picoCTF 2022 + wscCTF 2022
Note : A JOURNEY TO GAIN KNOWLEDGE
picoCTF 2022
Crypto
basic-mod1
Following the decription:
Take each number mod 37 and map it to the following character set: 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore.
simple code:
basic-mod2
Following the decription:
Take each number mod 41 and find the modular inverse for the result. Then map to the following character set: 1-26 are the alphabet, 27-36 are the decimal digits, and 37 is an underscore.
solve:
credstuff
find cultiris
's password: cvpbPGS{P7e1S_54I35_71Z3}
rot13: picoCTF{C7r1F_54V35_71M3}
morse-code
we can you tool online
flag: picoCTF{WH47 H47H 90D W20U9H7}
rail-fence
substitution0
If you studied cryptography of Mr Tu in UIT, you could solve this chall by eyes =D
The flag is: picoCTF{5UB5717U710N_3V0LU710N_F96A338E}
substitution1
same one
flag is: picoCTF{FR3QU3NCY_4774CK5_4R3_C001_3645BEC6}
substitution2
THEFLAGISPICOCTF{N6R4M_4N41Y515_15_73D10U5_C823D467}
transposition-trial
Notice that:
"but every block of 3 got scrambled around!"
if we shift char of "iicpCTo" first [0] to [3] we can get "piciCTo" than "picoCTi" continue do that until the last char is '" i ".
some code for loving:
Vigenere
decrypt Vigenere with key: "CYLAB". That's quite easy.
picoCTF{D0NT_US3_V1G3N3R3_C1PH3R_0df54reb}
diffie-hellman
Actually this chall want us to find key by diffie-hellman then decrypt Caesar with that key
However, we can brute force they key without using diffie-hellman so that this chall have been deleted in picoCTF
Very Smooth
You can code simple script as this guy
In my situation, i use the primefac
flag: picoCTF{94287e17}
Sequences
Sum-O-Primes
NSA Backdoor
At this point, my ancestor told me to do anything so I won't write anything from now on,
thank you for reading!
flag: picoCTF{Yu_toi_nho_em!}
Web
Includes
Inspect HTML
Local Authority
Search source
Power Cookie
Roboto Sans
SQLiLite
wscCTF 2022
Crypto
ANYTHING
Vernam Cipher (One Time Pad Vigenere) =>flag: WSC{VIGENERE_NOT_BAD}
RSA With The Dogs
source: gen.sage
Notice: 36*pow(d,4) < n => P,Q computed with N,E (Wiener's attack)
flag: wsc{w13n3r5_wer3_bre4d_t0_hunt_b4dger5!}
EAV-Secure DiffieโHellman?
source: key_exchange.py
Workflow:
A = pow(g,a,p) of course that's discrete log, i used sage math to calculate easily and get this result:
Nice, let's decrypt and gonna flag
Hmm this one's no meaning. May i am wrong in somewhere ?
No, i ensure my result !
At this time i review the code and notice that:
Here we can see that flag may be bigger than p or flag may be add with phi(p) then after calculating modulo we'll get the same result. That is Fermat's little theorem.
Implement the idea!
After bruteforcing 8300951 times, you will get the flag :))))))
Web
Warmup: Burp
Just check history of burpsuite
We can see the redirect, send the request with cookie to get flag
SSRF 101
Notice the port, that's quite interting when private 1's port is 1001 and private2's is 10011 so that we can bypass with /ssrf?path=1/flag/
SSRF 301
we can see this clearly in SSRF .
Actually this one is standard of host and port for example:
In this situation,the host is gg.com, we connect to this one.
However, if we insert the symbol @ it will undertstand user:pass before @ and host:port after.
Now user is gg.com and fb.com is host.
payload: /ssrf?path=a@localhost:/private2:10011/flag/
Thanks for reading. Have a good day โค๏ธ !
Contact:
Last updated