SECT CTF - ACID BURN ft REPORT Misc 200 & 200 Write up


Report - Misc ( 200 + 0 )
Mr. Belford sucks, is he hiding something....

We are given a PDF file, at first i though maybe they hide some image or hidden text inside the pdf, so i use this site to extract  
But wow, the are neither image nor font ,  nothing but text and metadata, cool
 :D 
So i was googling to see if the anyway to hide data in PDF
We know that hidden data can be embeded in 
But in SHA2017 CTF, i have solved something encrypted with AES , to recover, we must know how the PDF Structure to get key, so i think maybe the data is embeded in the OBJ section like 
and below is the hidden data that we need to find. 
So I used binwalk to extract data in pdf file ( fore some reason i cant use any pdf tool in my ubuntu, still working on fixing lol ) , then check the obj section ( in .zlib )


as u can see, we know that the prefix "SECT" in hex are : 53 45 43 54 , and BAM look at this index table, here it is
we read from the bottom to the top and get the flag : SECT{N07_N1C3_T0_BR3AK_LUCY}




Acid burn - Misc (200)
I suspect Acid Burn is hiding something in her background image, but I can't quite figure out what is it. Can you help me?

We are given a webp image, wow, so strange, i didnt even know it exist
After alot of time google-ling, i realized that, Webp is just like PNG, they are all Lossless so maybe this can be LSB, i followed this and got nothing, so i think we should converted to another extension like JPG,BMP,PNG
So i converted Webp to PNG and tried with Stegsolve, Zsteg , Binwalk ,....... and one of them has the flag but i didn't realize that.
It wont take me so long to solve this if i have more attention on the frame Plane Red 2 which Stegsolve gives me.

yeah, you can see the word "SECT" clearly which i didn't realize and result me in wasting many many time . To see clearly, i used this site to make it  clearerer to see
flag : SECT{I_LOVE_CRASH_OVERFLOW_BUT_I_CAN_NOT_TELL_HIM_HOW_I_FEEL_ABOUT_HIM}


MISC challenges in this contest are very interesting, i have learnt a lot of new thing . Even the 50 points and  100 points challenge are  harder than the 200 challenge lol :D 

Nhận xét

  1. klondikelúc 11:44 17 tháng 9, 2017

    Hi there!

    The original idea with Acid Burn was something as follows:
    * Notice the challenge webpage can serve a PNG with the desktop background unaltered.
    * See pixel differences and see they are randomly placed inside a lattice (16x10 IIRC)
    * Extract the different pixels to recompose the embedded image
    * See the image it is only two dark colours and remove one of them to get the text.

    I'll publish a script if nobody else does :)

    I really like your solution though. Congrats!

    Trả lờiXóa
    Trả lời
    1. Unknownlúc 11:48 17 tháng 9, 2017

      Tks bro, it's really an interesting challenge, i leanrt alot

      Xóa

Đăng nhận xét

Bài đăng phổ biến từ blog này

SHACTF 2017 Write up for MISC Junior (200)

Hình ảnh
Crypt1:All about the base   V2VsbCBkb25lLAoKdGhpcyBmaWxlIGlzIGVuY3J5cHRlZCB3aXRoIEJhc2U2NC4gT2Z0ZW4gdXNl ZCBpbiBDVEYncyB0byBkaXNwbGF5IGJpbmFyeSBkYXRhIGluIGEgbW9yZSBmcmllbmRseSB3YXku IAoKVGhlIGZsYWcgZm9yIHRoaXMgY2hhbGxlbmdlIGlzIGZsYWd7YjNlOWMzZWVlNjA5YmFjNDZm YWQ0NDM5Y2YzMjFmZTV9Cg== just base64 decode -> flag Crypt 1: Rotation Seems someone rotated the alphabet, can you get the original message back? Ykksy eua ckxk ghrk zu mkz znk zkdz hgiq. Znk lrgm oy lrgm{30j3g1gg0ijg9l08ijlg52668hi6854g} Okay, must be caesar right? i took the part " lrgm{30j3g1gg0ijg9l08ijlg52668hi6854g}" Because i know for sure lrgm must be flag in some ROT    kt.pe is dead :v so i wrote a script to do the job :v    flag: flag{30d3a1aa0cda9f08cdfa52668bc6854a} Crypt2: Substitute Teacher Hello, my name is Mr. Smith, I will be your  substitute  teacher for today. I only have one assignment for you today, if you solve it you may go home. Now be silen...
Đọc thêm

Write up - SHACTF 2017 ( 2For100 + Cryp100 + Network100 + Crypt200)

Hình ảnh
1. Crypt100 : Stackoverflow I had some issues implementing strong encryption, luckily I was able to find a nice example on  stackoverflow  that showed me how to do it. Challenge:  stackoverflow.tgz File contains: - Script At first, when we check the given site above, we know that this pdf was encrypted with AES-CTR mode, and more interesting, we can see that they reuse the Counter -> that make AES-CTR vulnarable to Known-Plaintext attack crypto = AES.new(os.urandom(32), AES.MODE_CTR, counter=lambda: secret) with secret = os.urandom(16) Okay, let take look at the AES-CTR , let see the reason why they are vulnerable to Known-Plaintext attack: 107.50 KB Normally Counter must be UNIQUE , so that the keystream will be different every step. It is more secured than reused , it will make AES-CTR encryption become:  E(m[i]) = message[i] ^ keystream = cipher[i] and when we know the plaintext message[i] and the cipher[i] , we will get t...
Đọc thêm