SECT CTF - ACID BURN ft REPORT Misc 200 & 200 Write up


Report - Misc ( 200 + 0 )
Mr. Belford sucks, is he hiding something....

We are given a PDF file, at first i though maybe they hide some image or hidden text inside the pdf, so i use this site to extract  
But wow, the are neither image nor font ,  nothing but text and metadata, cool
 :D 
So i was googling to see if the anyway to hide data in PDF
We know that hidden data can be embeded in 
But in SHA2017 CTF, i have solved something encrypted with AES , to recover, we must know how the PDF Structure to get key, so i think maybe the data is embeded in the OBJ section like 
and below is the hidden data that we need to find. 
So I used binwalk to extract data in pdf file ( fore some reason i cant use any pdf tool in my ubuntu, still working on fixing lol ) , then check the obj section ( in .zlib )


as u can see, we know that the prefix "SECT" in hex are : 53 45 43 54 , and BAM look at this index table, here it is
we read from the bottom to the top and get the flag : SECT{N07_N1C3_T0_BR3AK_LUCY}




Acid burn - Misc (200)
I suspect Acid Burn is hiding something in her background image, but I can't quite figure out what is it. Can you help me?

We are given a webp image, wow, so strange, i didnt even know it exist
After alot of time google-ling, i realized that, Webp is just like PNG, they are all Lossless so maybe this can be LSB, i followed this and got nothing, so i think we should converted to another extension like JPG,BMP,PNG
So i converted Webp to PNG and tried with Stegsolve, Zsteg , Binwalk ,....... and one of them has the flag but i didn't realize that.
It wont take me so long to solve this if i have more attention on the frame Plane Red 2 which Stegsolve gives me.

yeah, you can see the word "SECT" clearly which i didn't realize and result me in wasting many many time . To see clearly, i used this site to make it  clearerer to see
flag : SECT{I_LOVE_CRASH_OVERFLOW_BUT_I_CAN_NOT_TELL_HIM_HOW_I_FEEL_ABOUT_HIM}


MISC challenges in this contest are very interesting, i have learnt a lot of new thing . Even the 50 points and  100 points challenge are  harder than the 200 challenge lol :D 

Nhận xét

  1. klondikelúc 11:44 17 tháng 9, 2017

    Hi there!

    The original idea with Acid Burn was something as follows:
    * Notice the challenge webpage can serve a PNG with the desktop background unaltered.
    * See pixel differences and see they are randomly placed inside a lattice (16x10 IIRC)
    * Extract the different pixels to recompose the embedded image
    * See the image it is only two dark colours and remove one of them to get the text.

    I'll publish a script if nobody else does :)

    I really like your solution though. Congrats!

    Trả lờiXóa
    Trả lời
    1. Unknownlúc 11:48 17 tháng 9, 2017

      Tks bro, it's really an interesting challenge, i leanrt alot

      Xóa

Đăng nhận xét

Bài đăng phổ biến từ blog này

CSAW 2017 Write up

Hình ảnh
1. Misc 50 2. Forensic 150 3. Forensic 200 4. Crypto 350 5. Misc 100 ( twich ) 1.  nc misc.chal.csaw.io 4239 flag{@n_int3rface_betw33n_data_term1nal_3quipment_and_d@t@_circuit-term1nating_3quipment} In this challenge, when we connect to the server, it will give us 11 bits bin Okay, It is 8-1-1 even parity . It will look like 0        0.....0   0               0 start   data    parity bit   stop So now we check the data and the parity bit , if it right, we will get the data[-1] and send '1', or if it wrong, we will send '0' to make it retranmiss With parity bit, we can count the amount of  bit '1' in data , if the amount is even, the parity bit will be 0  okay now we write a script to do it and eat some snack, then we got the flag 2. Forensic 150:  It's registration day! These forms just seem longer and longer... UPDATE 10:44 Eastern: New pcap that should be a bit easier to work with. UPDATE 2:58 East
Đọc thêm

Write up - SHACTF 2017 ( 2For100 + Cryp100 + Network100 + Crypt200)

Hình ảnh
1. Crypt100 : Stackoverflow I had some issues implementing strong encryption, luckily I was able to find a nice example on  stackoverflow  that showed me how to do it. Challenge:  stackoverflow.tgz File contains: - Script At first, when we check the given site above, we know that this pdf was encrypted with AES-CTR mode, and more interesting, we can see that they reuse the Counter -> that make AES-CTR vulnarable to Known-Plaintext attack crypto = AES.new(os.urandom(32), AES.MODE_CTR, counter=lambda: secret) with secret = os.urandom(16) Okay, let take look at the AES-CTR , let see the reason why they are vulnerable to Known-Plaintext attack: 107.50 KB Normally Counter must be UNIQUE , so that the keystream will be different every step. It is more secured than reused , it will make AES-CTR encryption become:  E(m[i]) = message[i] ^ keystream = cipher[i] and when we know the plaintext message[i] and the cipher[i] , we will get the keystream then d
Đọc thêm

WhiteHat Challenge 04 Write up ( Misc + 2Cryp + For )

Hình ảnh
Lần tham gia đầu tiên với kì thi WhiteHat ( WhiteHat Challenge 02 ) thì team mình dừng ở vị trí 2x Lần thứ 2 ( WhiteHat Challenge 03 ) thì may mắn vào top 10 Và lần này may mắn team mình đã đạt được vị trí thứ 2 Misc 01:  A python code was encoded. Please try to get flag from this file. File:  http://material.wargame.whitehat.vn/challenges/4/Misc01_D7210F18B2D5D162E259C0BE089D4090.zip Ta thấy rằng file đề cho là 1 dãy base64  Sau khi decode ta nhận được file  Thay lệnh exec = lệnh print ta nhận được file  Tiếp tục thay lệnh exec = lệnh print ta nhận được flag flag : WhiteHat{Sha1(scr1pt_w1th_pyth0n_1s_ez)} Crypto01:  Decode the image to get an answer. Tool: Google Download file here: http://material.wargame.whitehat.vn/challenges/4/Crypto01_6B9F0BC772601E6C6770473DD97E3005.zip Sau khi tải file về, ta thấy các hình ảnh rất lạ, và với hint : Tool: Google, ta sẽ liên tưởng đến tìm kiếm hình ảnh của google Cuối cùng ta biết được nó
Đọc thêm