Cookie Consent by PrivacyPolicies.com

Latest entries | Category CTF


CTF

DarkCTF 2020: Cryptography/haxXor

Cryptography/haxXor

281 points

you either know it or not take this and get your flag

5552415c2b3525105a4657071b3e0b5f494b034515

Solution

I've wrote small python script to solve the challange (it was xor ;-)).

from pwnlib.util.fiddling import xor

flag = bytes.fromhex('5552415c2b3525105a4657071b3e0b5f494b034515')
flag_prefix = b'darkCTF{'
xorstr = xor(flag_prefix, flag[:len(flag_prefix)])
print(xor(flag, xorstr))



darkCTF{kud0s_h4xx0r}

DarkCTF 2020: Rev/strings

Rev/strings

363 points

Description:Just manipulation of couple of strings....
Note: Enclose the final output inside darkCTF{} File

Solution

I used the ghidra to do the initial analysis. Looks like binary takes the input (do nothing with it;)), then calculate some string (I assumed it's a flag) and exit.

Let's try to debug...

gdb ./strings
break _exit
run

Then dumped the memory before program exit.

Ok, let’s examine the memory dump…

Oh?! What’s that? Is it a flag? Bingo! ;-)

darkCTF{wah_howdu_found_me}

DarkCTF 2020: Web/Agent-U

Web/Agent-U

395 points

Agent U stole a database from my company but I don't know which one. Can u help me to find it?

http://agent.darkarmy.xyz/

flag format darkCTF{databasename}

Solution

From the source we can get info, that default credentials are admin/admin.

Site after login shows my user agent, so my first idea was to perform sql injection through my user agent.

After few attempts I ended up finally with below user agent setup ;-)

', extractvalue(rand(),concat(0x3a,(SELECT concat(0x3a,schema_name) FROM information_schema.schemata LIMIT 1,1))), NULL); -- .

BINGO!

darkCTF{ag3nt_u_1s_v3ry_t3l3nt3d}