Beginner

Еmptiness

Description

Solution

If we visit website it's blank.

Source Code:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Javascript - Source</title>

    <script>
      function login() {
        key = prompt('secret key');
        if ( key == grodno{d21940vMGFf2Ug84gN3ndqdf186d} {
          alert('You have entered the correct secret key.')
        }
        else {
          alert('Errror');
        }
      }
    </script>
  </head>
  <body onload="login()"></body>
</html>

Flag: grodno{d21940vMGFf2Ug84gN3ndqdf186d}

Crashme

Description

Can you break the program?

nc ctf.mf.grsu.by 9024

Solution

➜ ncat ctf.mf.grsu.by 9024
Give me some data: AAAA
Wrong answer ...
➜ ncat ctf.mf.grsu.by 9024
Give me some data: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
You entered: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Your flag: grodno{623640S3gfaults_4re_a_gr3at_fr1end_0f_h4ck3r55f3862}

Challenge seems to have been simple buffer overflow, entering bunch of A-s overflowed into different memery region and overwriten some check variable which gave us flag.

grodno{623640S3gfaults_4re_a_gr3at_fr1end_0f_h4ck3r55f3862}

Belarussian cipher

Description

“Кропка” is a “dot”, “працяжнiк” is a “dash”. The rest is up to you

bel_cipher.txt

Solution

The description seems to be hinting towards Morse Code, but for morse to get translated spaces need to be normizlied. Instead I tried binary approach:Кропка -> 1, працяжнiк -> 0

Flag: grodno{D0n't_bel1eve_your_eyes!_Th3y_0nly_see_obst4cles}

nanoRSA

Description

Where can I get a nanocomputer...

rsa.txt

e = 1
c = 9908255308151638808626355523286556242109836830117153917
n = 245841236512478852752909734912575581815967630033049838269083

Solution

Plain RSA:

e = 1
c = 9908255308151638808626355523286556242109836830117153917
n = 245841236512478852752909734912575581815967630033049838269083

# Factorize n # factorydb.com
p = 416064700201658306196320137931
q = 590872612825179551336102196593

# Calculate phi
phi = (p-1)*(q-1)

# Calculate the private exponent
d = pow(e, -1, phi)

# Decrypt the message
m = pow(c, d, n)

# Convert m to a string
plaintext = ''.join([chr((m >> j) & 0xff) for j in range(0, m.bit_length(), 8)])
print(plaintext[::-1])

or you can just calculate m = c % n because e is the smallest value it can be.

Flag: grodno{R3sTcD4gH6iJ0kL}

Broken file

Description

Is there something wrong with the image?

image.jpg

Solution

➜ xxd .\image.jpg
00000000: 504b 0304 0a00 0000 0000 69b7 9657 eec8  PK........i..W..
00000010: d293 2a00 0000 2a00 0000 0800 1c00 666c  ..*...*.......fl
00000020: 6167 2e74 7874 5554 0900 0396 ea85 6597  ag.txtUT......e.
00000030: ea85 6575 780b 0001 04e8 0300 0004 e803  ..eux...........
00000040: 0000 6772 6f64 6e6f 7b58 3970 5a32 7159  ..grodno{X9pZ2qY
00000050: 3772 4c34 7357 3874 4831 7541 3376 4236  7rL4sW8tH1uA3vB6
00000060: 774b 3078 4a35 7943 327a 7d0a 504b 0102  wK0xJ5yC2z}.PK..
00000070: 1e03 0a00 0000 0000 69b7 9657 eec8 d293  ........i..W....
00000080: 2a00 0000 2a00 0000 0800 1800 0000 0000  *...*...........
00000090: 0100 0000 a481 0000 0000 666c 6167 2e74  ..........flag.t
000000a0: 7874 5554 0500 0396 ea85 6575 780b 0001  xtUT......eux...
000000b0: 04e8 0300 0004 e803 0000 504b 0506 0000  ..........PK....
000000c0: 0000 0100 0100 4e00 0000 6c00 0000 0000  ......N...l.....

The given "jpg" seems to be a zip file, the flag is already visible so no need to unzip.

Flag: grodno{X9pZ2qY7rL4sW8tH1uA3vB6wK0xJ5yC2z}

As a programmer ...

Description

This is not only true for programmers - “every program has at least one error.”

In encryption, the picture is the same... I chose the wrong parameter, used the key incorrectly. And your secrets are no longer secrets.

output_RSA.txt

code_RSA.py

output_RSA.txt Source

s = 9679603728276260450163332348967772341039656114836199341829623928424883179482998295442569610750090617263140422489655203690606051598227889033133696824561049
t = 7544882607176903318920087402887255144232202298941096774820758222068650540914461606464972583857391951228165370888600203959000417894282048977659598507065283
result = 17224486335453163769083419751855027485271858413777296116650382150493533720397459901907542194607482568491305793378255407649606469492509938010793295331626332
e = 3
n = 73031473813836265586802638898480963691823354032947424211844799982034059370278732061933096537003870674600636644919039367055380810706708777069353371137325457767601410808147577861559266484151023108122144110129865120907211821459436706652522768143661973946322182602994587756648586727110169581118048980551661961867
c = 102440249906188112653112850149004638920041731819150591992314684890766079962216378675563173361005618897820395598884602786493326797681447423552807411034991287447489220834908286512061803086201262036007513517016439047998253997542610533

code_RSA.py Source

from Crypto.Util.number import getPrime , bytes_to_long , GCD
import random

random.seed()
flag = b'grodno{fake_flag}'

KEY_SIZE = 512
RSA_E = 3

def gen_RSA_params(N, e):
    while True:
        p, q = getPrime(N), getPrime(N)
        if GCD(e, (p - 1) * (q - 1)) == 1: break
    n = p * q
    check(p, q, n) 
    return (p, q, n)

def check(p, q, n):
    a_ = random.randint(1, 100000)
    b_ = random.randint(1, 100000)
    c_ = random.randint(1, 100000)
    d_ = random.randint(1, 100000)
    s = pow_m(p, pow_m(q, a_, c_ * (p - 1) * (q - 1)), n)
    t = pow_m(q, pow_m(p, b_, d_ * (p - 1) * (q - 1)), n)
    result = s + t
    print(f"s = {s}")
    print(f"t = {t}")
    print(f"result = {result}")

def pow_m(base, degree, module):
    degree = bin(degree)[2:]
    r = 1
    for i in range(len(degree) - 1, -1, -1):
        r = (r * base ** int(degree[i])) % module
        base = (base ** 2) % module
    return r

dp, q, n = gen_RSA_params(KEY_SIZE, RSA_E) 

m = bytes_to_long(flag)
c = pow(m, RSA_E, n)

print(f"e = {RSA_E}")
print(f"n = {n}")
print(f"c = {c}")

check function seems to be doing nothing, I changed source code to print p, q, n:

44   │ dp, q, n = gen_RSA_params(KEY_SIZE, RSA_E)
45   │ print(f'{dp=}')
46   │ print(f'{q=}')
47   │ print(f'{n=}')

Using the following values I pluged them in classis rsa decrypt script:

from Crypto.Util.number import long_to_bytes
e=3
p=7879960765045001095536351254285236461677252539725568099920468706232467999523306832500323732282207836527543974723447114253113296388679417382538808316690431
q=8342978436831862404899566394233926052038947763802257542165062289867294716038524969659202385666829608378292984332627938904052091508796827006515033647278443
phi=(p - 1) * (q - 1)
n=65742342745851549822180716040255124211938858988373211210691515650102454515899195833369761095003930408764090835269681816455600256543567197486474318897521616107648249347264240038697918688173668720857297582625168429528919657707478013677667101768063930601639646148703064967152840864473503543204843052056090678933
c=102440249906188112653112850149004638920041731819150591992314684890766079962216378675563173361005618897820395598884602786493326797681447423552807411034991287447489220834908286512061803086201262036007513517016439047998253997542610533

d = pow(e, -1, phi)
m = pow(c, d, n)
p = long_to_bytes(m).decode()
print(p)

Flag: grodno{Sm4ll_e_1s_e4sy_t0_br3ak}

I can do it in Chinese

Description

My friend has a crush on Chinese. I sent it, I don’t understand what...

杲潤湯等晟祯畟湥敤彩瑟楮彃桩湥獥彷敟捡湟摯彩瑟楮彃桩湥獥彽

in_Chinese.txt

Solution

with open('./in_Chinese.txt', 'rb') as f:
    print(
        f.read()             # Read contents
        .decode()            # bytes -> str
        .encode('utf-16-be') # Encode to UTF-16-BE (Big Endian) # Correct Encoding
        .decode('utf-8')     # Decode To UTF-8 (For Readability)
    )

Flag: grodno{If_you_need_it_in_Chinese_we_can_do_it_in_Chinese_}

Two points again

Description

I received a file with huge numbers. Explicitly RSA

output_badRSA1.txt

He_chose_the_wrong_parameters_for_RSA.jpg

output_badRSA1.txt Source

N = 894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473
e = 49999
c = 127990258916322713210704002931365496210647826869578493680557063836772515914303363145985391647430839311330158084206710072455465957218072448099969815961814463831667357474852426061475210363277306704257877402661232669936031043625938011115290529377505573367883714424182150449678726041360949463375982144652910707759221795772350872426009873120527309342093683340576731241704191541296890578962805029558926492259701366885936092059693759354255247540815813052543086204934376066884066060405947003334121725632674642690548675916126384013014552545338699198239765357561083183401525044638243204528501965028598782513999767237563252331767079569128151380305983732341553403814650118788711703476805307790685184506737890913441497269132749881622937761764492015610811577966553776703680435092016590690563200951474073620866158140866931856293211794418637441400021472249887178225738960768608549559781531479910409684884180658879621882231073123533851227894797415625533435081416099549459198508358607887551022339960981663266529984544362524495679204397590064106335341279871204905873532415276380340515150499389237587052633736125460704219829657692767592459700685070039056607335118481257774532132073976558433243315868939654221066341581052013795470559435542389710686098062

Solution

Idk why jpg was provided tbh... Anyway I was about to blast the RSA with rsactftool:

└─$ rsactftool 
	-n 894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473 
	-e 49999 
	--decrypt 127990258916322713210704002931365496210647826869578493680557063836772515914303363145985391647430839311330158084206710072455465957218072448099969815961814463831667357474852426061475210363277306704257877402661232669936031043625938011115290529377505573367883714424182150449678726041360949463375982144652910707759221795772350872426009873120527309342093683340576731241704191541296890578962805029558926492259701366885936092059693759354255247540815813052543086204934376066884066060405947003334121725632674642690548675916126384013014552545338699198239765357561083183401525044638243204528501965028598782513999767237563252331767079569128151380305983732341553403814650118788711703476805307790685184506737890913441497269132749881622937761764492015610811577966553776703680435092016590690563200951474073620866158140866931856293211794418637441400021472249887178225738960768608549559781531479910409684884180658879621882231073123533851227894797415625533435081416099549459198508358607887551022339960981663266529984544362524495679204397590064106335341279871204905873532415276380340515150499389237587052633736125460704219829657692767592459700685070039056607335118481257774532132073976558433243315868939654221066341581052013795470559435542389710686098062
private argument is not set, the private key will not be displayed, even if recovered.
['/tmp/tmp59da1sd5']

[*] Testing key /tmp/tmp59da1sd5.
attack initialized...
attack initialized...
[!] Your provided modulus is prime:
894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473
There is no need to run an integer factorization...

[!] Your provided modulus is prime: 👀 Why is RSA easily cracked if N is prime?

Basically if N is prime then phi is N-1 instead of (p-1)*(q-1)

Plug the values again and solve:

from Crypto.Util.number import long_to_bytes
e=49999
n=894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473
phi=n-1
c=127990258916322713210704002931365496210647826869578493680557063836772515914303363145985391647430839311330158084206710072455465957218072448099969815961814463831667357474852426061475210363277306704257877402661232669936031043625938011115290529377505573367883714424182150449678726041360949463375982144652910707759221795772350872426009873120527309342093683340576731241704191541296890578962805029558926492259701366885936092059693759354255247540815813052543086204934376066884066060405947003334121725632674642690548675916126384013014552545338699198239765357561083183401525044638243204528501965028598782513999767237563252331767079569128151380305983732341553403814650118788711703476805307790685184506737890913441497269132749881622937761764492015610811577966553776703680435092016590690563200951474073620866158140866931856293211794418637441400021472249887178225738960768608549559781531479910409684884180658879621882231073123533851227894797415625533435081416099549459198508358607887551022339960981663266529984544362524495679204397590064106335341279871204905873532415276380340515150499389237587052633736125460704219829657692767592459700685070039056607335118481257774532132073976558433243315868939654221066341581052013795470559435542389710686098062

d = pow(e, -1, phi)
m = pow(c, d, n)
p = long_to_bytes(m).decode()
print(p)

'''
By harnessing the grodno{m@thematical_pr0perties_0f_l@rge_prime_numb3rs}, 
RSA provides a robust and efficient method for encrypting 
and decrypting information.
'''

Flag: grodno{m@thematical_pr0perties_0f_l@rge_prime_numb3rs}

The Ripper

Description

The archive is one of the most secure places on my computer, unless the password is qwerty of course :)

Fortunately, I always use a random set of nine digits, oops... I shouldn’t have said that.

super-secret-files.zip

Solution

Generate possible pins:

└─$ crunch 9 9 1234567890 > wordlist.dic

└─$ zip2john super-secret-files.zip > zip.hash
ver 2.0 efh 9901 super-secret-files.zip/flag.txt PKZIP Encr: cmplen=94, decmplen=67, crc=BA1047B5
ver 2.0 efh 9901 super-secret-files.zip/super-secret-file.txt PKZIP Encr: cmplen=22238, decmplen=59973, crc=21DBAD5C
ver 2.0 efh 9901 super-secret-files.zip/another-file.txt PKZIP Encr: cmplen=1286, decmplen=3138, crc=65AF6385
ver 2.0 efh 9901 super-secret-files.zip/file.txt PKZIP Encr: cmplen=1368, decmplen=9418, crc=C1FAB320
NOTE: It is assumed that all files in each archive have the same password.
If that is not the case, the hash may be uncrackable. To avoid this, use
option -o to pick a file at a time.

└─$ john --wordlist=wordlist.dic zip.hash
Warning: detected hash type "ZIP", but the string is also recognized as "ZIP-opencl"
Use the "--format=ZIP-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (ZIP, WinZip [PBKDF2-SHA1 128/128 AVX 4x])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
124161344        (super-secret-files.zip/flag.txt)
1g 0:00:13:37 DONE (2024-01-11 20:16) 0.001223g/s 15975p/s 15975c/s 15975C/s 124150967..124162014
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Unzip with 7zip (unzip didnt work?...):

└─$ 7z x super-secret-files.zip -p124161344 -osuper-secret-files

7-Zip [64] 17.05 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.05 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,2 CPUs x64)

Scanning the drive for archives:
1 file, 25714 bytes (26 KiB)

Extracting archive: super-secret-files.zip
--
Path = super-secret-files.zip
Type = zip
Physical Size = 25714

Everything is Ok

Files: 4
Size:       72596
Compressed: 25714

Find flag:

└─$ grep 'grodno' super-secret-files/ -Rain
super-secret-files/super-secret-file.txt:528:grodno{0n_linux_it_would_be_easier_t0_do_this}

Flag: grodno{0n_linux_it_would_be_easier_t0_do_this}

PreviousBEEF NextCriminal Excel

Last updated 8 months ago

hashtagЕmptiness

hashtagDescription

hashtagSolution

hashtagCrashme

hashtagDescription

hashtagSolution

hashtagBelarussian cipher

hashtagDescription

hashtagSolution

hashtagnanoRSA

hashtagDescription

hashtagSolution

hashtagBroken file

hashtagDescription

hashtagSolution

hashtagAs a programmer ...

hashtagDescription

hashtagI can do it in Chinese

hashtagDescription

hashtagSolution

hashtagTwo points again

hashtagDescription

hashtagSolution

hashtagThe Ripper

hashtagDescription

hashtagSolution

Еmptiness

Description

Solution

Crashme

Description

Solution

Belarussian cipher

Description

Solution

nanoRSA

Description

Solution

Broken file

Description

Solution

As a programmer ...

Description

I can do it in Chinese

Description

Solution

Two points again

Description

Solution

The Ripper

Description

Solution