Beginner

Еmptiness

Description

Solution

If we visit website it's blank.

Source Code:

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Javascript - Source</title>

    <script>
      function login() {
        key = prompt('secret key');
        if ( key == grodno{d21940vMGFf2Ug84gN3ndqdf186d} {
          alert('You have entered the correct secret key.')
        }
        else {
          alert('Errror');
        }
      }
    </script>
  </head>
  <body onload="login()"></body>
</html>

Flag: grodno{d21940vMGFf2Ug84gN3ndqdf186d}

Crashme

Description

Can you break the program?

nc ctf.mf.grsu.by 9024

Solution

➜ ncat ctf.mf.grsu.by 9024
Give me some data: AAAA
Wrong answer ...
➜ ncat ctf.mf.grsu.by 9024
Give me some data: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
You entered: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Your flag: grodno{623640S3gfaults_4re_a_gr3at_fr1end_0f_h4ck3r55f3862}

Challenge seems to have been simple buffer overflow, entering bunch of A-s overflowed into different memery region and overwriten some check variable which gave us flag.

grodno{623640S3gfaults_4re_a_gr3at_fr1end_0f_h4ck3r55f3862}

Belarussian cipher

Description

“Кропка” is a “dot”, “працяжнiк” is a “dash”. The rest is up to you

bel_cipher.txt

Solution

The description seems to be hinting towards Morse Code, but for morse to get translated spaces need to be normizlied. Instead I tried binary approach:Кропка -> 1, працяжнiк -> 0

Flag: grodno{D0n't_bel1eve_your_eyes!_Th3y_0nly_see_obst4cles}

nanoRSA

Description

Where can I get a nanocomputer...

rsa.txt

e = 1
c = 9908255308151638808626355523286556242109836830117153917
n = 245841236512478852752909734912575581815967630033049838269083

Solution

Plain RSA:

e = 1
c = 9908255308151638808626355523286556242109836830117153917
n = 245841236512478852752909734912575581815967630033049838269083

# Factorize n # factorydb.com
p = 416064700201658306196320137931
q = 590872612825179551336102196593

# Calculate phi
phi = (p-1)*(q-1)

# Calculate the private exponent
d = pow(e, -1, phi)

# Decrypt the message
m = pow(c, d, n)

# Convert m to a string
plaintext = ''.join([chr((m >> j) & 0xff) for j in range(0, m.bit_length(), 8)])
print(plaintext[::-1])

or you can just calculate m = c % n because e is the smallest value it can be.

Flag: grodno{R3sTcD4gH6iJ0kL}

Broken file

Description

Is there something wrong with the image?

image.jpg

Solution

➜ xxd .\image.jpg
00000000: 504b 0304 0a00 0000 0000 69b7 9657 eec8  PK........i..W..
00000010: d293 2a00 0000 2a00 0000 0800 1c00 666c  ..*...*.......fl
00000020: 6167 2e74 7874 5554 0900 0396 ea85 6597  ag.txtUT......e.
00000030: ea85 6575 780b 0001 04e8 0300 0004 e803  ..eux...........
00000040: 0000 6772 6f64 6e6f 7b58 3970 5a32 7159  ..grodno{X9pZ2qY
00000050: 3772 4c34 7357 3874 4831 7541 3376 4236  7rL4sW8tH1uA3vB6
00000060: 774b 3078 4a35 7943 327a 7d0a 504b 0102  wK0xJ5yC2z}.PK..
00000070: 1e03 0a00 0000 0000 69b7 9657 eec8 d293  ........i..W....
00000080: 2a00 0000 2a00 0000 0800 1800 0000 0000  *...*...........
00000090: 0100 0000 a481 0000 0000 666c 6167 2e74  ..........flag.t
000000a0: 7874 5554 0500 0396 ea85 6575 780b 0001  xtUT......eux...
000000b0: 04e8 0300 0004 e803 0000 504b 0506 0000  ..........PK....
000000c0: 0000 0100 0100 4e00 0000 6c00 0000 0000  ......N...l.....

The given "jpg" seems to be a zip file, the flag is already visible so no need to unzip.

Flag: grodno{X9pZ2qY7rL4sW8tH1uA3vB6wK0xJ5yC2z}

As a programmer ...

Description

This is not only true for programmers - “every program has at least one error.”

In encryption, the picture is the same... I chose the wrong parameter, used the key incorrectly. And your secrets are no longer secrets.

output_RSA.txt

code_RSA.py

output_RSA.txt Source

s = 9679603728276260450163332348967772341039656114836199341829623928424883179482998295442569610750090617263140422489655203690606051598227889033133696824561049
t = 7544882607176903318920087402887255144232202298941096774820758222068650540914461606464972583857391951228165370888600203959000417894282048977659598507065283
result = 17224486335453163769083419751855027485271858413777296116650382150493533720397459901907542194607482568491305793378255407649606469492509938010793295331626332
e = 3
n = 73031473813836265586802638898480963691823354032947424211844799982034059370278732061933096537003870674600636644919039367055380810706708777069353371137325457767601410808147577861559266484151023108122144110129865120907211821459436706652522768143661973946322182602994587756648586727110169581118048980551661961867
c = 102440249906188112653112850149004638920041731819150591992314684890766079962216378675563173361005618897820395598884602786493326797681447423552807411034991287447489220834908286512061803086201262036007513517016439047998253997542610533

code_RSA.py Source

from Crypto.Util.number import getPrime , bytes_to_long , GCD
import random

random.seed()
flag = b'grodno{fake_flag}'

KEY_SIZE = 512
RSA_E = 3

def gen_RSA_params(N, e):
    while True:
        p, q = getPrime(N), getPrime(N)
        if GCD(e, (p - 1) * (q - 1)) == 1: break
    n = p * q
    check(p, q, n) 
    return (p, q, n)

def check(p, q, n):
    a_ = random.randint(1, 100000)
    b_ = random.randint(1, 100000)
    c_ = random.randint(1, 100000)
    d_ = random.randint(1, 100000)
    s = pow_m(p, pow_m(q, a_, c_ * (p - 1) * (q - 1)), n)
    t = pow_m(q, pow_m(p, b_, d_ * (p - 1) * (q - 1)), n)
    result = s + t
    print(f"s = {s}")
    print(f"t = {t}")
    print(f"result = {result}")

def pow_m(base, degree, module):
    degree = bin(degree)[2:]
    r = 1
    for i in range(len(degree) - 1, -1, -1):
        r = (r * base ** int(degree[i])) % module
        base = (base ** 2) % module
    return r

dp, q, n = gen_RSA_params(KEY_SIZE, RSA_E) 

m = bytes_to_long(flag)
c = pow(m, RSA_E, n)

print(f"e = {RSA_E}")
print(f"n = {n}")
print(f"c = {c}")

check function seems to be doing nothing, I changed source code to print p, q, n:

44   │ dp, q, n = gen_RSA_params(KEY_SIZE, RSA_E)
45   │ print(f'{dp=}')
46   │ print(f'{q=}')
47   │ print(f'{n=}')

Using the following values I pluged them in classis rsa decrypt script:

from Crypto.Util.number import long_to_bytes
e=3
p=7879960765045001095536351254285236461677252539725568099920468706232467999523306832500323732282207836527543974723447114253113296388679417382538808316690431
q=8342978436831862404899566394233926052038947763802257542165062289867294716038524969659202385666829608378292984332627938904052091508796827006515033647278443
phi=(p - 1) * (q - 1)
n=65742342745851549822180716040255124211938858988373211210691515650102454515899195833369761095003930408764090835269681816455600256543567197486474318897521616107648249347264240038697918688173668720857297582625168429528919657707478013677667101768063930601639646148703064967152840864473503543204843052056090678933
c=102440249906188112653112850149004638920041731819150591992314684890766079962216378675563173361005618897820395598884602786493326797681447423552807411034991287447489220834908286512061803086201262036007513517016439047998253997542610533

d = pow(e, -1, phi)
m = pow(c, d, n)
p = long_to_bytes(m).decode()
print(p)

Flag: grodno{Sm4ll_e_1s_e4sy_t0_br3ak}

I can do it in Chinese

Description

My friend has a crush on Chinese. I sent it, I don’t understand what...

杲潤湯等晟祯畟湥敤彩瑟楮彃桩湥獥彷敟捡湟摯彩瑟楮彃桩湥獥彽

in_Chinese.txt

Solution

with open('./in_Chinese.txt', 'rb') as f:
    print(
        f.read()             # Read contents
        .decode()            # bytes -> str
        .encode('utf-16-be') # Encode to UTF-16-BE (Big Endian) # Correct Encoding
        .decode('utf-8')     # Decode To UTF-8 (For Readability)
    )

Flag: grodno{If_you_need_it_in_Chinese_we_can_do_it_in_Chinese_}

Two points again

Description

I received a file with huge numbers. Explicitly RSA

output_badRSA1.txt

He_chose_the_wrong_parameters_for_RSA.jpg

output_badRSA1.txt Source

N = 894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473
e = 49999
c = 127990258916322713210704002931365496210647826869578493680557063836772515914303363145985391647430839311330158084206710072455465957218072448099969815961814463831667357474852426061475210363277306704257877402661232669936031043625938011115290529377505573367883714424182150449678726041360949463375982144652910707759221795772350872426009873120527309342093683340576731241704191541296890578962805029558926492259701366885936092059693759354255247540815813052543086204934376066884066060405947003334121725632674642690548675916126384013014552545338699198239765357561083183401525044638243204528501965028598782513999767237563252331767079569128151380305983732341553403814650118788711703476805307790685184506737890913441497269132749881622937761764492015610811577966553776703680435092016590690563200951474073620866158140866931856293211794418637441400021472249887178225738960768608549559781531479910409684884180658879621882231073123533851227894797415625533435081416099549459198508358607887551022339960981663266529984544362524495679204397590064106335341279871204905873532415276380340515150499389237587052633736125460704219829657692767592459700685070039056607335118481257774532132073976558433243315868939654221066341581052013795470559435542389710686098062

Solution

Idk why jpg was provided tbh... Anyway I was about to blast the RSA with rsactftool:

└─$ rsactftool 
	-n 894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473 
	-e 49999 
	--decrypt 127990258916322713210704002931365496210647826869578493680557063836772515914303363145985391647430839311330158084206710072455465957218072448099969815961814463831667357474852426061475210363277306704257877402661232669936031043625938011115290529377505573367883714424182150449678726041360949463375982144652910707759221795772350872426009873120527309342093683340576731241704191541296890578962805029558926492259701366885936092059693759354255247540815813052543086204934376066884066060405947003334121725632674642690548675916126384013014552545338699198239765357561083183401525044638243204528501965028598782513999767237563252331767079569128151380305983732341553403814650118788711703476805307790685184506737890913441497269132749881622937761764492015610811577966553776703680435092016590690563200951474073620866158140866931856293211794418637441400021472249887178225738960768608549559781531479910409684884180658879621882231073123533851227894797415625533435081416099549459198508358607887551022339960981663266529984544362524495679204397590064106335341279871204905873532415276380340515150499389237587052633736125460704219829657692767592459700685070039056607335118481257774532132073976558433243315868939654221066341581052013795470559435542389710686098062
private argument is not set, the private key will not be displayed, even if recovered.
['/tmp/tmp59da1sd5']

[*] Testing key /tmp/tmp59da1sd5.
attack initialized...
attack initialized...
[!] Your provided modulus is prime:
894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473
There is no need to run an integer factorization...

[!] Your provided modulus is prime: 👀 Why is RSA easily cracked if N is prime?

Basically if N is prime then phi is N-1 instead of (p-1)*(q-1)

Plug the values again and solve:

from Crypto.Util.number import long_to_bytes
e=49999
n=894011376132861406416081994144221048298348543110763436400156707035479762291337096368301340210777912166253392435275663746074998964323198306974285233167719096055553347615918699581765041856450618725024365550285245909593290693757548300976025136185960841538482656726074757217987326418213368306947431668797511869941369363510575799319146232381645606378509284692783439527001482275434870365007864755014763434476875230779298152747668036103797086099448952638933614839186234115539057353208089196503236476069765055958643599622359809306429773621018079928117609961649006558217734057147235098517323614637509521563090769478823258676357262436290835475545437211168106617010859479612214627871047960151415095910992231687737019157788664429412462674876326653667300420128914036327499885103193423178025962079282185227746880809451234195481664650147610375976243181422075319601793906090392759832052648670731266344219250793991957964535801285606036631861341696305110038590888086491568683507575846576623827059055577036404611548224528600604898405714747157240730264673180051312634408192644777331633111950232485559076080686217541095754245034143596485147084607615402187454830802772582891800608645679493263524678084504132604846410243911260803002065871918398725293311473
phi=n-1
c=127990258916322713210704002931365496210647826869578493680557063836772515914303363145985391647430839311330158084206710072455465957218072448099969815961814463831667357474852426061475210363277306704257877402661232669936031043625938011115290529377505573367883714424182150449678726041360949463375982144652910707759221795772350872426009873120527309342093683340576731241704191541296890578962805029558926492259701366885936092059693759354255247540815813052543086204934376066884066060405947003334121725632674642690548675916126384013014552545338699198239765357561083183401525044638243204528501965028598782513999767237563252331767079569128151380305983732341553403814650118788711703476805307790685184506737890913441497269132749881622937761764492015610811577966553776703680435092016590690563200951474073620866158140866931856293211794418637441400021472249887178225738960768608549559781531479910409684884180658879621882231073123533851227894797415625533435081416099549459198508358607887551022339960981663266529984544362524495679204397590064106335341279871204905873532415276380340515150499389237587052633736125460704219829657692767592459700685070039056607335118481257774532132073976558433243315868939654221066341581052013795470559435542389710686098062

d = pow(e, -1, phi)
m = pow(c, d, n)
p = long_to_bytes(m).decode()
print(p)

'''
By harnessing the grodno{m@thematical_pr0perties_0f_l@rge_prime_numb3rs}, 
RSA provides a robust and efficient method for encrypting 
and decrypting information.
'''

Flag: grodno{m@thematical_pr0perties_0f_l@rge_prime_numb3rs}

The Ripper

Description

The archive is one of the most secure places on my computer, unless the password is qwerty of course :)

Fortunately, I always use a random set of nine digits, oops... I shouldn’t have said that.

super-secret-files.zip

Solution

Generate possible pins:

└─$ crunch 9 9 1234567890 > wordlist.dic

└─$ zip2john super-secret-files.zip > zip.hash
ver 2.0 efh 9901 super-secret-files.zip/flag.txt PKZIP Encr: cmplen=94, decmplen=67, crc=BA1047B5
ver 2.0 efh 9901 super-secret-files.zip/super-secret-file.txt PKZIP Encr: cmplen=22238, decmplen=59973, crc=21DBAD5C
ver 2.0 efh 9901 super-secret-files.zip/another-file.txt PKZIP Encr: cmplen=1286, decmplen=3138, crc=65AF6385
ver 2.0 efh 9901 super-secret-files.zip/file.txt PKZIP Encr: cmplen=1368, decmplen=9418, crc=C1FAB320
NOTE: It is assumed that all files in each archive have the same password.
If that is not the case, the hash may be uncrackable. To avoid this, use
option -o to pick a file at a time.

└─$ john --wordlist=wordlist.dic zip.hash
Warning: detected hash type "ZIP", but the string is also recognized as "ZIP-opencl"
Use the "--format=ZIP-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (ZIP, WinZip [PBKDF2-SHA1 128/128 AVX 4x])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
124161344        (super-secret-files.zip/flag.txt)
1g 0:00:13:37 DONE (2024-01-11 20:16) 0.001223g/s 15975p/s 15975c/s 15975C/s 124150967..124162014
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Unzip with 7zip (unzip didnt work?...):

└─$ 7z x super-secret-files.zip -p124161344 -osuper-secret-files

7-Zip [64] 17.05 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.05 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,2 CPUs x64)

Scanning the drive for archives:
1 file, 25714 bytes (26 KiB)

Extracting archive: super-secret-files.zip
--
Path = super-secret-files.zip
Type = zip
Physical Size = 25714

Everything is Ok

Files: 4
Size:       72596
Compressed: 25714

Find flag:

└─$ grep 'grodno' super-secret-files/ -Rain
super-secret-files/super-secret-file.txt:528:grodno{0n_linux_it_would_be_easier_t0_do_this}

Flag: grodno{0n_linux_it_would_be_easier_t0_do_this}

PreviousBEEF NextCriminal Excel

Last updated 1 month ago