Read full post
Tears dripped from my face as I stood over the bathroom sink. Exposed again! The tears melted into thoughts, and an idea formed in my head. This will surely keep my secrets safe, once and for all. I crept back to my computer and began to type.
Read full post
Primes are fun, don’t google translate me bro
You might be cool, but are you 5 popped shells cool? Service: nc polyshell-01.play.midnightsunctf.se 30000 Hint: The syscalls should be made using standard Linux syscall calling convention
Read full post
We made a ZK protocol with a bit of HFS-flair to it!
Correction of description, prover does not take a string, but a polynomial
Challenge was available at https://drive.google.com/open?id=17DOV0-3_TH3YPbMRSXpxugiHvHeTDQnn (password: wctf2018, SHA1 HASH: 7efe988b1f9fe283e4f3d9bd073d1a97a93f51ee).
Read full post
Description: Encrypted message for user "admin": <<<320881698662242726122152659576060496538921409976895582875089953705144841691963343665651276480485795667557825130432466455684921314043200553005547236066163215094843668681362420498455007509549517213285453773102481574390864574950259479765662844102553652977000035769295606566722752949297781646289262341623549414376262470908749643200171565760656987980763971637167709961003784180963669498213369651680678149962512216448400681654410536708661206594836597126012192813519797526082082969616915806299114666037943718435644796668877715954887614703727461595073689441920573791980162741306838415524808171520369350830683150672985523901>>> admin public key: n = 483901264006946269405283937218262944021205510033824140430120406965422208942781742610300462772237450489835092525764447026827915305166372385721345243437217652055280011968958645513779764522873874876168998429546523181404652757474147967518856439439314619402447703345139460317764743055227009595477949315591334102623664616616842043021518775210997349987012692811620258928276654394316710846752732008480088149395145019159397592415637014390713798032125010969597335893399022114906679996982147566245244212524824346645297637425927685406944205604775116409108280942928854694743108774892001745535921521172975113294131711065606768927 e = 65537 Service: http://220.127.116.11
Organize those rectangular things that take physical space!
A website is given along with its source where you can create an account and add books with some metadata.Read full post
You discover this cat enthusiast chat app, but the annoying thing about it is that you’re always banned when you start talking about dogs. Maybe if you would somehow get to know the admin’s password, you could fix that.
We are given a chat website. When entering it we are redirected to a random room and are greeted by a message.Read full post
This crypto experiment will help you decrypt an RSA encrypted message.
(Attachment containing challenge.py, flag.txt, key_pub.pem)
nc perfect-secrecy.ctfcompetition.com 1337
Looking at the description and the given files we can guess, that
flag.txt is the flag encrypted with RSA under
key_pub.pem, which turns out to be correct.
Furthermore we can guess that
challenge.py is running on the server, which is also correct.
It seems our goal is to use the server to decrypt the flag for us.Read full post
To get things started, I ran the apk in Anbox. We are greeted by a Tic-Tac-Toe implementation. Now from the challenge we know that we have to win the game 1 million times to get the flag. Being an avid gamer, I took this challenge and just went on a 1 million games winning streak, thanks for reading this Write-Up.
Jokes aside, this would not be a challenge, as the used AI seems to play really random, so we basically win after 3 turns anyway. So lets get us a real challenge.Read full post
We receive the following info:
Building the future web, together. http://amp.2018.teamrois.cn
After loading the page we are presented with:Read full post
./smcauth verify --secret aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa --netlist smcauth_syn.v [--listen ip:port]
./smcauth auth --secret aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa --netlist smcauth_syn.v [--verifier ip:port]
The client tells us whether the secret was "correct", or rather whether the circuit specified by
evaluates to true, taking the client's and server's secret as input.
May 14 13:31:42.775 INFO authentication successful May 14 13:31:57.274 WARN authentication failed
At this point, it is pretty obvious that we need to obtain the server's secret.Read full post
First a disclaimer, we did not actually solve this challenge during the competition, but the servers were left running…
A server is provided:
nc 18.104.22.168 22555
It greets us with the following text:
|-------------------------------------| | Welcome to the Yunnyit crypto task! | |-------------------------------------| | Options: | | [M]ixed encryption function of FLAG | | [D]ecrypting cipher | | [E]ncryption & decryption function | | [F]LAG encrypting... | | [Q]uit | |-------------------------------------| Submit a printable string X, such that sha256(X)[-6:] = 92730d