- Details
- Written by Michael Bann
I'm adding this writeup primarily because so many people were complaining about this challenge. I think this is an example of a challenge that will turn people away from CTFs as it only minimally has to do with crypto and has more to do with guessing what the challenge author wants. This challenge was worth 100 points.
All we are given is a link to http://52.7.208.12/. This web page has an entry field, and will give an error if you enter too few characters (i think it was 5 or something) and complain that "Your note isn't long enough so it's not security". This would lead you to believe that the solution has something to do with the length of the input string.
- Details
- Written by Michael Bann
Category: Crypto Points: 10,10,30,40 Solves: 436,381,224,63 Description:
Decrypt 4 flags.
In this challenge we're given 4 encrypted flags, and ask to decrypt them. They get successively more difficult, with the last one only having 63 successful solves. For each encrypted blob we were given a corresponding URL containing the encryption engine that would allow us to input anything and get back the corresponding output.
From a cryptography perspective, this means that for each of the flags we have at least two types of attacks. We have a chosen plain text attack in which we can decide what to encrypt and look at the results. We also have a known plain text since each flag is of the form "MMA{<values>}". Using these two types of attacks we can solve each of the challenges.
- Details
- Written by Michael Bann
Category: Web Points: 75 Solves: 22 Description:
What does this service do? It hides a flag!
Navigating to the website, we see an input box and a query button. The first thing to do is throw some data at it and see what happens:
SENT: a RESPONSE: 61008ce2,CAMP15_silverneedle RESPONSE: 61010292,CAMP15_silverneedle SENT: ab RESPONSE: 61626b8f,CAMP15_silverneedle RESPONSE: 6162dc3f,CAMP15_silverneedle SENT: abc RESPONSE: not found
- Details
- Written by Michael Bann
Category: Reversing Points: 200 Solves: 29 Description:
Find valid credentials for the registration server keycheck running on
challs.campctf.ccc.ac 10114
Running this program, we get:
$ ./keycheck
Enter username: User
Enter key: Password
Registration data invalid.
As the title suggests, the goal is to find a username and key that will allow successful registration. Running strings on the binary doesn't tell us too much, but does show a reference to python2. Let's ease our way into this problem by using ltrace to show what libraries and system calls are performed.