kanyewest CTF

勉強したことをメモしています。

CyberYoddha CTF: Write up

CTF

Web

Look Closely

ソースコードを見るだけ

Disallow

/robots.txtをみるだけ

Something Sw33t

don't look hereという明らかに怪しいCookieが含まれている。

Cookie: don't look here=.eJyVU2tPwjAU_StLP4tsA9QR90EUxMWRQHQvNdh1d6zYDrOHZiP7746pgUhsoGna5tzTnnNvbtfoKs0YFK0R5pQVLRO4D0mK-mcnKGwg1F-j6yLOIoqlby7qP61RAClJ6HtGV_GGIQW02fz5HPVRTAmgqqqfYHixH_a5Jjuq1cXORHbtntxQY8xhn_pHuaqZB2iDLlB3-aj0HtzaASudzkQhY4P59qMucDFeJZjAESainONY4GGD6k3of9HnXJZDbbMC2Z5DvINcNKu_gwRb_AcJ925BV2mfqu1Lpf2qtLvqIflkEUjijKYKu7GG3rl5m4WmpZWebYVga4qjKhHYBnM67COwtIhwKyQ1RuKZJkh-RsnbEfUuAILfuRkCo8HY6DnqKHZtlgsM3EMM0gDnKV5AcoiFPOJc1PPLwWddE-ZNdVGnGbiodU2cpNFBfUYjKhYN3eVAJoq2Mjt3pUB4WP91utviL1X1BXD8TWE.X4ovdw.rz4sSG_k2heOMf7Cw_C6Kliw7Ms
$ pip3 install flask-unsign
$ flask-unsign --decode --cookie '.eJyVU2tPwjAU_StLP4tsA9QR90EUxMWRQHQvNdh1d6zYDrOHZiP7746pgUhsoGna5tzTnnNvbtfoKs0YFK0R5pQVLRO4D0mK-mcnKGwg1F-j6yLOIoqlby7qP61RAClJ6HtGV_GGIQW02fz5HPVRTAmgqqqfYHixH_a5Jjuq1cXORHbtntxQY8xhn_pHuaqZB2iDLlB3-aj0HtzaASudzkQhY4P59qMucDFeJZjAESainONY4GGD6k3of9HnXJZDbbMC2Z5DvINcNKu_gwRb_AcJ925BV2mfqu1Lpf2qtLvqIflkEUjijKYKu7GG3rl5m4WmpZWebYVga4qjKhHYBnM67COwtIhwKyQ1RuKZJkh-RsnbEfUuAILfuRkCo8HY6DnqKHZtlgsM3EMM0gDnKV5AcoiFPOJc1PPLwWddE-ZNdVGnGbiodU2cpNFBfUYjKhYN3eVAJoq2Mjt3pUB4WP91utviL1X1BXD8TWE.X4ovdw.rz4sSG_k2heOMf7Cw_C6Kliw7Ms'
{'Astley-Family-Members': 6, 'family': {'Cynthia Astley': [{'description': {' di': {' b__': 'nice'}}, 'flag': {' di': {' b__': 'bm90X2V4aXN0YW50'}}, 'name': {' di': {' b__': 'Cynthia Astley'}}}, {'description': {' di': {' b__': 'nicee='}}, 'flag': {' di': {' b__': 'YmFzZTY0X2lzX3N1cHJlbWU='}}, 'name': {' di': {' b__': 'Horace Astley'}}}, {'description': {' di': {' b__': 'human'}}, 'flag': {' di': {' b__': 'flag=flag'}}, 'name': {' di': {' b__': 'ùìùúìøûìýøìÿúìþ41/.2/<1/`1/42'}}}, {'description': {' di': {' b__': 'the man'}}, 'flag': {' di': {' b__': 'Q1lDVEZ7MGtfMV9zZWVfeW91X21heWJlX3lvdV9hcmVfc21hcnR9'}}, 'name': {' di': {' b__': 'Rick Astley'}}}, {'description': {' di': {' b__': 'yeedeedeedeeeeee'}}, 'flag': {' di': {' b__': 'dHJ5X2FnYWlu'}}, 'name': {' di': {' b__': 'Lene Bausager'}}}, {'description': {' di': {' b__': 'uhmm'}}, 'flag': {' di': {' b__': 'bjBwZWVlZQ=='}}, 'name': {' di': {' b__': 'Jayne Marsh'}}}, {'description': {' di': {' b__': 'hihi'}}, 'flag': {' di': {' b__': 'bjBfYjB0c19oM3Iz'}}, 'name': {' di': {' b__': 'Emilie Astley'}}}]}}
$ echo -n 'Q1lDVEZ7MGtfMV9zZWVfeW91X21heWJlX3lvdV9hcmVfc21hcnR9' | base64 -d
CYCTF{0k_1_see_you_maybe_you_are_smart}

Password Cracking

secure (i think?)

md5でハッシュ化されてるだけ

Crack the Zip!

$ fcrackzip flag.zip -D -p ./rockyou.txt -u flag.zip

PASSWORD FOUND!!!!: pw == not2secure
$ unzip flag.zip
Archive:  flag.zip
[flag.zip] flag.txt password:
 extracting: flag.txt
$ cat flag.txt
cyctf{y0u_cr@ck3d_th3_z!p...}

Me, Myself, and I

2412f72f0f0213c98c1f9f6065728da4529000e5c3a2e16c4e1379bd3e13ccf543201eec4eb7b400eb5a6c9b774bf0c0eeda44869e08f3a54a0b13109a7644aa

f:id:tekashi:20201031122125p:plain