N1ghth4wks
Search…
UIUCTF 2021

phpfuck - Jail

Description
i hate php
author: arxenix
Solution
Going to the website at the top it says // Flag is inside ./flag.php :). When you go to that page it says no flag for you, but I don't believe that, so I view the source code and the flag is in the comments.
Flag: uiuctf{pl3as3_n0_m0rE_pHpee}

baby_python - Jail

Description
here's a warmup jail for you :) Python version is 3.8.10 and flag is at /flag
Note: this chal is not actually broken, just thought it would be a funny joke
nc baby-python.chal.uiuc.tf 1337
author: tow_nater
Challange.py File
import re
bad = bool(re.search(r'[^a-z\s]', (input := input())))
exec(input) if not bad else print('Input contained bad characters')
exit(bad)
Solution
Looking at regex it is clear, all we can use is characters and everything that comes to mind is some sort of symbol. I left to go do some auctions to realize, an error can be redirected and that is when I got the solution.
from code import interact as exit
Flag: uiuctf{just_kidding_about_the_chal_being_broken_lol_11a7b8}

back_to_basics - Crypto

Description
Shoutout to those people who think that base64 is proper encryption
author: epistemologist
back_to_basics.zip
808KB
Binary
Files
Solution
Looking at the code we are encoding and decoding and so I read in the file and try brute force to see if any keys would work.
for a in ALPHABET:
key = long_to_bytes(a)
try:
str1 = decrypt(line,key)
x = str1.decode()
print("The key", a, "is valid")
except:
print("The key", a, "is invalid")
It said 87 was the first character of key but it was still a long amount of text which meant the process would continue until you get the flag as the final string. The key is 16 characters... During the challenge, I just used a for loop and ran it 16 times to create my keyset. Note it did give 2 outputs sometimes, where it always was the first result.
keySet = [87, 77, 53, 90, 56, 67, 82, 74,48,66,88,74,68,74,53,87]
for k in keySet:
line = decrypt(line, long_to_bytes(k))
After I modified the code to skip this and run 1 to find the answer.
from Crypto.Util.number import long_to_bytes, bytes_to_long
from gmpy2 import mpz, to_binary
ALPHABET = bytearray(b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#")
def base_n_decode(bytes_in, base):
bytes_out = to_binary(mpz(bytes_in, base=base))[:1:-1]
return bytes_out
def decrypt(bytes_in, key):
out = bytes_in
for i in key:
out = base_n_decode(out, ALPHABET.index(i))
return out
f = open("flag_enc", "rb")
line = f.read()
#baseKey = b"Z"
keyset = []
flagFound = False
while not flagFound:
for a in ALPHABET:
key = long_to_bytes(a)
try:
str1 = decrypt(line, key)
x = str1.decode()
keyset.append(key)
line = decrypt(line, key)
if b'ctf' in line:
print(line)
flagFound = True
break
except:
x = "Key doesn't exist"
Flag: uiuctf{r4DixAL}