[DuCTF'23] Proxed
DuCTF'23: Proxed This challenge is solved by changing a specific HTTP header to a hardcoded value.
If we look at the source code, we can see that the flag is returned when the variable ip matches 31.33.33.7.
if ip != "31.33.33.7" { message := fmt.Sprintf("untrusted IP: %s", ip) http.Error(w, message, http.StatusForbidden) return } else { w.Write([]byte(os.Getenv("FLAG"))) } So where does this variable ip come from? If we look at the start of the function, we see the following lines of code.
[DuCTF'23] BlinkyBill
DUCTF'23: BlinkyBIll This was a morse code steganography challenge which had a challenge file of around 10s. The challenge file can be downloaded here.
The Challenge The audio file was 10s long, with beeps of varying lengths. There were background noises in the audio too. The goal was to decrypt the hidden message within the audio file.
Solution The beeps gave it away that it was morse code. I put the wav file into Audacity, a free audio software.
[DuCTF'23] Pyny
DUCTF'23: Pyny This reverse engineering challenge from DuCTF 2023 was rather intresting as it played around with encodings, which is not commonly (to me at least) changed.
The Code #coding: punycode def _(): pass ('Correct!' if ('Enter the flag: ') == 'DUCTF{%s}' % _.____ else 'Wrong!')-gdd7dd23l3by980a4baunja1d4ukc3a3e39172b4sagce87ciajq2bi5atq4b9b3a3cy0gqa9019gtar0ck Explanation At first glance, the seemingly random characters at the end seem to be invalid Python code. However, if we look at the comment at the top, it states that it some sort of encoding called punycode.
[GreyCTF'23] CrashPython
GreyCTF'23: CrashPython This was a pretty simple python challenge that makes use of a segmentation fault (segfault). A segfault occurs when a program tries to access a memory location that it is not allowed to access.
The Challenge Explanation The main gist of this challenge was that there was a placeholder to input python code to run to cause a crash (through segmentation fault), but the code had to fulfil the requirements of the blacklist.
[SEETF'23] BabyRC4
SEETF'23: BabyRC4 This was one of the “easier” crypto challenge in SEETF, using the ARC4 (an implementation of RC4 cipher, a symmetric stream cipher).
The Challenge from Crypto.Cipher import ARC4 from os import urandom key = urandom(16) flag = b'SEE{?????????????????????????????????}'[::-1] def enc(ptxt): cipher = ARC4.new(key) return cipher.encrypt(ptxt) print(f"c0 = bytes.fromhex('{enc(flag).hex()}')") print(f"c1 = bytes.fromhex('{enc(b'a'*36).hex()}')") """ c0 = bytes.fromhex('b99665ef4329b168cc1d672dd51081b719e640286e1b0fb124403cb59ddb3cc74bda4fd85dfc') c1 = bytes.fromhex('a5c237b6102db668ce467579c702d5af4bec7e7d4c0831e3707438a6a3c818d019d555fc') """ Explanation Looking at the code, the challenge involves requiring to decrypt the flag value by reversing the encryption process.