsociety has launched another attack at Evil Corp. However, Evil Corp has decided to encrypt the .dat file with a CBC cipher. Reports reveal that it is not AES and the key is relatively simple, but the IV might be long. And remember, fsociety and evilcorp are closely linked.

Hint! Snakes serve the fsociety. Hmmm.

Hint! fsociety and evilcorp are too close, even 16 characters long together. Damn

fsociety_new.dat

This challenge was tricky for lot of people, the riddle was hiding in the questions itself. The challenge doesn’t require high skills, just understanding the meaning behind the words and hints.

From the question we know it’s a CBC cipher, but which? I got it just after the first hint was released, something to do with snakes. hmm… Serpent! Serpent is another term for Snake, and there’s Serpent-CBC cipher.

What about the IV? We know several things about the IV:

  1. The length of Serpent-CBC IV must be 32 bytes,
    2. Most of the Serpent decrypters are taking the IV as hex sequence
    3. in the question: “but the IV might be long”
    4. in the Hint: “even 16 characters long together…fsociety and evilcorp are closely linked”.

So, this made me believe that the IV is “fsocietyevilcorp” because `len(hex(“fsocietyevilcorp”))==32`.

So we now know the algorithm and the IV, what is the Key? The question says “the key is relatively simple”. So I tried online with some simple and “obvious” keys until I recognize a valid header of file and found that the key was “fsociety“.

We got a leet JPEG image with the flag:

The flag was pragyanctf{hellofriend}

megabeets_inline_logoEat Veggies

[Pragyan CTF] Supreme Leader

Standard

Description:

North Korea reportedly has a bioweapon in the making. Hack into their database and steal it.

Link : http://139.59.62.216/supreme_leader

For the second web challenge we’re given with a URL, lets open it.

Cute Kim 🙂

Now let’d dump the headers of the response using curl:

Megabeets$ curl -D - http://139.59.62.216/supreme_leader/
HTTP/1.1 200 OK
Date: Sun, 05 Mar 2017 08:47:14 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.20
Set-Cookie: KimJongUn=2541d938b0a58946090d7abdde0d3890_b8e2e0e422cae4838fb788c891afb44f; expires=Sun, 05-Mar-2017 08:47:24 GMT; Max-Age=10
Set-Cookie: KimJongUn=TooLateNukesGone; expires=Sun, 05-Mar-2017 08:47:25 GMT; Max-Age=10
Vary: Accept-Encoding
Content-Length: 1117
Content-Type: text/html

 

We can see an interesting cookie:  KimJongUn=2541d938b0a58946090d7abdde0d3890_b8e2e0e422cae4838fb788c891afb44f. The value of the cookie is looking like 2 MD5 hashes combined with “_”. Let’s try to crack them online using my favorite site.

That’s it! Here is the flag: pragyanctf{send_nukes}

megabeets_inline_logoEat Veggies

[Pragyan CTF] Answer To Everything

Standard

Description:

Shal has got a binary. It contains the name of a wise man and his flag. He is unable to solve it.

Submit the flag to unlock the secrets of the universe.

main.exe

In this challenge we have a binary, I ran file command on it:

Megabeets$ file ./main.exe
main.exe: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=4b9b47b7eac612e0c367f0e3a9878eb1f09b841d, not stripped
root:/mnt/d/

 

Haha, weird. It is actually an ELF file and not exe. Lets execute the binary and give it the answer to everything (’42’) as an input:

Megabeets$ ./main.exe
Gimme: 42
Cipher from Bill
Submit without any tags
#kdudpeh

At first I though that “#kdudpeh” is the flag but it isn’t, neither “kdudpeh”. The name of the person in the question is Shal, looking like SHA1, and the binary says “submit without any tags”, so “hashtagkdudpeh” without the tag is just “hashkdudpeh”. So I tried to submit the result of SHA1(“kdudpeh”) as answer but failed again. Then I tried Caesar cipher on “kdudpeh” and find “harambe”.

So I again tried submit the flag, this time with Sha1(“harabe”).

The flag was pragyanctf{31a0d851ea10ad886ad4e99ed05892de06998ab9} which is SHA1("harambe")

 

megabeets_inline_logoEat Veggies

[Pragyan CTF] Interstellar

Standard

Description:

Forensics 150 pts

Dr. Cooper, on another one of his endless journeys encounter a mysterious planet . However when he tried to land on it, the ship gave way and he was left stranded on the planet . Desperate for help, he relays a message to the mothership containing the details of the people with him . Their HyperPhotonic transmission is 10 times the speed of light, so there is no delay in the message . However, a few photons and magnetic particles interefered with the transmission, causing it to become as shown in the picture . Can you help the scientists on the mothership get back the original image?

transmission.png

We are given with a photo, I opened it in Photoshop and saw that parts of it are transparent.

 

I grabbed Python and removed the Alpha layer from the image. The Alpha layer controls pixels’ transparency.

from PIL import Image
Image.open('transmission.png').convert('RGB').save('output.png')

We got the result with the flag:

 

The flag was pragyanctf{Cooper_Brand}

megabeets_inline_logoEat Veggies

[Pragyan CTF] Game of Fame

Standard

Description:

p xasc. a zdmik qtng. yiy uist. easc os iye iq trmkbumk. gwv wolnrg kaqcs vi rlr.

Hint! Robert Sedgewick

To be honest, this challenge was pretty simple. I decrypted the text using online Vigenere cipher decrypter, which is the first cipher I try in suchcases, just after Caesar cipher.

The key was “pragyan” and the result was: “a game. a movie star. his wife. name of the cs textbook. the winner takes it all.”

I then used the hint about Robert Sedgewick, which is a famous computer science professor at Princeton University. I found that the flag is his CS textbook title.

The flag was pragyanctf{algorithms}.

megabeets_inline_logoEat Veggies