Ugh, another RSA problem? Help me decrypt this message please
In this RSA problems we were given n, e, c and 2d+phi, this is quite unusual.
Here is a little remainder about RSA which was the key to break this challenge :
(2d+ϕ(n))⋅e ≡ 2(modϕ(n))
(2d+ϕ(n))⋅e−2 is a multiple of ϕ(n)
Since we have a multiple of ϕ(n) we can simplify it as ϕ(n) and then compute d with e and ϕ(n). With d it’s easy to decrypt the message.
Fumblr is a Tumblr like website where you can post some texts to the worldwide web.
register
login
write a post
send an url to the admin
First we can identify an XSS in the “writing section”, since we know there is an admin , we tried to get his cookies.
Unfortunately CSP was correctly enabled and blocked every requests to an external website.
The website allows us to display a post as a raw like pastebin : https://pastebin.com/raw/xWpw2iKW. This feature became handy to bypass the CSP, since it was hosted on the same website (alert payload: http://c1.easyctf.com:12491/blog/toto/5a8aaf69c412df2a0001260b). Then you need to include the script file in the XSS area, a simple <script src=http://c1.easyctf.com:12491/blog/toto/5a8aaf69c412df2a0001260b></script> is enough.
The attack chain would be the following :
Signup
Create a post with an evil JS in the body and a JS comment in the title
Get the URL of the raw post e.g: http://c1.easyctf.com:12491/blog/toto/5a8aaf88c412df2a0001260f/raw
Create another post with a <script src=[URL OF THE RAW]></script>
Finally send the URL to the administrator
Any user (registered or not) could view the public post of everyone with http://c1.easyctf.com:12491/blog/[USERNAME]. By visiting the admin post, we get an information about the flag location : it’s in a hidden post. Because of the CSP we can’t exfiltrate the admin cookies, but we can force him to login to a specific account and write a post with the content of his index.html, this will leak the address of the post containing the flag.
My first payload didn’t worked as expected because the admin wasn’t allowed to write a post as someone else..
varxhr=newXMLHttpRequest();xhr.open("GET","http://c1.easyctf.com:12491/blog/admin",true);xhr.onreadystatechange=function(){// Extract flag id and csrfflag_id=/[a-f0-9]{24}/.exec(xhr.responseText);csrf=xhr.responseText.match('csrf" value="(.*)?"')[1]varform=newXMLHttpRequest();form.open("POST","http://c1.easyctf.com:12491/create-post",false);form.setRequestHeader("Content-Type","application/x-www-form-urlencoded");form.send("title=FLAG&body="+flag_id+"&_csrf="+csrf);};xhr.send(null);
Then I tried to enumerate the users with a wordlist {user, toto, titi, password, root, toor, …} in order to see their public posts, and find the missing part of my payload.
This problem is so easy, it can be solved in a matter of seconds. Connect to c1.easyctf.com:12482.
This was a simple timing attack on the service c1.easyctf.com:12482. However extracting the 26 characters took a really long time… The first delay was 1 second and then was incremented by 1 for every correct characters, when you’re trying to get the last characters it took around 25 seconds a try :(
description: I heard you liked zip codes! Connect via nc c1.easyctf.com 12483 to prove your zip code knowledge.
category: Miscellaneous
When we start the connection with the server (nc c1.easyctf.com 12483), it displays this message:
Welcome to Zippy! We love US zip codes, so we’ll be asking you some simple facts about them, based on the 2010 Census. Only the brightest zip-code fanatics among you will be able to succeed! You’ll have 30 seconds to answer 50 questions correctly
First thing to do: determine how many type of questions the program can ask.
So after repeating the connection several times, I figured out every type of questions:
“What is the land area (m^2) of the zip code “ + zipcode + “?”
“What is the water area (m^2) of the zip code “ + zipcode + “?”
“What is the latitude (degrees) of the zip code “ + zipcode + “?”
“What is the longitude (degrees) of the zip code “ + zipcode + “?”
Now let’s try to get the database from 2010 Census because the program expects to receive those values.
Somehow I ended up on this page: http://proximityone.com/cen2010_zcta_dp.htm.
It contains all the data we need. After looking at the javascript of the page, I ran a JS command on the website to list the needed infos:
Now we put this output on a file (zipcode.txt) and we will make the connection with the server using python and socket. To parse the question we will use regex:
importsocketimportre# Will send the responsedefsendResponse(arg):zipcode=re.findall(regex,tmp)foriincontent:test=i.split('/')iftest[0]==zipcode[0]:response=test[arg].rstrip()breakprintresponses.send(response+'\n')regex=r"zip code (.*)\?"response=""HOST='c1.easyctf.com'PORT=12483# Lets load the file data before starting the connectionwithopen("zipcode.txt","r")asf:content=f.readlines()s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect((HOST,PORT))tmp="Starting . . ."# Main loop, will we get an answer, we keep parsing itwhiletmp:tmp=s.recv(1024)printtmpif"land area"intmp:sendResponse(1)if"water area"intmp:sendResponse(2)if"latitude"intmp:sendResponse(3)if"longitude"intmp:sendResponse(4)
We have the flag ! easyctf{hope_you_liked_parsing_tsvs!}
description: We had a flag, but lost it in a mess of alphabet soup! Can you help us find it? Connect to the server via nc c1.easyctf.com 12484.
hint: I love parsing characters!
category: Reverse Engineering
Okay, There is the source code in python:
#!/usr/bin/env python3frombinasciiimportunhexlifyassOupfromoperatorimportattrgetterassouPME_FLAGE='<censored>'SoUp=inputsoUP=hexsOUp=printsOuP=ordSOuP=opendefSoUP(sOUP):soup=0whilesOUP!=0:soup=(soup*10)+(sOUP%10)sOUP//=10returnsoupdefSOup(sOUP):soup=0forsoUpinsOUP:soup*=10soup+=sOuP(soUp)-sOuP('0')returnsoupdefSOUP():Soup=SoUp()[:7]print(Soup)ifnotsouP('isdigit')(Soup)():sOUp("that's not a number lol")returnsoup=SoUP(SOup(Soup))SouP=souP('zfill')(soUP(soup)[2:])(8)[-8:]ifsOup(SouP)==souP('encode')('s0up')():sOUp("oh yay it's a flag!",ME_FLAGE)else:sOUp('oh noes rip u')if__name__=='__main__':SOUP()
Okay let’s first deobfuscate this SoupCode:
frombinasciiimportunhexlify,hexlifyfromoperatorimportattrgetterME_FLAGE='<censored>'defthird(param):soup=0whileparam!=0:soup=(soup*10)+(param%10)param//=10returnsoupdefsecond(param):soup=0forsoUpinparam:soup*=10soup+=ord(soUp)-ord('0')returnsoupdefprincipal(a):Soup=a[:7]ifnotattrgetter('isdigit')(Soup)():print("that's not a number lol")returnsoup=third(second(Soup))SouP=attrgetter('zfill')(hex(soup)[2:])(8)[-8:]ifunhexlify(SouP)==attrgetter('encode')('s0up')():print("oh yay it's a flag!",ME_FLAGE)exit(0)else:pass
Alright so the principal method, will take the first 7 digits. Then the method second() will convert it to an int and the method third() will invert all digits (123 -> 321).
The goal is to enter in the if unhexlify(SouP) == attrgetter('encode')('s0up')():
We have:
attrgetter('encode')('s0up')()='S0up'
And we want:
unhexlify(SouP)='s0up'
So, reversing it:
SouP=hexlify('s0up')=73307570
Just before we have:
SouP=attrgetter('zfill')(hex(soup)[2:])(8)[-8:]
This is only a conversion to hexa, and we want it to be egal to 73307570:
0x73307570=1932555632
then soup = 1932555632
The program call second() and third() so all we have to do is to reverse this number:
soup=third(second(Soup))
We have Soup = 2365552391
The first line of the method limit our entry to 7 digits:
Soup=a[:7]
At this point you can try with the maximum ‘legit’ entry (9999999), u won’t be able to reach 2365552391…
Okay first I commented the code with the values we would like to get:
defprincipal(a):Soup=a[:7]#impossibleifnotattrgetter('isdigit')(Soup)():#print("that's not a number lol")return#Soup = "2365552391" # this to winsoup=third(second(Soup))print(soup)#soup = 1932555632 # this to winSouP=attrgetter('zfill')(hex(soup)[2:])(8)[-8:]#SouP = "73307570" # this to winifunhexlify(SouP)==attrgetter('encode')('s0up')():# we want SouP = 73307570print(Soup)print("oh yay it's a flag!",ME_FLAGE)exit(0)else:pass
As u can see in the hint, there is characters that are interpreted as digit. let try to list some of them:
0 1 2 3 4 5 6 7 8 9 ² ³ ¹ ٠ ١ ٢ ٣ ٤ ٥ ٦ ٧ ٨ ٩ ۰ ۱ ۲ ۳ ۴ ۵ ۶ ۷ ۸ ۹ ߀ ߁ ߂ ߃ ߄ ߅ ߆ ߇ ߈ ߉ ० १ २ ३ ४ ५ ६ ७ ८ ९
Now let’s see what is the value for one os this entry:
defprincipal(a):Soup=a[:7]#impossibleifnotattrgetter('isdigit')(Soup)():returnsoup=third(second(Soup))print(soup)#soup = 1932555632 # this to winprincipal('߉')# -> 5491principal('߉111')# -> 1115491principal('߉789')# -> 9875491
Alright, as we can see, all numbers added after the special char will be before it after the second() and third() methods.
So we want something like (weird_char + 552391) in entry and that weird_char = 5632
Let’s brute force those values and see if the weird_char = 5632 exists:
defprincipal(a):Soup=a[:7]ifnotattrgetter('isdigit')(Soup)():returnsoup=third(second(Soup))ifsoup==5632:print(a)exit(0)foriinrange(10000):principal(chr(i))# -> ७
Nice ! the ७ should make us win this challenge !
Lets try it directly on the server =)
nc c1.easyctf.com 12484
७552391
oh yay it’s a flag! easyctf{S0up_soup_soUP_sOuP_s0UP_S0up_s000000OOOOOOuuuuuuuuppPPppPPPp}
The flag is easyctf{S0up_soup_soUP_sOuP_s0UP_S0up_s000000OOOOOOuuuuuuuuppPPppPPPp} =)