picoCTF 2022 + wscCTF 2022

Note : A JOURNEY TO GAIN KNOWLEDGE

picoCTF 2022

Crypto

basic-mod1

Following the decription:

Take each number mod 37 and map it to the following character set: 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore.

simple code:

m = [387 ,248 ,131 ,272 ,373, 221,161 ,110 ,91 ,359 ,390 ,50, 225 ,184 ,223 ,137 ,225 ,327, 42, 179, 220 ,365] 
import string
alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
test = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]
flag = ''
for i in m:
    if int(i%37) in test:
        for j in alpha:
            if alpha.index(j) == int(i%37) :
                flag += j
    elif int(i%37)!= 36:
        flag += str(int(i%37)%26)
    else:
        flag += '_'
print(flag)
#R0UND_N_R0UND_B0D5F596

basic-mod2

Following the decription:

Take each number mod 41 and find the modular inverse for the result. Then map to the following character set: 1-26 are the alphabet, 27-36 are the decimal digits, and 37 is an underscore.

solve:

m = [145 ,126, 356, 272, 98 ,378 ,395 ,352, 392 ,215 ,446, 168 ,180 ,359 ,51, 190, 404, 209, 185, 115 ,363, 431 ,103 ] 
import string
alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ '
test = [0,1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]
flag = ''
enc = [28, 13, 21, 30, 17, 32, 30, 11, 24, 37, 7, 31, 17, 3, 37, 30, 34, 31, 1, 4, 34, 1, 1] #-1 
#     [28, 14, 22, 30, 18, 32, 30, 12, 25, 37, 8, 31, 18, 4, 37, 30, 34, 31, 2, 5, 34, 2, 2] 

for i in enc:
    if i in test:
        for j in alpha:
            if alpha.index(j) == i :
                flag += j
    elif i != 37:
        flag += str(i %27 )
    else:
        flag += '_'
print(flag)
# 1NV3R53LY_H4RD_374BE7BB

credstuff

find cultiris 's password: cvpbPGS{P7e1S_54I35_71Z3}

rot13: picoCTF{C7r1F_54V35_71M3}

morse-code

we can you tool online

flag: picoCTF{WH47 H47H 90D W20U9H7}

rail-fence

tool

substitution0

If you studied cryptography of Mr Tu in UIT, you could solve this chall by eyes =D

The flag is: picoCTF{5UB5717U710N_3V0LU710N_F96A338E}

substitution1

same one

flag is: picoCTF{FR3QU3NCY_4774CK5_4R3_C001_3645BEC6}

substitution2

THEFLAGISPICOCTF{N6R4M_4N41Y515_15_73D10U5_C823D467}

transposition-trial

heTfl g as iicpCTo{7F4NRP051N5_16_35P3X51N3_V8450214}1

Notice that:

"but every block of 3 got scrambled around!"
if we shift char of "iicpCTo" first [0] to [3] we can get "piciCTo" than "picoCTi" continue do that until the last char is '" i ".

some code for loving:

m ='iicpCTo{7F4NRP051N5_16_35P3X51N3_V8450214}1'

m = list(m)
def solve(s):
   s = list(s)
   for i in range(0, len(s)-1,3):
      s[i], s[i+3] = s[i+3], s[i]

   return ''.join(s)

print(solve(m)) 
#picoCTF{7R4N5P051N6_15_3XP3N51V3_58410214}i

Vigenere

decrypt Vigenere with key: "CYLAB". That's quite easy.

picoCTF{D0NT_US3_V1G3N3R3_C1PH3R_0df54reb}

diffie-hellman

Actually this chall want us to find key by diffie-hellman then decrypt Caesar with that key
However, we can brute force they key without using diffie-hellman so that this chall have been deleted in picoCTF

Very Smooth

smooth number

def get_prime(state, bits):
    return next_prime(mpz_urandomb(state, bits) | (1 << (bits - 1)))

def get_smooth_prime(state, bits, smoothness=16):
    p = mpz(2)
    p_factors = [p]
    while p.bit_length() < bits - 2 * smoothness:
        factor = get_prime(state, smoothness)
        p_factors.append(factor)
        p *= factor

    bitcnt = (bits - p.bit_length()) // 2

    while True:
        prime1 = get_prime(state, bitcnt)
        prime2 = get_prime(state, bitcnt)
        tmpp = p * prime1 * prime2
        if tmpp.bit_length() < bits:
            bitcnt += 1
            continue
        if tmpp.bit_length() > bits:
            bitcnt -= 1
            continue
        if is_prime(tmpp + 1):
            p_factors.append(prime1)
            p_factors.append(prime2)
            p = tmpp + 1
            break

    p_factors.sort()

    return (p, p_factors)

You can code simple script as this guy

In my situation, i use the primefac

flag: picoCTF{94287e17}

Sequences

Sum-O-Primes

NSA Backdoor

At this point, my ancestor told me to do anything so I won't write anything from now on,
thank you for reading!

flag: picoCTF{Yu_toi_nho_em!}

Web

Includes

Inspect HTML

Local Authority

Search source

Roboto Sans

SQLiLite

wscCTF 2022

Crypto

ANYTHING

This could be encrypted with ANYTHING! wfa{oporteec_gvb_ogd}

Vernam Cipher (One Time Pad Vigenere) =>flag: WSC{VIGENERE_NOT_BAD}

RSA With The Dogs

source: gen.sage

from random import getrandbits
from Crypto.Util.number import bytes_to_long

p = random_prime(2^(1024//2),False,2^(1023//2))
q = random_prime(2^(1024//2),False,2^(1023//2))

n = p*q
phi = (p-1) * (q-1)

done = False
while not done:
    d = getrandbits(1024//4)
    if (gcd(d,phi) == 1 and 36*pow(d,4) < n):
        done = True
                

Flag = open('flag.txt').read().encode()
m=bytes_to_long(Flag)
e = Integer(d).inverse_mod(phi)
c=pow(m,e,n)
print("n =",n)
print("e =",e)
print("c =",c)

n = 80958280137410344469270793621735550547403923964041971008952114628165974409360380289792220885326992426579868790128162893145613324338067958789899179419581085862309223717281585829617191377490590947730109453817502130283318153315193437990052156404947863059961976057429879645314342452813233368655425822274689461707
e = 3575901247532182907389411227211529824636724376722157756567776602226084740339294992167070515627141715229879280406393029563498781044157896403506408797685517148091205601955885898295742740813509895317351882951244059944509598074900130252149053360447229439583686319853300112906033979011695531155686173063061146739
c = 80629080505342932586166479028264765764709326746119909040860609021743893395577080637958779561184335633322859567681317501709922573784403504695809067898870536224427948000498261469984511352960143456934810825186736399371084350678586129000118485271831798923746976704036847707653422361120164687989605124465224952493

assert(int(pow(c,d,n)) == m)

Notice: 36*pow(d,4) < n => P,Q computed with N,E (Wiener's attack)

flag: wsc{w13n3r5_wer3_bre4d_t0_hunt_b4dger5!}

EAV-Secure Diffie–Hellman?

source: key_exchange.py

from Crypto.Util.number import bytes_to_long

# I love making homespun cryptographic schemes!

def diffie_hellman():
    f = open("flag.txt", "r")
    flag = f.read()
    a = bytes_to_long(flag.encode('utf-8'))
    p = 320907854534300658334827579113595683489
    g = 3
    A = pow(g,a,p) #236498462734017891143727364481546318401

if __name__ == "__main__":
    diffie_hellman()

# EAV-Secure? What's that?

Workflow:

A = pow(g,a,p) of course that's discrete log, i used sage math to calculate easily and get this result:

Nice, let's decrypt and gonna flag

Hmm this one's no meaning. May i am wrong in somewhere ?

No, i ensure my result !
At this time i review the code and notice that:

f = open("flag.txt", "r")
flag = f.read()
a = bytes_to_long(flag.encode('utf-8'))

Here we can see that flag may be bigger than p or flag may be add with phi(p) then after calculating modulo we'll get the same result. That is Fermat's little theorem.
Implement the idea!

from Crypto.Util.number import *

flag = 67514057458967447420279566091192598301
p = 320907854534300658334827579113595683489
g = 3
A = 236498462734017891143727364481546318401
for i in range(10000000):
	flag_here = long_to_bytes(flag+(i*(p-1)))
	if b'wsc{' in flag_here:
		print(flag_here,'ehehhehhehhehe')
		break
	print(i)

After bruteforcing 8300951 times, you will get the flag :))))))

Web

link full file

Warmup: Burp

Just check history of burpsuite

We can see the redirect, send the request with cookie to get flag

SSRF 101

Notice the port, that's quite interting when private 1's port is 1001 and private2's is 10011 so that we can bypass with /ssrf?path=1/flag/

SSRF 301

we can see this clearly in SSRF .

dict://<user>;<auth>@<host>:<port>/d:<word>:<database>:<n>

Actually this one is standard of host and port for example:

In this situation,the host is gg.com, we connect to this one.

However, if we insert the symbol @ it will undertstand user:pass before @ and host:port after.

Now user is gg.com and fb.com is host.

payload: /ssrf?path=a@localhost:/private2:10011/flag/

Contact:

PreviousångstromCTF 2022 NextSecurinets CTF Quals 2022

Last updated 2 years ago

picoCTF 2022 + wscCTF 2022

Note : A JOURNEY TO GAIN KNOWLEDGE

picoCTF 2022

Crypto

basic-mod1

Following the decription:

Take each number mod 37 and map it to the following character set: 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore.

simple code:

m = [387 ,248 ,131 ,272 ,373, 221,161 ,110 ,91 ,359 ,390 ,50, 225 ,184 ,223 ,137 ,225 ,327, 42, 179, 220 ,365] 
import string
alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
test = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]
flag = ''
for i in m:
    if int(i%37) in test:
        for j in alpha:
            if alpha.index(j) == int(i%37) :
                flag += j
    elif int(i%37)!= 36:
        flag += str(int(i%37)%26)
    else:
        flag += '_'
print(flag)
#R0UND_N_R0UND_B0D5F596

basic-mod2

Following the decription:

Take each number mod 41 and find the modular inverse for the result. Then map to the following character set: 1-26 are the alphabet, 27-36 are the decimal digits, and 37 is an underscore.

solve:

m = [145 ,126, 356, 272, 98 ,378 ,395 ,352, 392 ,215 ,446, 168 ,180 ,359 ,51, 190, 404, 209, 185, 115 ,363, 431 ,103 ] 
import string
alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ '
test = [0,1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]
flag = ''
enc = [28, 13, 21, 30, 17, 32, 30, 11, 24, 37, 7, 31, 17, 3, 37, 30, 34, 31, 1, 4, 34, 1, 1] #-1 
#     [28, 14, 22, 30, 18, 32, 30, 12, 25, 37, 8, 31, 18, 4, 37, 30, 34, 31, 2, 5, 34, 2, 2] 

for i in enc:
    if i in test:
        for j in alpha:
            if alpha.index(j) == i :
                flag += j
    elif i != 37:
        flag += str(i %27 )
    else:
        flag += '_'
print(flag)
# 1NV3R53LY_H4RD_374BE7BB

credstuff

find cultiris 's password: cvpbPGS{P7e1S_54I35_71Z3}

rot13: picoCTF{C7r1F_54V35_71M3}

morse-code

we can you tool online

flag: picoCTF{WH47 H47H 90D W20U9H7}

rail-fence

tool

substitution0

If you studied cryptography of Mr Tu in UIT, you could solve this chall by eyes =D

The flag is: picoCTF{5UB5717U710N_3V0LU710N_F96A338E}

substitution1

same one

flag is: picoCTF{FR3QU3NCY_4774CK5_4R3_C001_3645BEC6}

substitution2

THEFLAGISPICOCTF{N6R4M_4N41Y515_15_73D10U5_C823D467}

transposition-trial

heTfl g as iicpCTo{7F4NRP051N5_16_35P3X51N3_V8450214}1

Notice that:

"but every block of 3 got scrambled around!"
if we shift char of "iicpCTo" first [0] to [3] we can get "piciCTo" than "picoCTi" continue do that until the last char is '" i ".

some code for loving:

m ='iicpCTo{7F4NRP051N5_16_35P3X51N3_V8450214}1'

m = list(m)
def solve(s):
   s = list(s)
   for i in range(0, len(s)-1,3):
      s[i], s[i+3] = s[i+3], s[i]

   return ''.join(s)

print(solve(m)) 
#picoCTF{7R4N5P051N6_15_3XP3N51V3_58410214}i

Vigenere

decrypt Vigenere with key: "CYLAB". That's quite easy.

picoCTF{D0NT_US3_V1G3N3R3_C1PH3R_0df54reb}

diffie-hellman

Actually this chall want us to find key by diffie-hellman then decrypt Caesar with that key
However, we can brute force they key without using diffie-hellman so that this chall have been deleted in picoCTF

Very Smooth

smooth number

def get_prime(state, bits):
    return next_prime(mpz_urandomb(state, bits) | (1 << (bits - 1)))

def get_smooth_prime(state, bits, smoothness=16):
    p = mpz(2)
    p_factors = [p]
    while p.bit_length() < bits - 2 * smoothness:
        factor = get_prime(state, smoothness)
        p_factors.append(factor)
        p *= factor

    bitcnt = (bits - p.bit_length()) // 2

    while True:
        prime1 = get_prime(state, bitcnt)
        prime2 = get_prime(state, bitcnt)
        tmpp = p * prime1 * prime2
        if tmpp.bit_length() < bits:
            bitcnt += 1
            continue
        if tmpp.bit_length() > bits:
            bitcnt -= 1
            continue
        if is_prime(tmpp + 1):
            p_factors.append(prime1)
            p_factors.append(prime2)
            p = tmpp + 1
            break

    p_factors.sort()

    return (p, p_factors)

You can code simple script as this guy

In my situation, i use the primefac

flag: picoCTF{94287e17}

Sequences

Sum-O-Primes

NSA Backdoor

At this point, my ancestor told me to do anything so I won't write anything from now on,
thank you for reading!

flag: picoCTF{Yu_toi_nho_em!}

Web

Includes

Inspect HTML

Local Authority

Search source

Roboto Sans

SQLiLite

wscCTF 2022

Crypto

ANYTHING

This could be encrypted with ANYTHING! wfa{oporteec_gvb_ogd}

Vernam Cipher (One Time Pad Vigenere) =>flag: WSC{VIGENERE_NOT_BAD}

RSA With The Dogs

source: gen.sage

from random import getrandbits
from Crypto.Util.number import bytes_to_long

p = random_prime(2^(1024//2),False,2^(1023//2))
q = random_prime(2^(1024//2),False,2^(1023//2))

n = p*q
phi = (p-1) * (q-1)

done = False
while not done:
    d = getrandbits(1024//4)
    if (gcd(d,phi) == 1 and 36*pow(d,4) < n):
        done = True
                

Flag = open('flag.txt').read().encode()
m=bytes_to_long(Flag)
e = Integer(d).inverse_mod(phi)
c=pow(m,e,n)
print("n =",n)
print("e =",e)
print("c =",c)

n = 80958280137410344469270793621735550547403923964041971008952114628165974409360380289792220885326992426579868790128162893145613324338067958789899179419581085862309223717281585829617191377490590947730109453817502130283318153315193437990052156404947863059961976057429879645314342452813233368655425822274689461707
e = 3575901247532182907389411227211529824636724376722157756567776602226084740339294992167070515627141715229879280406393029563498781044157896403506408797685517148091205601955885898295742740813509895317351882951244059944509598074900130252149053360447229439583686319853300112906033979011695531155686173063061146739
c = 80629080505342932586166479028264765764709326746119909040860609021743893395577080637958779561184335633322859567681317501709922573784403504695809067898870536224427948000498261469984511352960143456934810825186736399371084350678586129000118485271831798923746976704036847707653422361120164687989605124465224952493

assert(int(pow(c,d,n)) == m)

Notice: 36*pow(d,4) < n => P,Q computed with N,E (Wiener's attack)

flag: wsc{w13n3r5_wer3_bre4d_t0_hunt_b4dger5!}

EAV-Secure Diffie–Hellman?

source: key_exchange.py

from Crypto.Util.number import bytes_to_long

# I love making homespun cryptographic schemes!

def diffie_hellman():
    f = open("flag.txt", "r")
    flag = f.read()
    a = bytes_to_long(flag.encode('utf-8'))
    p = 320907854534300658334827579113595683489
    g = 3
    A = pow(g,a,p) #236498462734017891143727364481546318401

if __name__ == "__main__":
    diffie_hellman()

# EAV-Secure? What's that?

Workflow:

A = pow(g,a,p) of course that's discrete log, i used sage math to calculate easily and get this result:

Nice, let's decrypt and gonna flag

Hmm this one's no meaning. May i am wrong in somewhere ?

No, i ensure my result !
At this time i review the code and notice that:

f = open("flag.txt", "r")
flag = f.read()
a = bytes_to_long(flag.encode('utf-8'))

Here we can see that flag may be bigger than p or flag may be add with phi(p) then after calculating modulo we'll get the same result. That is Fermat's little theorem.
Implement the idea!

from Crypto.Util.number import *

flag = 67514057458967447420279566091192598301
p = 320907854534300658334827579113595683489
g = 3
A = 236498462734017891143727364481546318401
for i in range(10000000):
	flag_here = long_to_bytes(flag+(i*(p-1)))
	if b'wsc{' in flag_here:
		print(flag_here,'ehehhehhehhehe')
		break
	print(i)

After bruteforcing 8300951 times, you will get the flag :))))))

Web

link full file

Warmup: Burp

Just check history of burpsuite

We can see the redirect, send the request with cookie to get flag

SSRF 101

Notice the port, that's quite interting when private 1's port is 1001 and private2's is 10011 so that we can bypass with /ssrf?path=1/flag/

SSRF 301

we can see this clearly in SSRF .

dict://<user>;<auth>@<host>:<port>/d:<word>:<database>:<n>

Actually this one is standard of host and port for example:

In this situation,the host is gg.com, we connect to this one.

However, if we insert the symbol @ it will undertstand user:pass before @ and host:port after.

Now user is gg.com and fb.com is host.

payload: /ssrf?path=a@localhost:/private2:10011/flag/

Thanks for reading. Have a good day !

Contact:

facebook

PreviousångstromCTF 2022 NextSecurinets CTF Quals 2022

Last updated 2 years ago

picoCTF 2022

Crypto

basic-mod1

basic-mod2

credstuff

morse-code

rail-fence

substitution0

substitution1

substitution2

transposition-trial

Vigenere

diffie-hellman

Very Smooth

Sequences

Sum-O-Primes

NSA Backdoor

At this point, my ancestor told me to do anything so I won't write anything from now on,

thank you for reading!

Web

Includes

Inspect HTML

Local Authority

Search source

Power Cookie

Roboto Sans

SQLiLite

wscCTF 2022

Crypto

ANYTHING

RSA With The Dogs

EAV-Secure Diffie–Hellman?

Web

Warmup: Burp

SSRF 101

SSRF 301

picoCTF 2022

Crypto

basic-mod1

basic-mod2

credstuff

morse-code

rail-fence

substitution0

substitution1

substitution2

transposition-trial

Vigenere

diffie-hellman

Very Smooth

Sequences

Sum-O-Primes

NSA Backdoor

At this point, my ancestor told me to do anything so I won't write anything from now on,

thank you for reading!

Web

Includes

Inspect HTML

Local Authority

Search source

Power Cookie

Roboto Sans

SQLiLite

wscCTF 2022

Crypto

ANYTHING

RSA With The Dogs

EAV-Secure Diffie–Hellman?

Web

Warmup: Burp

SSRF 101

SSRF 301