N1ghth4wks
Search…
Introduction
Media Links
Resume
CTF Writeups
CTF Contest
2017
2018
2019
2021
picoCTF 2021
HackiHoli
S.H.E.L.L CTF
DawgCTF 2021
TCTF 2021
RedPwnCTF 2021
IJCTF 2021
UIUCTF 2021
Really Awesome CTF 2021
TMUCTF 2021
CSAW Qualifiers 2021
Pbjar CTF 2021
Deadface CTF 2021
2022
Useful Code
Software
Tracking Phone
TOBIAS
Do Not Call Database
Color Blind Simulator
Gmail Unsubscriber
MP4 to GIF Converter
Optical Character Reading
Image Compression
Soft Jobs
OBD Project
Work In Progress
Ideas
Failure
Additional Articles
Cleaning Up a Computer Tricks
Getting started in Cyber Security
Speeding Up Your Internet
Reverse Engineering Notes
Currently Writting
Powered By GitBook
UIUCTF 2021

phpfuck - Jail

Description
i hate php
​http://phpfuck.chal.uiuc.tf​
author: arxenix
Solution
Going to the website at the top it says // Flag is inside ./flag.php :). When you go to that page it says no flag for you, but I don't believe that, so I view the source code and the flag is in the comments.
Flag: uiuctf{pl3as3_n0_m0rE_pHpee}

baby_python - Jail

Description
here's a warmup jail for you :) Python version is 3.8.10 and flag is at /flag
Note: this chal is not actually broken, just thought it would be a funny joke
nc baby-python.chal.uiuc.tf 1337
author: tow_nater
Challange.py File
import re
bad = bool(re.search(r'[^a-z\s]', (input := input())))
exec(input) if not bad else print('Input contained bad characters')
exit(bad)
Solution
Looking at regex it is clear, all we can use is characters and everything that comes to mind is some sort of symbol. I left to go do some auctions to realize, an error can be redirected and that is when I got the solution.
from code import interact as exit
Flag: uiuctf{just_kidding_about_the_chal_being_broken_lol_11a7b8}

back_to_basics - Crypto

Description
Shoutout to those people who think that base64 is proper encryption
author: epistemologist
back_to_basics.zip
808KB
Binary
Files
Solution
Looking at the code we are encoding and decoding and so I read in the file and try brute force to see if any keys would work.
for a in ALPHABET:
key = long_to_bytes(a)
try:
str1 = decrypt(line,key)
x = str1.decode()
print("The key", a, "is valid")
except:
print("The key", a, "is invalid")
It said 87 was the first character of key but it was still a long amount of text which meant the process would continue until you get the flag as the final string. The key is 16 characters... During the challenge, I just used a for loop and ran it 16 times to create my keyset. Note it did give 2 outputs sometimes, where it always was the first result.
keySet = [87, 77, 53, 90, 56, 67, 82, 74,48,66,88,74,68,74,53,87]
for k in keySet:
line = decrypt(line, long_to_bytes(k))
After I modified the code to skip this and run 1 to find the answer.
from Crypto.Util.number import long_to_bytes, bytes_to_long
from gmpy2 import mpz, to_binary
​
ALPHABET = bytearray(b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#")
​
def base_n_decode(bytes_in, base):
bytes_out = to_binary(mpz(bytes_in, base=base))[:1:-1]
return bytes_out
​
def decrypt(bytes_in, key):
out = bytes_in
for i in key:
out = base_n_decode(out, ALPHABET.index(i))
return out
​
​
f = open("flag_enc", "rb")
line = f.read()
#baseKey = b"Z"
keyset = []
flagFound = False
while not flagFound:
for a in ALPHABET:
key = long_to_bytes(a)
try:
str1 = decrypt(line, key)
x = str1.decode()
keyset.append(key)
line = decrypt(line, key)
if b'ctf' in line:
print(line)
flagFound = True
break
except:
x = "Key doesn't exist"
Flag: uiuctf{r4DixAL}
​
Previous
IJCTF 2021
Next
Really Awesome CTF 2021
Last modified 11mo ago
Copy link
Outline
phpfuck - Jail
baby_python - Jail
back_to_basics - Crypto