Pragyan – Steganography

ctf.pragyan.org

Lost Friends – 300

Moana and her friends were out on a sea voyage, spending their summer joyously.
Unfortnately, they came across Charybdis, the sea monster. Charybdis, furious over having unknown visitors, wreaked havoc on their ship. The ship was lost.
 
Luckily, Moana survived, and she was swept to a nearby island. But, since then, she has not seen her friends. Moana has come to you for help. She believes that her friends are still alive, and that you are the only one who can help her find them.

Continue reading “Pragyan – Steganography”

Virtual Box 5 (Virtual Series) – 75

Description

I accidentally closed out this odd message I found. Can you get it back?

Solution

 

After searching around we open internet explorer and see the history open, a page was opened 10 days ago.

http://i.imgur.com/FQJ4JtO.png

Looks like some windings font, let’s convert it into english using this table

http://speakingppt.com/wp-content/uploads/2011/10/webdings-wingdings-character-map-speakingppt.png

ABCTF{ITS_C00L_L00KING_BACK}

Old RSA (Cryptography) – 70

Description

I’m sure you can retrieve the flag from this file.

Solution

We can lookup the factorization of N as it isn’t a very big number (comparatively)

http://www.factordb.com/index.php?query=70736025239265239976315088690174594021646654881626421461009089480870633400973

N =
70736025239265239976315088690174594021646654881626421461009089480870633400973

p =  238324208831434331628131715304428889871
q = 296805874594538235115008173244022912163

We can calulate Z from the formula

z = (p -1) * (q -1)

z = 70736025239265239976315088690174594021111524798200448894265949592322181598940
e = 3

We can calculate d from the formula

ed -1 = 0 (mod z)

d = 47157350159510159984210059126783062680741016532133632596177299728214787732627

And our message is C

c = 29846947519214575162497413725060412546119233216851184246267357770082463030225

The easiest way is to use the pycrypto library for python which will calculate all this very fast for us.

#!/usr/bin/python3

from Crypto.PublicKey import RSA

p = 238324208831434331628131715304428889871
q = 296805874594538235115008173244022912163

n = p * q
z = (p-1)*(q-1)

e = long(3)
d = 47157350159510159984210059126783062680741016532133632596177299728214787732627
c = 29846947519214575162497413725060412546119233216851184246267357770082463030225

key = RSA.construct((n, e, d, p, q))
decrypted = key.decrypt(c)
decrypted = hex(decrypted)
decrypted = decrypted.lstrip('0x')
decrypted = decrypted[:-1]
ascii_bytes = bytearray.fromhex(str(decrypted))
print(ascii_bytes)

ABCTF{th1s_was_h4rd_in_1980}

L33t H4xx0r (Web Exploitation) – 70

Description

If you could bypass the login you could get the flag. Link

Solution

Looking inside the source,we are directed to source.txt to look at the password comparison code.

http://yrmyzscnvh.abctf.xyz/web6/source.txt

The password is the flag itself! So we can’t be expected to guess it, we need to use the hint that there is a vulnerability in the code. After googling about php strcmp vulnerabilities we see that when comparing a string and an array, the result is always 0. So we need to set password to be an array in the URL.

http://yrmyzscnvh.abctf.xyz/web6/?password[]=oops

abctf{always_know_whats_going_on}

 

Slime Season 3 (Programming) – 60

Description

I only pay in coins because I’m hipster, but I forgot to bring my nickels today! But I really want to buy this elite gaming computer. What’s the smallest amount of coins you need to make $1,827.43 using quarters, dimes, and pennies.

Solution

Immediately, this rings dynamic programming bells on making change that I learnt in my algorithms class, however as this is american currency, we can simply use greedy instead. 

For the so-called canonical coin systems, like the one used in US and many other countries, a greedy algorithm of picking the largest denomination of coin which is not greater than the remaining amount to be made will produce the optimal result.[2] This is not the case for arbitrary coin systems, though: if the coin denominations were 1, 3 and 4, then to make 6, the greedy algorithm would choose three coins (4,1,1) whereas the optimal solution is two coins (3,3).

Therefore, we don’t need to use programming for this, we can simply just do the calculations by hand. 

7309 quarters + 1 dime + 7 pennies

ABCTF{7315}

 

MoonWalk (Forensics) – 60

Description

There is something a little off about this picture. If you could help us we could give you some points! Just find us a flag!

Solution

There doesn’t appear to be anything ABCTF related using strings, or any sort of “invisible” text after exploring the image in gimp.

We’re going to use the program binwalk to look into the PNG and see if there are any embedded files hiding inside the image. Binwalk will look for the headers of other files and see if they are hiding inside.

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 3200 x 2953, 8-bit/color RGBA, non-interlaced
85            0x55            Zlib compressed data, best compression
2757          0xAC5           Zlib compressed data, best compression
765455        0xBAE0F         JPEG image data, JFIF standard 1.01
765485        0xBAE2D         TIFF image data, big-endian, offset of first image directory: 8
1809691       0x1B9D1B        StuffIt Deluxe Segment (data): f

The JPEG is pretty interesting, at offset 765455, now all we need to do is extract it. We can use another program, foremost, to extract out the file from a given offset.

foremost -v -s 1494 PurpleThing.png

And we have extracted this cool looking image with our flag on it

ABCTF{PNG_SO_COOl}

WordPress.com.

Up ↑