⏪
CTFs
TwitterGithub
  • 👋Introduction
  • 📚Write Up
    • 2024
      • 📖1337UP LIVE CTF
        • Reverse Engineering
        • Mobile
        • Forensic
        • Misc
      • 📖HKCERT CTF Quals
        • Reverse Engineering
        • Binary Exploitation
      • 📖Flare-On 11
        • Challenge #1 - frog
      • 📖Intechfest
        • Reverse Engineering
        • Forensic
        • Cryptography
        • Mobile
      • 📖Cyber Breaker Competition (1v1)
        • Reverse Engineering
        • Web Exploitation
        • Cryptography
        • Binary Exploitation
      • 📖Cyber Breaker Competition Quals
        • Reverse Engineering
        • Web Exploitation
        • Cryptography
      • 📖BlackHat MEA Quals
        • Reverse Engineering
        • Forensic
      • 📖TFC CTF
        • Reverse Engineering
        • Forensic
        • Misc
      • 📖DeadSec CTF
        • Reverse Engineering
        • Web Exploitation
      • 📖Aptos - Code Collision CTF
        • Reverse Engineering
        • Misc
      • 📖DownUnder CTF
        • Reverse Engineering
      • 📖JustCTF
        • Reverse Engineering
        • Forensic
        • Misc
      • 📖Akasec CTF
        • Reverse Engineering
        • Forensic
      • 📖Codegate CTF Preliminary
        • Reverse Engineering
      • 📖NahamCon CTF
        • Cryptography
        • Reverse Engineering
        • Malware
        • Misc
        • Mobile
        • Scripting
        • Web Exploitation
        • Forensic
      • 📖SAS CTF Quals
        • Reverse Engineering
      • 📖SwampCTF
        • Reverse Engineering
        • Misc
        • Cryptography
      • 📖UNbreakable International
        • Reverse Engineering
        • Network
        • Cryptography
      • 📖ACSC
        • Reverse Engineering
        • Hardware
        • Web Exploitation
      • 📖0xL4ugh
        • Mobile
    • 2023
      • 📖BlackHat MEA Final
        • Reverse Engineering
        • Web Exploitation
      • 📖Flare-On 10
        • Challenge #1 - X
        • Challenge #2 - ItsOnFire
        • Challenge #3 - mypassion
        • Challenge #4 - aimbot
        • Challenge #5 - where_am_i
        • Challenge #6 - FlareSay
        • Challenge #7 - flake
        • Challenge #8 - AmongRust
        • Challenge #9 - mbransom
        • Challenge #10 - kupo
        • Challenge #11 - over_the_rainbow
        • Challenge #12 - HVM
        • Challenge #13 - y0da
      • 📖LakeCTF Quals
        • Reverse Engineering
        • Cryptography
      • 📖TSG CTF
        • Reverse Engineering
        • Cryptography
      • 📖ISITDTU Quals
        • Web Exploitation
        • Misc
        • Reverse Engineering
      • 📖BlackHat MEA Quals
        • Reverse Engineering
      • 📖ASCIS Final
        • Reverse Engineering
        • Web Exploitation
        • Cryptography
      • 📖ASCIS Quals
        • Reverse Engineering
        • Forensic
        • Cryptography
      • 📖IFest
        • Reverse Engineering
        • Cryptography
        • Misc
      • 📖Cyber Jawara International
        • Reverse Engineering
        • Forensic
        • Cryptography
        • Web Exploitation
      • 📖Intechfest
        • Reverse Engineering
        • Forensic
        • Cryptography
        • Mobile
      • 📖CSAW Quals
        • Reverse Engineering
      • 📖SECCON Quals
        • Reverse Engineering
      • 📖CTFZone Quals
        • Reverse Engineering
      • 📖Securinets Quals
        • Reverse Engineering
      • 📖Compfest Final (Attack Defense)
        • Web Exploitation
        • Cryptography
      • 📖Compfest Quals
        • Reverse Engineering
        • Cryptography
        • Forensic
        • Misc
      • 📖Tenable
        • Reverse Engineering
        • Cryptography
        • Steganography
      • 📖ASCWG Quals
        • Reverse Engineering
        • Cryptography
      • 📖Gemastik Quals
        • Reverse Engineering
      • 📖BSides Indore
        • Reverse Engineering
        • Cryptography
      • 📖NahamCon CTF
        • Cryptography
      • 📖HSCTF
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
        • Misc
      • 📖ACSC
        • Reverse Engineering
      • 📖HackTM Quals
        • Reverse Engineering
    • 2022
      • 📖Intechfest
        • Reverse Engineering
        • Mobile
        • Cryptography
      • 📖NCW Final
        • Reverse Engineering
      • 📖NCW Quals
        • Reverse Engineering
        • Misc
        • Cryptography
      • 📖Compfest Final
        • Reverse Engineering
        • Forensic
      • 📖Compfest Quals
        • Reverse Engineering
        • Cryptography
      • 📖IFest
        • Reverse Engineering
        • Cryptography
        • Forensic
    • 2021
      • 📖Cyber Jawara Final
        • Reverse Engineering
      • 📖Cyber Jawara Quals
        • Reverse Engineering
        • Cryptography
      • 📖DarkCon CTF
        • Reverse Engineering
      • 📖Wreck IT Quals
        • Mobile
      • 📖MDT4.0 Final
        • Reverse Engineering
        • Cryptography
        • Forensic
      • 📖MDT4.0 Quals
        • Reverse Engineering
        • Cryptography
      • 📖IFest
        • Reverse Engineering
        • Cryptography
      • 📖Compfest Final
        • Reverse Engineering
      • 📖Compfest Quals
        • Reverse Engineering
        • Cryptography
    • 2020
      • 📖Deep CTF
        • Reverse Engineering
  • 🚩Lifetime CTF
    • 📖Hack The Box
      • Reverse Engineering
        • TBU
Powered by GitBook
On this page
  • (s)tri(pes)angle love (120 pts)
  • Description
  • Solution
  • Berhitung! (260 pts)
  • Description
  • Solution
  • One Time Credentials (380 pts)
  • Description
  • Solution
  1. Write Up
  2. 2023
  3. IFest

Misc

PreviousCryptographyNextCyber Jawara International

Last updated 9 months ago

Challenge
Link

(s)tri(pes)angle love (120 pts)

Berhitung! (260 pts)

One Time Credentials (380 pts)

(s)tri(pes)angle love (120 pts)

Description

-

Solution

Diberikan screenshot sebagai berikut

Terdapat username spotify lalu search username tersebut di spotify. Klik bagian following dan kemudian cek manual masing-masing akun yang difollow. User Caltimurti terlihat mencurigakan, lihat followingnya ada 2 user yang bukan artis yaitu Joosph dan janethseame.

Selanjutnya klik masing-masing profil dan didapatkan ada 2 gambar yang terlihat seperti foto couple (berdampingan) pada masing-masing akun

Selanjutnya tinggal submit username sesuai format

Flag : IFEST23{Joosph_janethseame}

Berhitung! (260 pts)

Description

-

Solution

Diberikan dokuman dengan isi sebagai berikut

Jadi intinya kita diharuskan mencari sequence dengan total terbesar pada suatu matrix. Disini kami menggunakan algoritma DFS tanpa mencatat visited path dengan delapan arah (karena bisa diagonal) dengan catatan nilai yang berdampingan sequential. Berikut solver yang kami gunakan

from pwn import *

def dfs(matrix , row, col, result): # vanilla dfs
    global max_values
    directions = [(-1, 0), (1, 0), (0, -1), (0, 1), (-1, -1), (-1, 1), (1, -1), (1, 1)]

    rows, cols = len(matrix), len(matrix[0])

    curr_val = matrix[row][col]

    for dr, dc in directions:
        newRow, newCol = row + dr, col + dc
        if 0 <= newRow < rows and 0 <= newCol < cols:
            new_val = matrix[newRow][newCol]
            if(curr_val+1 == new_val):
                result += new_val
                dfs(matrix , newRow, newCol, result)
            else:
                if(result > max_values):
                    max_values = result

context.log_level = 'error'
while True:
    r = remote("103.152.242.235", 26693)
    for _ in range(10):
        r.recvline()
        zz = r.recvline()
        print(_, zz)
        if(b'sedih' in zz):
            r.close()
            break
        rows = 50
        cols = 50
        matrix = []
        for i in range(50):
            matrix.append(list(map(int,r.recvline().strip().decode().split(' '))))
            if(i == 0):
                print(matrix[0])
        max_values = -1
        
        for i in range(rows):
            for j in range(cols):
                startRow, startCol = i, j
                dfs(matrix, startRow, startCol, matrix[startRow][startCol])
        
        r.sendline(str(max_values).encode())
        
    # r.interactive()

Flag : IFEST23{if_CP_Enjoyer_exist_why_dont_CTF_Enjoyer_exist}

One Time Credentials (380 pts)

Description

-

Solution

Diberikan contract, abi, dan URL RPC. Dari abi dapat diketahui bahwa setiap fungsi yang ada tidak memerlukan input, jadi tinggal panggil saja. Setelah melihat flow dari nc kami ketahui bahwa ini seperti OTP, generate random credentials untuk login lalu masukkan OTP. Semua data tinggal panggil saja pada contract yang disediakan. Berikut solver yang kami gunakan

from web3 import Web3

node_url = "https://eth-sepolia.g.alchemy.com/v2/SMfUKiFXRNaIsjRSccFuYCq8Q3QJgks8"

web3 = Web3(Web3.HTTPProvider(node_url))

abi = '[{"inputs":[],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"getEverything","outputs":[{"internalType":"uint256","name":"otp","type":"uint256"},{"internalType":"string","name":"passphrase","type":"string"},{"internalType":"string","name":"decryptedFlag","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getIdentity","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getOTP","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getPassphrase","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"help","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"pure","type":"function"}]'


caller = "0xF8dF23AFf40338c42aE9693f6242a0Ee24E5eDac"
private_key = "aff00a764af83a30cf3bcbb4667c5fcec6bf7830147b73b2b8b07d6ae09f60cc"  # To sign the transaction

contract_address = "0x22420C6261054E5A5d5277fFcE0993D8223e5ccd"


contract = web3.eth.contract(address=contract_address, abi=abi)
print(contract.functions.help().call())
print(contract.functions.getEverything().call())

Flag : IFEST23{2ddafab8af0fd9bb86cb0680238b1717fd1b2a22d46fff9a4a1767b0c39c7716}

Tulis ulang pesan yang dikirimkan oleh alesha yang terlihat seperti url pada instagram. Akses instagram, lalu pilih salah satu post dan ternyata formatnya mirip jadi tinggal tambahkan saja dengan sehingga menjadi .

📚
📖
https://www.instagram.com/p/
https://www.instagram.com/p/CwkCHG8SuMH/
Here
Here
Here