Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
ctf_mssis_ctf [2018/05/13 12:11] M0N5T3R [challenge de stegano] |
ctf_mssis_ctf [2018/05/14 10:44] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 85: | Ligne 85: | ||
test_level2() | test_level2() | ||
</file> | </file> | ||
- | |||
====== challenge de stegano ====== | ====== challenge de stegano ====== | ||
- | Il falait trouver un fichier caché dans une image. | + | Il fallait trouver un fichier caché dans l'image ci dessous. |
- | Juste rentrer ca :p et on avait le flag | + | Juste rentrer cette commande :p et on a le flag : binwalk --dd='.*' special-k.png |
+ | |||
+ | |||
+ | |||
+ | {{:challenge_stegano_ctf_mssis_special-k.png|}} | ||
+ | |||
+ | |||
+ | ====== serial ====== | ||
+ | |||
+ | trouver des serials qui respectent le code py suivant | ||
+ | |||
+ | <file python serial.py> | ||
+ | import random, string | ||
+ | |||
+ | def are_same(serial): | ||
+ | if (serial[0] != serial[1] and | ||
+ | serial[1] != serial[2] and | ||
+ | serial[0] != serial[2]): | ||
+ | return False | ||
+ | return True | ||
+ | |||
+ | def check_serial(serial): | ||
+ | try: | ||
+ | serials = serial.split('-') | ||
+ | except: | ||
+ | return False | ||
+ | if len(serials) != 3: | ||
+ | return False | ||
+ | try: | ||
+ | |||
+ | X = [ord(a) for a in list(serials[0])] | ||
+ | Y = [ord(a) for a in list(serials[1])] | ||
+ | Z = int(serials[2]) | ||
+ | except ValueError: | ||
+ | return False | ||
+ | except: | ||
+ | return False | ||
+ | |||
+ | if not len(X) == 3 or not len(Y) == 3: | ||
+ | return False | ||
+ | |||
+ | for a in X+Y: | ||
+ | #print(a) | ||
+ | # => MAJ | ||
+ | if a < 65 or a > 90: | ||
+ | return False | ||
+ | |||
+ | |||
+ | if are_same(X) or are_same(Y): | ||
+ | return False | ||
+ | |||
+ | if X[1] + 10 > X[2]: | ||
+ | return False | ||
+ | |||
+ | if Y[1] - 10 < Y[2]: | ||
+ | return False | ||
+ | sum1 = X[0] + X[1] + X[2] | ||
+ | sum2 = Y[0] + Y[1] + Y[2] | ||
+ | if sum1 == sum2: | ||
+ | return False | ||
+ | if sum1+sum2 != Z: | ||
+ | return False | ||
+ | if Z % 3 != 0: | ||
+ | return False | ||
+ | return True | ||
+ | |||
+ | </file> | ||
+ | |||
+ | au lieu de chercher à la main des valeurs j'ai bruteforcer avec ce code | ||
+ | |||
+ | <file python> | ||
+ | while 1: | ||
+ | x=''.join(random.choice(string.ascii_uppercase) for _ in range(3)) | ||
+ | y=''.join(random.choice(string.ascii_uppercase) for _ in range(3)) | ||
+ | z=''.join(random.choice(string.digits) for _ in range(3)) | ||
+ | |||
+ | s="%s-%s-%s"%(x,y,z) | ||
+ | print s | ||
+ | if check_serial(s): | ||
+ | print s | ||
+ | break | ||
+ | exit() | ||
+ | </file> | ||
+ | |||
+ | exemple de flag DGR-GVH-450 | ||
+ | |||
+ | |||
+ | ====== deeper ====== | ||
+ | |||
+ | une archive zip qui a un zip qui a un zip .... avec des pass :/ | ||
+ | |||
+ | |||
+ | code bash pour automatiser la tâche | ||
+ | |||
+ | <file bash run.sh> | ||
+ | #!/bin/bash | ||
+ | |||
+ | # $1 le nom du zip passé en arg | ||
+ | file=$1 | ||
+ | test=true | ||
+ | count=1 | ||
+ | |||
+ | while $test; do | ||
+ | echo "test $count : $file" | ||
+ | file $file | grep 'Zip' | ||
+ | if [ "$?" -eq "0" ]; then | ||
+ | echo "ZIP ok" | ||
+ | r=$(fcrackzip -D -u -p /usr/share/wordlists/rockyou.txt $file) | ||
+ | pass=$(echo $r | awk -F"== " '{print $2}') | ||
+ | echo "pass is : $pass" | ||
+ | file=$(unzip -P "$pass" $file | grep -E 'extracting|inflating' | awk -F": " '{print $2}') | ||
+ | echo "new file [$file]" | ||
+ | count=$(($count+1)) | ||
+ | else | ||
+ | |||
+ | test=false | ||
+ | fi | ||
+ | done | ||
- | binwalk --dd='.*' special-k.png | + | </file> |
+ | output | ||
+ | <file> | ||
+ | root@kali:~/deeper# ./run.sh 8KLifFpoUdbxXB5noGIG.zip.start | ||
+ | test 1 : 8KLifFpoUdbxXB5noGIG.zip.start | ||
+ | 8KLifFpoUdbxXB5noGIG.zip.start: Zip archive data, at least v2.0 to extract | ||
+ | ZIP ok | ||
+ | pass is : AC020307 | ||
+ | new file [6TF2INzK1as0vC4hmGVW.zip ] | ||
+ | test 2 : 6TF2INzK1as0vC4hmGVW.zip | ||
+ | 6TF2INzK1as0vC4hmGVW.zip: Zip archive data, at least v2.0 to extract | ||
+ | ZIP ok | ||
+ | pass is : tiagia4 | ||
+ | new file [BYJrsoCOfTlWehfvNoBU.zip ] | ||
+ | test 3 : BYJrsoCOfTlWehfvNoBU.zip | ||
+ | BYJrsoCOfTlWehfvNoBU.zip: Zip archive data, at least v2.0 to extract | ||
+ | ZIP ok | ||
+ | pass is : jesipato | ||
+ | new file [uBKIeGWEztQN7FwsSr6b.zip ] | ||
+ | test 4 : uBKIeGWEztQN7FwsSr6b.zip | ||
+ | uBKIeGWEztQN7FwsSr6b.zip: Zip archive data, at least v2.0 to extract | ||
+ | ZIP ok | ||
+ | pass is : benk2007benk | ||
+ | new file [exhNdH5BI2Hr0lV99EEs.zip ] | ||
+ | test 5 : exhNdH5BI2Hr0lV99EEs.zip | ||
+ | exhNdH5BI2Hr0lV99EEs.zip: Zip archive data, at least v2.0 to extract | ||
+ | ZIP ok | ||
+ | pass is : 02456035 | ||
+ | ... | ||
- | {{:challenge_stegano_ctf_mssis_special-k.png?200|}} | + | </file> |