CyberYoddha CTF: Write up
Web
Look Closely
ソースコードを見るだけ
Disallow
/robots.txt
をみるだけ
Something Sw33t
don't look here
という明らかに怪しいCookieが含まれている。
Cookie: don't look here=.eJyVU2tPwjAU_StLP4tsA9QR90EUxMWRQHQvNdh1d6zYDrOHZiP7746pgUhsoGna5tzTnnNvbtfoKs0YFK0R5pQVLRO4D0mK-mcnKGwg1F-j6yLOIoqlby7qP61RAClJ6HtGV_GGIQW02fz5HPVRTAmgqqqfYHixH_a5Jjuq1cXORHbtntxQY8xhn_pHuaqZB2iDLlB3-aj0HtzaASudzkQhY4P59qMucDFeJZjAESainONY4GGD6k3of9HnXJZDbbMC2Z5DvINcNKu_gwRb_AcJ925BV2mfqu1Lpf2qtLvqIflkEUjijKYKu7GG3rl5m4WmpZWebYVga4qjKhHYBnM67COwtIhwKyQ1RuKZJkh-RsnbEfUuAILfuRkCo8HY6DnqKHZtlgsM3EMM0gDnKV5AcoiFPOJc1PPLwWddE-ZNdVGnGbiodU2cpNFBfUYjKhYN3eVAJoq2Mjt3pUB4WP91utviL1X1BXD8TWE.X4ovdw.rz4sSG_k2heOMf7Cw_C6Kliw7Ms
$ pip3 install flask-unsign
$ flask-unsign --decode --cookie '.eJyVU2tPwjAU_StLP4tsA9QR90EUxMWRQHQvNdh1d6zYDrOHZiP7746pgUhsoGna5tzTnnNvbtfoKs0YFK0R5pQVLRO4D0mK-mcnKGwg1F-j6yLOIoqlby7qP61RAClJ6HtGV_GGIQW02fz5HPVRTAmgqqqfYHixH_a5Jjuq1cXORHbtntxQY8xhn_pHuaqZB2iDLlB3-aj0HtzaASudzkQhY4P59qMucDFeJZjAESainONY4GGD6k3of9HnXJZDbbMC2Z5DvINcNKu_gwRb_AcJ925BV2mfqu1Lpf2qtLvqIflkEUjijKYKu7GG3rl5m4WmpZWebYVga4qjKhHYBnM67COwtIhwKyQ1RuKZJkh-RsnbEfUuAILfuRkCo8HY6DnqKHZtlgsM3EMM0gDnKV5AcoiFPOJc1PPLwWddE-ZNdVGnGbiodU2cpNFBfUYjKhYN3eVAJoq2Mjt3pUB4WP91utviL1X1BXD8TWE.X4ovdw.rz4sSG_k2heOMf7Cw_C6Kliw7Ms' {'Astley-Family-Members': 6, 'family': {'Cynthia Astley': [{'description': {' di': {' b__': 'nice'}}, 'flag': {' di': {' b__': 'bm90X2V4aXN0YW50'}}, 'name': {' di': {' b__': 'Cynthia Astley'}}}, {'description': {' di': {' b__': 'nicee='}}, 'flag': {' di': {' b__': 'YmFzZTY0X2lzX3N1cHJlbWU='}}, 'name': {' di': {' b__': 'Horace Astley'}}}, {'description': {' di': {' b__': 'human'}}, 'flag': {' di': {' b__': 'flag=flag'}}, 'name': {' di': {' b__': 'ùìùúìøûìýøìÿúìþ41/.2/<1/`1/42'}}}, {'description': {' di': {' b__': 'the man'}}, 'flag': {' di': {' b__': 'Q1lDVEZ7MGtfMV9zZWVfeW91X21heWJlX3lvdV9hcmVfc21hcnR9'}}, 'name': {' di': {' b__': 'Rick Astley'}}}, {'description': {' di': {' b__': 'yeedeedeedeeeeee'}}, 'flag': {' di': {' b__': 'dHJ5X2FnYWlu'}}, 'name': {' di': {' b__': 'Lene Bausager'}}}, {'description': {' di': {' b__': 'uhmm'}}, 'flag': {' di': {' b__': 'bjBwZWVlZQ=='}}, 'name': {' di': {' b__': 'Jayne Marsh'}}}, {'description': {' di': {' b__': 'hihi'}}, 'flag': {' di': {' b__': 'bjBfYjB0c19oM3Iz'}}, 'name': {' di': {' b__': 'Emilie Astley'}}}]}}
$ echo -n 'Q1lDVEZ7MGtfMV9zZWVfeW91X21heWJlX3lvdV9hcmVfc21hcnR9' | base64 -d CYCTF{0k_1_see_you_maybe_you_are_smart}
Password Cracking
secure (i think?)
md5
でハッシュ化されてるだけ
Crack the Zip!
$ fcrackzip flag.zip -D -p ./rockyou.txt -u flag.zip PASSWORD FOUND!!!!: pw == not2secure $ unzip flag.zip Archive: flag.zip [flag.zip] flag.txt password: extracting: flag.txt $ cat flag.txt cyctf{y0u_cr@ck3d_th3_z!p...}
Me, Myself, and I
2412f72f0f0213c98c1f9f6065728da4529000e5c3a2e16c4e1379bd3e13ccf543201eec4eb7b400eb5a6c9b774bf0c0eeda44869e08f3a54a0b13109a7644aa