UIUCTF 2021

phpfuck - Jail

Description

i hate php

http://phpfuck.chal.uiuc.tf

author: arxenix

Solution

Going to the website at the top it says // Flag is inside ./flag.php :). When you go to that page it says no flag for you, but I don't believe that, so I view the source code and the flag is in the comments.

Flag: uiuctf{pl3as3_n0_m0rE_pHpee}

baby_python - Jail

Description

here's a warmup jail for you :) Python version is 3.8.10 and flag is at /flag

Note: this chal is not actually broken, just thought it would be a funny joke

nc baby-python.chal.uiuc.tf 1337

author: tow_nater

Challange.py File

import re

bad = bool(re.search(r'[^a-z\s]', (input := input())))

exec(input) if not bad else print('Input contained bad characters')

exit(bad)

Solution

Looking at regex it is clear, all we can use is characters and everything that comes to mind is some sort of symbol. I left to go do some auctions to realize, an error can be redirected and that is when I got the solution.

from code import interact as exit

Flag: uiuctf{just_kidding_about_the_chal_being_broken_lol_11a7b8}

back_to_basics - Crypto

Description

Shoutout to those people who think that base64 is proper encryption

author: epistemologist

808KB
back_to_basics.zip
archive
Files

Solution

Looking at the code we are encoding and decoding and so I read in the file and try brute force to see if any keys would work.

for a in ALPHABET:
	key = long_to_bytes(a)
	try:
		str1 = decrypt(line,key)
		x = str1.decode()
		print("The key", a, "is valid")
	except:
		print("The key", a, "is invalid")

It said 87 was the first character of key but it was still a long amount of text which meant the process would continue until you get the flag as the final string. The key is 16 characters... During the challenge, I just used a for loop and ran it 16 times to create my keyset. Note it did give 2 outputs sometimes, where it always was the first result.

keySet = [87, 77, 53, 90, 56, 67, 82, 74,48,66,88,74,68,74,53,87]
for k in keySet:
	line = decrypt(line, long_to_bytes(k))

After I modified the code to skip this and run 1 to find the answer.

from Crypto.Util.number import long_to_bytes, bytes_to_long
from gmpy2 import mpz, to_binary

ALPHABET = bytearray(b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#")

def base_n_decode(bytes_in, base):
	bytes_out = to_binary(mpz(bytes_in, base=base))[:1:-1]
	return bytes_out

def decrypt(bytes_in, key):
	out = bytes_in
	for i in key:
		out = base_n_decode(out, ALPHABET.index(i))
	return out


f = open("flag_enc", "rb")
line = f.read()
#baseKey = b"Z"
keyset = []
flagFound = False
while not flagFound:
	for a in ALPHABET:
		key = long_to_bytes(a)
		try:
			str1 = decrypt(line, key)
			x = str1.decode()
			keyset.append(key)
			line = decrypt(line, key)
			if b'ctf' in line:
				print(line)
				flagFound = True
			break
		except:
			x = "Key doesn't exist"

Flag: uiuctf{r4DixAL}

PreviousIJCTF 2021NextReally Awesome CTF 2021

Last updated

Was this helpful?