📚 Add placeholders of School CTF 2015

school-ctf-2015/README.md

@@ -0,0 +1,40 @@
+# School CTF CTF write-ups
+
+* <TODO>
+* [Scoreboard](TODO) or [local alternative](TODOLOCAL)
+
+## Completed write-ups
+
+* none yet
+
+## External write-ups only
+
+* none yet
+
+## Missing write-ups
+
+* [crypto/super-digest-4-400](crypto/super-digest-4-400)
+* [crypto/crypto-lego-500](crypto/crypto-lego-500)
+* [crypto/super-digest-4-strong-500](crypto/super-digest-4-strong-500)
+* [crypto/affine-cipher-100](crypto/affine-cipher-100)
+* [crypto/bypassing-the-snake-400](crypto/bypassing-the-snake-400)
+* [pwn/ssh-jail-500](pwn/ssh-jail-500)
+* [forensics/hidden-file-200](forensics/hidden-file-200)
+* [networks/misconfiguration-300](networks/misconfiguration-300)
+* [networks/tricky-authorization-200](networks/tricky-authorization-200)
+* [joy/darkness-200](joy/darkness-200)
+* [joy/alpha-to-foxtrot-alpha-150](joy/alpha-to-foxtrot-alpha-150)
+* [joy/agrement-by-default-100](joy/agrement-by-default-100)
+* [joy/old-school-hacking-200](joy/old-school-hacking-200)
+* [joy/weird-selfie-100](joy/weird-selfie-100)
+* [joy/not-weird-selfie-200](joy/not-weird-selfie-200)
+* [stegano/run-the-image-400](stegano/run-the-image-400)
+* [stegano/strange-spam-100](stegano/strange-spam-100)
+* [stegano/the-great-thing-200](stegano/the-great-thing-200)
+* [stegano/tacticus-abilitus-100](stegano/tacticus-abilitus-100)
+* [reverse/school-incident-150](reverse/school-incident-150)
+* [reverse/strange-program-300](reverse/strange-program-300)
+* [web/shop-of-goodness-100](web/shop-of-goodness-100)
+* [web/junior-pentesting-300](web/junior-pentesting-300)
+* [web/stored-pass-100](web/stored-pass-100)
+* [web/unusual-redirection-300](web/unusual-redirection-300)

school-ctf-2015/crypto/affine-cipher-100/README.md

@@ -0,0 +1,25 @@
+# School CTF 2015: affine-cipher-100
+
+**Category:** Crypto
+**Points:** 100
+
+**Description:**
+
+> Decrypt the message, which was encrypted with following rules:
+>
+>     for each letter of cipher text its position in the alphabet is the position of the original letter multiplied by 4 and shifted by 15 character
+>
+>     shift over alphabet is cyclic, so 'z' shifted by 1 is '_' and '_' shifted by 1 is 'a'
+>
+>     aplhabet consists of letters from 'a' to 'z' and symbol '_'
+>
+>     letter 'a' has position 0, symbol '_' has position 26 ( following 'z' )
+>
+> Encrypted message: ifpmluglesecdlqp_rclfrseljpkq
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/crypto/bypassing-the-snake-400/README.md

@@ -0,0 +1,18 @@
+# School CTF 2015: bypassing-the-snake-400
+
+**Category:** Crypto
+**Points:** 400
+
+**Description:**
+
+> Who is the author of the phrase?
+>
+> Flag format: firstname_lastname, e.g. john_snow
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/crypto/bypassing-the-snake-400/bypass_5e7b13504f698bd9ee6a23594f212a6c1185c8f3.txt

@@ -0,0 +1,8 @@
+_.t_tisg
+eiyyr_1i
+mr_uopcp
+eecv_k__
+veeg_ogs
+srndto'_
+_ia_irue
+cngnesht

school-ctf-2015/crypto/crypto-lego-500/README.md

@@ -0,0 +1,18 @@
+# School CTF 2015: crypto-lego-500
+
+**Category:** Crypto
+**Points:** 500
+
+**Description:**
+
+> Creator of this task did not have Lego in his childhood. In desperation he has transformed letters of the input text in THIS. Try to recover the plain text.
+>
+> Flag format: english words in lower case separated with underscores, e.g. this_is_flag
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/crypto/super-digest-4-400/README.md

@@ -0,0 +1,17 @@
+# School CTF 2015: super-digest-4-400
+
+**Category:** Crypto
+**Points:** 400
+
+**Description:**
+
+> We desingned new super reliable hash function - Super Digest 4! It generates number (the same as a hash) for every string. We are sure that it is impossible to recover original string from the hash or get a collision. You can get its sources here
+>
+> We have a service opened for everyone, who wants to break our invention: nc sibears.ru 11311
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/crypto/super-digest-4-400/hashersd4_fce4de84c9cd9dd30f1f99ef9311ab7de15a8ecc.rb

@@ -0,0 +1,26 @@
+class Hasher
+    @@sd4_iv = 0
+    @@sd4_block_size = 4
+    @@sd4_alphabet = "abcdefghijklmnopqrstuvwxyz"
+    def sd4(line)
+        special_value = @@sd4_iv
+        if line.size % @@sd4_block_size != 0
+            line+="x"*(@@sd4_block_size - line.size % @@sd4_block_size)
+        end
+        (0...line.size).step(@@sd4_block_size) do |i|
+            current_block = line[i..i+@@sd4_block_size-1].bytes
+            special_value = sd4_round(special_value, current_block)
+        end
+        return special_value
+    end
+    def sd4_round(special_value, current_block)
+        sum = current_block.inject(0){ |res, elem| res+=elem }
+        sum += special_value
+        return sum
+    end
+end
+
+h = Hasher.new
+my_string = "my_string"
+hash = h.sd4(my_string)
+print "Hash: "+hash.to_s+"\n"

school-ctf-2015/crypto/super-digest-4-strong-500/README.md

@@ -0,0 +1,23 @@
+# School CTF 2015: super-digest-4-strong-500
+
+**Category:** Crypto
+**Points:** 500
+**Description:**
+
+> We suspect that our first version of Super Digest 4 isn't perfect. So we have modified it -- new sources here. Now it is very collision resistant. Large corporation, such as "Elgoog" use it to store password hashes.
+>
+> 8 main administrators work in "Elgoog". They don't like memorize many password. So, they have remembered one password for the foremost administrator and other 7 password is obtained from it by the left shift on 1 symbol.
+>
+> For example from password "1234567" can be obtained 7 other passwords:
+>
+> "23456781" "34567812" ... "81234567"
+>
+> We are rely on Super Digest 4 collision resistance and expierence of our lawyers and give anyone hashes of all passwords. Connect to our service and post password of the foremost administrator to get the flag: nc sibears.ru 11511
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/crypto/super-digest-4-strong-500/hashersd4_strong_5e9d301182849f3285098ff77dd7c30068be50e7.rb

@@ -0,0 +1,29 @@
+class Hasher
+    @@sd4_strong_iv = 0xdeadbeef
+    @@sd4_block_size = 4
+    @@sd4_strong_alphabet = "abcdefghijklmnopqrstuvwxyz_"
+    def sd4_round(special_value, current_block)
+        sum = 0
+        0.upto(current_block.size()-1) do |i|
+            sum = sum + current_block[i]
+        end
+        sum += special_value
+        return sum
+    end
+    def sd4_strong(line)
+        special_value = @@sd4_strong_iv
+        if line.size % @@sd4_block_size != 0
+            line+="x"*(@@sd4_block_size-line.size % @@sd4_block_size)
+            print "line: ", line, "\n"
+        end
+        (0...line.size).step(@@sd4_block_size) do |i|
+            current_block = line[i..i+@@sd4_block_size-1].bytes
+            special_value += sd4_round(special_value, current_block)
+        end
+        return special_value
+    end
+end
+
+h = Hasher.new
+my_line = "1234567887654321"
+print "Hash: ",h.sd4_strong(my_line),"\n"

school-ctf-2015/forensics/hidden-file-200/README.md

@@ -0,0 +1,15 @@
+# School CTF 2015: hidden-file-200
+
+**Category:** Forensics
+**Points:** 200
+
+**Description:**
+>See the picture
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/joy/agrement-by-default-100/README.md

@@ -0,0 +1,15 @@
+# School CTF 2015: agrement-by-default-100
+
+**Category:** Joy
+**Points:** 100
+**Description:**
+
+> "Where does a wise man hide a leaf? In the forest." link
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/joy/alpha-to-foxtrot-alpha-150/README.md

@@ -0,0 +1,17 @@
+# School CTF 2015: alpha-to-foxtrot-alpha-150
+
+**Category:** Joy
+**Points:** 150
+**Description:**
+
+> During the "#1337 accident" our specialist managed to intercept the radio exchange between aircrafts of our potential adversaries. Part of the message is still unclear to our cryptographers. Your Duty is to help us!
+>
+> Flag format: phrase_in_english
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/joy/darkness-200/README.md

@@ -0,0 +1,20 @@
+# School CTF 2015: darkness-200
+
+**Category:**
+**Points:**
+**Solves:**
+**Description:**
+
+> Hey everyone, that's again the guy with a fake Google Glass (-_-) Last year we didn't managed to get the password from the video, so I'm looking forward to revenge! Today I definitely can enter their intranet! I catch the moment when their boss login to the company's site using gesture password, but it's again too difficult for me >__<
+>
+> Here is a video (yea, yea again in that SUPERDUPERHD quality) And their intranet site URL, hopefully it's accessible through Internet: http://sibears.ru:11711
+>
+> Please help me to revenge on them!
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/joy/not-weird-selfie-200/README.md

@@ -0,0 +1,16 @@
+# School CTF 2015: not-weird-selfie-200
+
+**Category:** Joy
+**Points:** 200
+
+**Description:**
+
+> Tweet a picture of your team with a bear and use #schoolctf. We'll send you back the flag via personal messages.
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/joy/old-school-hacking-200/README.md

@@ -0,0 +1,15 @@
+# School CTF 2015: old-school-hacking-200
+
+**Category:** 
+**Points:** 
+**Solves:** 
+**Description:**
+
+> When you can't complete the game, it's time to use cheats.
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/joy/weird-selfie-100/README.md

@@ -0,0 +1,18 @@
+# School CTF 2015: weird-selfie-100
+
+**Category:** Joy
+**Points:** 100
+
+**Description:**
+
+> Somebody has hacked my email and now uses it to send weird selfies! Please help me to figure out the hacker's name!
+>
+> Flag format: firstname_lastname,e.g. john_snow
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/networks/misconfiguration-300/README.md

@@ -0,0 +1,18 @@
+# School CTF 2015: misconfiguration-300
+
+**Category:** Networks
+**Points:** 300
+
+**Description:**
+
+> They say there is a flag here but we can't get in. Google for the solution.
+>
+> If you find that some site is blocked by your internet provider you may use our proxy sibears.ru:22022
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/networks/tricky-authorization-200/README.md

@@ -0,0 +1,17 @@
+# School CTF 2015: tricky-authorization-200
+
+**Category:** Networks
+**Points:** 200
+**Description:**
+
+> There is some tricky authorization, will you take a look?
+>
+> nc sibears.ru 11811
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

school-ctf-2015/pwn/ssh-jail-500/README.md

@@ -0,0 +1,16 @@
+# School CTF 2015: ssh-jail-500
+
+**Category:** Pwn
+**Points:** 500
+
+**Description:**
+
+> Do u know what to do? $ ssh -p 11111 guest@sibears.ru password: guest
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet