-
Notifications
You must be signed in to change notification settings - Fork 723
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
📚 Add placeholders of School CTF 2015
- Loading branch information
Showing
43 changed files
with
632 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# School CTF CTF write-ups | ||
|
||
* <TODO> | ||
* [Scoreboard](TODO) or [local alternative](TODOLOCAL) | ||
|
||
## Completed write-ups | ||
|
||
* none yet | ||
|
||
## External write-ups only | ||
|
||
* none yet | ||
|
||
## Missing write-ups | ||
|
||
* [crypto/super-digest-4-400](crypto/super-digest-4-400) | ||
* [crypto/crypto-lego-500](crypto/crypto-lego-500) | ||
* [crypto/super-digest-4-strong-500](crypto/super-digest-4-strong-500) | ||
* [crypto/affine-cipher-100](crypto/affine-cipher-100) | ||
* [crypto/bypassing-the-snake-400](crypto/bypassing-the-snake-400) | ||
* [pwn/ssh-jail-500](pwn/ssh-jail-500) | ||
* [forensics/hidden-file-200](forensics/hidden-file-200) | ||
* [networks/misconfiguration-300](networks/misconfiguration-300) | ||
* [networks/tricky-authorization-200](networks/tricky-authorization-200) | ||
* [joy/darkness-200](joy/darkness-200) | ||
* [joy/alpha-to-foxtrot-alpha-150](joy/alpha-to-foxtrot-alpha-150) | ||
* [joy/agrement-by-default-100](joy/agrement-by-default-100) | ||
* [joy/old-school-hacking-200](joy/old-school-hacking-200) | ||
* [joy/weird-selfie-100](joy/weird-selfie-100) | ||
* [joy/not-weird-selfie-200](joy/not-weird-selfie-200) | ||
* [stegano/run-the-image-400](stegano/run-the-image-400) | ||
* [stegano/strange-spam-100](stegano/strange-spam-100) | ||
* [stegano/the-great-thing-200](stegano/the-great-thing-200) | ||
* [stegano/tacticus-abilitus-100](stegano/tacticus-abilitus-100) | ||
* [reverse/school-incident-150](reverse/school-incident-150) | ||
* [reverse/strange-program-300](reverse/strange-program-300) | ||
* [web/shop-of-goodness-100](web/shop-of-goodness-100) | ||
* [web/junior-pentesting-300](web/junior-pentesting-300) | ||
* [web/stored-pass-100](web/stored-pass-100) | ||
* [web/unusual-redirection-300](web/unusual-redirection-300) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# School CTF 2015: affine-cipher-100 | ||
|
||
**Category:** Crypto | ||
**Points:** 100 | ||
|
||
**Description:** | ||
|
||
> Decrypt the message, which was encrypted with following rules: | ||
> | ||
> for each letter of cipher text its position in the alphabet is the position of the original letter multiplied by 4 and shifted by 15 character | ||
> | ||
> shift over alphabet is cyclic, so 'z' shifted by 1 is '_' and '_' shifted by 1 is 'a' | ||
> | ||
> aplhabet consists of letters from 'a' to 'z' and symbol '_' | ||
> | ||
> letter 'a' has position 0, symbol '_' has position 26 ( following 'z' ) | ||
> | ||
> Encrypted message: ifpmluglesecdlqp_rclfrseljpkq | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# School CTF 2015: bypassing-the-snake-400 | ||
|
||
**Category:** Crypto | ||
**Points:** 400 | ||
|
||
**Description:** | ||
|
||
> Who is the author of the phrase? | ||
> | ||
> Flag format: firstname_lastname, e.g. john_snow | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
8 changes: 8 additions & 0 deletions
8
...f-2015/crypto/bypassing-the-snake-400/bypass_5e7b13504f698bd9ee6a23594f212a6c1185c8f3.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
_.t_tisg | ||
eiyyr_1i | ||
mr_uopcp | ||
eecv_k__ | ||
veeg_ogs | ||
srndto'_ | ||
_ia_irue | ||
cngnesht |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# School CTF 2015: crypto-lego-500 | ||
|
||
**Category:** Crypto | ||
**Points:** 500 | ||
|
||
**Description:** | ||
|
||
> Creator of this task did not have Lego in his childhood. In desperation he has transformed letters of the input text in THIS. Try to recover the plain text. | ||
> | ||
> Flag format: english words in lower case separated with underscores, e.g. this_is_flag | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+11.5 KB
...f-2015/crypto/crypto-lego-500/this_6efac16b673cac35405f0fbb7400d715a8b6e33b.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# School CTF 2015: super-digest-4-400 | ||
|
||
**Category:** Crypto | ||
**Points:** 400 | ||
|
||
**Description:** | ||
|
||
> We desingned new super reliable hash function - Super Digest 4! It generates number (the same as a hash) for every string. We are sure that it is impossible to recover original string from the hash or get a collision. You can get its sources here | ||
> | ||
> We have a service opened for everyone, who wants to break our invention: nc sibears.ru 11311 | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
26 changes: 26 additions & 0 deletions
26
...-ctf-2015/crypto/super-digest-4-400/hashersd4_fce4de84c9cd9dd30f1f99ef9311ab7de15a8ecc.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
class Hasher | ||
@@sd4_iv = 0 | ||
@@sd4_block_size = 4 | ||
@@sd4_alphabet = "abcdefghijklmnopqrstuvwxyz" | ||
def sd4(line) | ||
special_value = @@sd4_iv | ||
if line.size % @@sd4_block_size != 0 | ||
line+="x"*(@@sd4_block_size - line.size % @@sd4_block_size) | ||
end | ||
(0...line.size).step(@@sd4_block_size) do |i| | ||
current_block = line[i..i+@@sd4_block_size-1].bytes | ||
special_value = sd4_round(special_value, current_block) | ||
end | ||
return special_value | ||
end | ||
def sd4_round(special_value, current_block) | ||
sum = current_block.inject(0){ |res, elem| res+=elem } | ||
sum += special_value | ||
return sum | ||
end | ||
end | ||
|
||
h = Hasher.new | ||
my_string = "my_string" | ||
hash = h.sd4(my_string) | ||
print "Hash: "+hash.to_s+"\n" |
23 changes: 23 additions & 0 deletions
23
school-ctf-2015/crypto/super-digest-4-strong-500/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# School CTF 2015: super-digest-4-strong-500 | ||
|
||
**Category:** Crypto | ||
**Points:** 500 | ||
**Description:** | ||
|
||
> We suspect that our first version of Super Digest 4 isn't perfect. So we have modified it -- new sources here. Now it is very collision resistant. Large corporation, such as "Elgoog" use it to store password hashes. | ||
> | ||
> 8 main administrators work in "Elgoog". They don't like memorize many password. So, they have remembered one password for the foremost administrator and other 7 password is obtained from it by the left shift on 1 symbol. | ||
> | ||
> For example from password "1234567" can be obtained 7 other passwords: | ||
> | ||
> "23456781" "34567812" ... "81234567" | ||
> | ||
> We are rely on Super Digest 4 collision resistance and expierence of our lawyers and give anyone hashes of all passwords. Connect to our service and post password of the foremost administrator to get the flag: nc sibears.ru 11511 | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
29 changes: 29 additions & 0 deletions
29
...to/super-digest-4-strong-500/hashersd4_strong_5e9d301182849f3285098ff77dd7c30068be50e7.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
class Hasher | ||
@@sd4_strong_iv = 0xdeadbeef | ||
@@sd4_block_size = 4 | ||
@@sd4_strong_alphabet = "abcdefghijklmnopqrstuvwxyz_" | ||
def sd4_round(special_value, current_block) | ||
sum = 0 | ||
0.upto(current_block.size()-1) do |i| | ||
sum = sum + current_block[i] | ||
end | ||
sum += special_value | ||
return sum | ||
end | ||
def sd4_strong(line) | ||
special_value = @@sd4_strong_iv | ||
if line.size % @@sd4_block_size != 0 | ||
line+="x"*(@@sd4_block_size-line.size % @@sd4_block_size) | ||
print "line: ", line, "\n" | ||
end | ||
(0...line.size).step(@@sd4_block_size) do |i| | ||
current_block = line[i..i+@@sd4_block_size-1].bytes | ||
special_value += sd4_round(special_value, current_block) | ||
end | ||
return special_value | ||
end | ||
end | ||
|
||
h = Hasher.new | ||
my_line = "1234567887654321" | ||
print "Hash: ",h.sd4_strong(my_line),"\n" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# School CTF 2015: hidden-file-200 | ||
|
||
**Category:** Forensics | ||
**Points:** 200 | ||
|
||
**Description:** | ||
>See the picture | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+49.7 KB
...l-ctf-2015/forensics/hidden-file-200/archive_aa0ff96d678e0d96f808e7ac50c07fa65c9aceed.zip
Binary file not shown.
Binary file added
BIN
+189 KB
...2015/forensics/hidden-file-200/eng_d57d2fcf49801b8156b08a4cebb3fdc44c11466f.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# School CTF 2015: agrement-by-default-100 | ||
|
||
**Category:** Joy | ||
**Points:** 100 | ||
**Description:** | ||
|
||
> "Where does a wise man hide a leaf? In the forest." link | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+297 KB
...5/joy/agrement-by-default-100/SchoolCTF_task_c8b185952f39192dbbe342233ad876dcf583fc4a.exe
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# School CTF 2015: alpha-to-foxtrot-alpha-150 | ||
|
||
**Category:** Joy | ||
**Points:** 150 | ||
**Description:** | ||
|
||
> During the "#1337 accident" our specialist managed to intercept the radio exchange between aircrafts of our potential adversaries. Part of the message is still unclear to our cryptographers. Your Duty is to help us! | ||
> | ||
> Flag format: phrase_in_english | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+648 KB
...ctf-2015/joy/alpha-to-foxtrot-alpha-150/task_697439f365a93e2471e46ef3720a1494fd8da37f.wav
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# School CTF 2015: darkness-200 | ||
|
||
**Category:** | ||
**Points:** | ||
**Solves:** | ||
**Description:** | ||
|
||
> Hey everyone, that's again the guy with a fake Google Glass (-_-) Last year we didn't managed to get the password from the video, so I'm looking forward to revenge! Today I definitely can enter their intranet! I catch the moment when their boss login to the company's site using gesture password, but it's again too difficult for me >__< | ||
> | ||
> Here is a video (yea, yea again in that SUPERDUPERHD quality) And their intranet site URL, hopefully it's accessible through Internet: http://sibears.ru:11711 | ||
> | ||
> Please help me to revenge on them! | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+131 KB
school-ctf-2015/joy/darkness-200/VIDEO0002_d462e118169ca15dca15582470983b92badfac06.3gp
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# School CTF 2015: not-weird-selfie-200 | ||
|
||
**Category:** Joy | ||
**Points:** 200 | ||
|
||
**Description:** | ||
|
||
> Tweet a picture of your team with a bear and use #schoolctf. We'll send you back the flag via personal messages. | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# School CTF 2015: old-school-hacking-200 | ||
|
||
**Category:** | ||
**Points:** | ||
**Solves:** | ||
**Description:** | ||
|
||
> When you can't complete the game, it's time to use cheats. | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+16.5 KB
...ol-ctf-2015/joy/old-school-hacking-200/saper_52f8b3bc28e181fc5832918cd037f28c44c30403.exe
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# School CTF 2015: weird-selfie-100 | ||
|
||
**Category:** Joy | ||
**Points:** 100 | ||
|
||
**Description:** | ||
|
||
> Somebody has hacked my email and now uses it to send weird selfies! Please help me to figure out the hacker's name! | ||
> | ||
> Flag format: firstname_lastname,e.g. john_snow | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+252 KB
...f-2015/joy/weird-selfie-100/selfie_8f7931f9ae811eee98317bf4450b0d7fb2cda836.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# School CTF 2015: misconfiguration-300 | ||
|
||
**Category:** Networks | ||
**Points:** 300 | ||
|
||
**Description:** | ||
|
||
> They say there is a flag here but we can't get in. Google for the solution. | ||
> | ||
> If you find that some site is blocked by your internet provider you may use our proxy sibears.ru:22022 | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
17 changes: 17 additions & 0 deletions
17
school-ctf-2015/networks/tricky-authorization-200/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# School CTF 2015: tricky-authorization-200 | ||
|
||
**Category:** Networks | ||
**Points:** 200 | ||
**Description:** | ||
|
||
> There is some tricky authorization, will you take a look? | ||
> | ||
> nc sibears.ru 11811 | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Binary file added
BIN
+19.9 KB
...2015/networks/tricky-authorization-200/task_35f2cc9bcf7e8d5ca53bb29764f323ca32aa14e8.pcap
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# School CTF 2015: ssh-jail-500 | ||
|
||
**Category:** Pwn | ||
**Points:** 500 | ||
|
||
**Description:** | ||
|
||
> Do u know what to do? $ ssh -p 11111 guest@sibears.ru password: guest | ||
## Write-up | ||
|
||
(TODO) | ||
|
||
## Other write-ups and resources | ||
|
||
* none yet |
Oops, something went wrong.