MasterWard Profile
  • Introduction
  • Media Links
  • Resume
  • HackThebox Notes
    • RedPanda
    • Metatwo
  • CTF Contest Writeups
    • 2017
      • Takoma Park CTF
      • TUCTF 2017
      • HITCON CTF 2017 Quals
      • CSAW CTF Qualification Round 2017
      • SEC-T CTF
      • Backdoor CTF 2017
      • Hack Dat Kiwi 2017
      • Kaspersky 2017
      • Hack.lu 2017
      • HackCon 2017
      • Defcamp 2017
      • Square CTF 2017
      • Mitre 2017
      • EKOPARTY CTF 2017
    • 2018
      • SEC-T CTF
      • Hackcon 2018
      • EasyCTF IV 2018
      • DefCamp CTF Qualifiers
      • PACTF 2018
      • CSAW CTF Qualifiers 2018
      • PicoCTF 2018
    • 2019
      • Newark Academy CTF 2019
      • Crypto CTF 2019
      • PicoCTF 2019
        • General Skills
        • Binary Exploitations
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • TAMUctf 19
    • 2021
      • picoCTF 2021
        • General Skills
        • Binary Exploitation
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • HackiHoli
      • S.H.E.L.L CTF
      • DawgCTF 2021
      • TCTF 2021
      • RedPwnCTF 2021
      • IJCTF 2021
      • UIUCTF 2021
      • Really Awesome CTF 2021
      • TMUCTF 2021
      • CSAW Qualifiers 2021
      • Pbjar CTF 2021
      • Deadface CTF 2021
    • 2022
      • NahamCon CTF 2022
      • BYUCTF 2022
      • DEF CON Qualifiers 2022
    • Useful Code
  • Software
    • Video Standardization and Compression
    • TOBIAS
    • Tracking Phone
    • Image Compression
    • Do Not Call Database
    • Color Blind Simulator
    • Gmail Unsubscriber
    • MP4 to GIF Converter
    • Optical Character Reading
    • Soft Jobs
    • OBD Project
    • Online Movie Finder
    • Work In Progress
      • Incremental Backup
      • Web Scraper - Wallpaper Edition
      • Web Blocker
      • File Manipulator
      • AppFiller
      • Cyber Security Projects
      • Bsaber AI
    • Ideas
      • CAN Programming
      • Malicious Programs
      • Remove Yourself from the Internet
      • DNA Classic
      • Auto Clicker
      • Adding Depth to a Video
      • Collage Mosaic Generator
      • Game Destroyer
      • Hearing aid Technology
      • Sign Language Recognition
      • Text Summarizer
      • Video to audio to text
      • Video Object Detection
      • VR demonstration
      • More Ideas to Elaborate on
    • Failure
      • Police Camera Radar
      • Already Created
      • Google Maps Game
      • Car price prediction
      • Bullshit Detector
      • Automated Code writter
      • Career Prediction
      • Samsung Remote Control Hack
      • Invalid Finder
      • PiHole Regex Filter
      • Group Archiver
  • Additional Articles
    • Cleaning Up a Computer Tricks
    • Getting started in Cyber Security
    • Speeding Up Your Internet
    • College Experience
    • Currently Writting
      • Reverse Engineering Notes
      • Bug Bounty Guide and Examples
      • OSCP help
      • Job Experience
      • Professional Job-Hunting Experience
Powered by GitBook
On this page
  • phpfuck - Jail
  • baby_python - Jail
  • back_to_basics - Crypto

Was this helpful?

  1. CTF Contest Writeups
  2. 2021

UIUCTF 2021

PreviousIJCTF 2021NextReally Awesome CTF 2021

Last updated 3 years ago

Was this helpful?

phpfuck - Jail

Description

i hate php

author: arxenix

Solution

Going to the website at the top it says // Flag is inside ./flag.php :). When you go to that page it says no flag for you, but I don't believe that, so I view the source code and the flag is in the comments.

Flag: uiuctf{pl3as3_n0_m0rE_pHpee}

baby_python - Jail

Description

here's a warmup jail for you :) Python version is 3.8.10 and flag is at /flag

Note: this chal is not actually broken, just thought it would be a funny joke

nc baby-python.chal.uiuc.tf 1337

author: tow_nater

Challange.py File

import re

bad = bool(re.search(r'[^a-z\s]', (input := input())))

exec(input) if not bad else print('Input contained bad characters')

exit(bad)

Solution

Looking at regex it is clear, all we can use is characters and everything that comes to mind is some sort of symbol. I left to go do some auctions to realize, an error can be redirected and that is when I got the solution.

from code import interact as exit

Flag: uiuctf{just_kidding_about_the_chal_being_broken_lol_11a7b8}

back_to_basics - Crypto

Description

Shoutout to those people who think that base64 is proper encryption

author: epistemologist

Solution

Looking at the code we are encoding and decoding and so I read in the file and try brute force to see if any keys would work.

for a in ALPHABET:
	key = long_to_bytes(a)
	try:
		str1 = decrypt(line,key)
		x = str1.decode()
		print("The key", a, "is valid")
	except:
		print("The key", a, "is invalid")

It said 87 was the first character of key but it was still a long amount of text which meant the process would continue until you get the flag as the final string. The key is 16 characters... During the challenge, I just used a for loop and ran it 16 times to create my keyset. Note it did give 2 outputs sometimes, where it always was the first result.

keySet = [87, 77, 53, 90, 56, 67, 82, 74,48,66,88,74,68,74,53,87]
for k in keySet:
	line = decrypt(line, long_to_bytes(k))

After I modified the code to skip this and run 1 to find the answer.

from Crypto.Util.number import long_to_bytes, bytes_to_long
from gmpy2 import mpz, to_binary

ALPHABET = bytearray(b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#")

def base_n_decode(bytes_in, base):
	bytes_out = to_binary(mpz(bytes_in, base=base))[:1:-1]
	return bytes_out

def decrypt(bytes_in, key):
	out = bytes_in
	for i in key:
		out = base_n_decode(out, ALPHABET.index(i))
	return out


f = open("flag_enc", "rb")
line = f.read()
#baseKey = b"Z"
keyset = []
flagFound = False
while not flagFound:
	for a in ALPHABET:
		key = long_to_bytes(a)
		try:
			str1 = decrypt(line, key)
			x = str1.decode()
			keyset.append(key)
			line = decrypt(line, key)
			if b'ctf' in line:
				print(line)
				flagFound = True
			break
		except:
			x = "Key doesn't exist"

Flag: uiuctf{r4DixAL}

http://phpfuck.chal.uiuc.tf
808KB
back_to_basics.zip
archive
Files