Commit c553300
2020-06-08 07:47:50
Changed files (17)
2020-04-06_UTA-ctf
2020-06-08_5ctf
inziption
2016-12-02_AOC-2016/d1p1.py
@@ -0,0 +1,13 @@
+
+EBHQ_dir = "L5, R1, R3, L4, R3, R1, L3, L2, R3, L5, L1, L2, R5, L1, R5, R1, L4, R1, R3, L4, L1, R2, R5, R3, R1, R1, L1, R1, L1, L2, L1, R2, L5, L188, L4, R1, R4, L3, R47, R1, L1, R77, R5, L2, R1, L2, R4, L5, L1, R3, R187, L4, L3, L3, R2, L3, L5, L4, L4, R1, R5, L4, L3, L3, L3, L2, L5, R1, L2, R5, L3, L4, R4, L5, R3, R4, L2, L1, L4, R1, L3, R1, R3, L2, R1, R4, R5, L3, R5, R3, L3, R4, L2, L5, L1, L1, R3, R1, L4, R3, R3, L2, R5, R4, R1, R3, L4, R3, R3, L2, L4, L5, R1, L4, L5, R4, L2, L1, L3, L3, L5, R3, L4, L3, R5, R4, R2, L4, R2, R3, L3, R4, L1, L3, R2, R1, R5, L4, L5, L5, R4, L5, L2, L4, R4, R4, R1, L3, L2, L4, R3"
+facing = 0
+distance = [0,0,0,0]
+for d in EBHQ_dir.split(", "):
+ if d[0] == "L":
+ facing = (facing -1) % 4
+ distance[facing] += int(d[1:])
+ elif d[0] == "R":
+ facing = (facing +1) % 4
+ distance[facing] += int(d[1:])
+
+print abs(distance[0]-distance[2]) + abs(distance[1]-distance[3])
2016-12-02_AOC-2016/d1p2.py
@@ -0,0 +1,31 @@
+
+def loc (d) :
+ return (d[0]-d[2]), (d[1]-d[3])
+
+EBHQ_dir = "L5, R1, R3, L4, R3, R1, L3, L2, R3, L5, L1, L2, R5, L1, R5, R1, L4, R1, R3, L4, L1, R2, R5, R3, R1, R1, L1, R1, L1, L2, L1, R2, L5, L188, L4, R1, R4, L3, R47, R1, L1, R77, R5, L2, R1, L2, R4, L5, L1, R3, R187, L4, L3, L3, R2, L3, L5, L4, L4, R1, R5, L4, L3, L3, L3, L2, L5, R1, L2, R5, L3, L4, R4, L5, R3, R4, L2, L1, L4, R1, L3, R1, R3, L2, R1, R4, R5, L3, R5, R3, L3, R4, L2, L5, L1, L1, R3, R1, L4, R3, R3, L2, R5, R4, R1, R3, L4, R3, R3, L2, L4, L5, R1, L4, L5, R4, L2, L1, L3, L3, L5, R3, L4, L3, R5, R4, R2, L4, R2, R3, L3, R4, L1, L3, R2, R1, R5, L4, L5, L5, R4, L5, L2, L4, R4, R4, R1, L3, L2, L4, R3"
+facing = 0
+distance = [0,0,0,0]
+lines = []
+for inst in EBHQ_dir.split(", "):
+ s = loc(distance)
+ r = inst[0]
+ d = int(inst[1:])
+ if r == "L":
+ facing = (facing -1) % 4
+ distance[facing] += d
+ elif r == "R":
+ facing = (facing +1) % 4
+ distance[facing] += d
+ e = loc(distance)
+ (bs_x, bs_y, be_x, be_y) = (s[0], s[1], e[0], e[1])
+ for l in lines:
+ (as_x, as_y, ae_x, ae_y) = (l[0][0], l[0][1], l[1][0], l[1][1])
+ if (bs_x in range (as_x, ae_x, (-1 if as_x>ae_x else 1)) and
+ be_x in range (as_x, ae_x, (-1 if as_x>ae_x else 1)) and
+ as_y in range (bs_y, be_y, (-1 if bs_y>be_y else 1)) and
+ ae_y in range (bs_y, be_y, (-1 if bs_y>be_y else 1)) ):
+ print "intersection", s,e,l
+ lines.append((s,e))
+ print inst,s,e
+
+print abs(distance[0]-distance[2]) + abs(distance[1]-distance[3])
2016-12-02_AOC-2016/d2p1.py
@@ -0,0 +1,42 @@
+bathroom_dir = """LURLLLLLDUULRDDDRLRDDDUDDUULLRLULRURLRRDULUUURDUURLRDRRURUURUDDRDLRRLDDDDLLDURLDUUUDRDDDLULLDDLRLRRRLDLDDDDDLUUUDLUULRDUDLDRRRUDUDDRULURULDRUDLDUUUDLUDURUURRUUDRLDURRULURRURUUDDLRLDDDDRDRLDDLURLRDDLUDRLLRURRURRRURURRLLRLDRDLULLUDLUDRURDLRDUUDDUUDRLUDDLRLUDLLURDRUDDLRURDULLLUDDURULDRLUDLUDLULRRUUDDLDRLLUULDDURLURRRRUUDRUDLLDRUDLRRDUDUUURRULLDLDDRLUURLDUDDRLDRLDULDDURDLUUDRRLDRLLLRRRDLLLLURDLLLUDRUULUULLRLRDLULRLURLURRRDRLLDLDRLLRLULRDDDLUDDLLLRRLLLUURLDRULLDURDLULUDLRLDLUDURLLLURUUUDRRRULRDURLLURRLDLRLDLDRRUUDRDDDDDRDUUDULUL
+RRURLURRULLUDUULUUURURULLDLRLRRULRUDUDDLLLRRRRLRUDUUUUDULUDRULDDUDLURLRRLLDLURLRDLDUULRDLLLDLLULLURLLURURULUDLDUDLUULDDLDRLRRUURRRLLRRLRULRRLDLDLRDULDLLDRRULRDRDUDUUUDUUDDRUUUDDLRDULLULDULUUUDDUULRLDLRLUUUUURDLULDLUUUULLLLRRRLDLLDLUDDULRULLRDURDRDRRRDDDLRDDULDLURLDLUDRRLDDDLULLRULDRULRURDURRUDUUULDRLRRUDDLULDLUULULRDRDULLLDULULDUDLDRLLLRLRURUDLUDDDURDUDDDULDRLUDRDRDRLRDDDDRLDRULLURUDRLLUDRLDDDLRLRDLDDUULRUDRLUULRULRLDLRLLULLUDULRLDRURDD
+UUUUUURRDLLRUDUDURLRDDDURRRRULRLRUURLLLUULRUDLLRUUDURURUDRDLDLDRDUDUDRLUUDUUUDDURRRDRUDDUURDLRDRLDRRULULLLUDRDLLUULURULRULDRDRRLURULLDURUURDDRDLLDDDDULDULUULLRULRLDURLDDLULRLRRRLLURRLDLLULLDULRULLDLRULDDLUDDDLDDURUUUURDLLRURDURDUUDRULDUULLUUULLULLURLRDRLLRULLLLRRRRULDRULLUURLDRLRRDLDDRLRDURDRRDDDRRUDRLUULLLULRDDLDRRLRUDLRRLDULULRRDDURULLRULDUDRLRUUUULURLRLRDDDUUDDULLULLDDUDRLRDDRDRLDUURLRUULUULDUDDURDDLLLURUULLRDLRRDRDDDUDDRDLRRDDUURDUULUDDDDUUDDLULLDRDDLULLUDLDDURRULDUDRRUURRDLRLLDDRRLUUUDDUUDUDDDDDDDLULURRUULURLLUURUDUDDULURDDLRDDRRULLLDRRDLURURLRRRDDLDUUDR
+URLLRULULULULDUULDLLRDUDDRRLRLLLULUDDUDLLLRURLLLLURRLRRDLULRUDDRLRRLLRDLRRULDLULRRRRUUDDRURLRUUDLRRULDDDLRULDURLDURLRLDDULURDDDDULDRLLUDRULRDDLUUUDUDUDDRRUDUURUURLUUULRLULUURURRLRUUULDDLURULRRRRDULUDLDRLLUURRRLLURDLDLLDUDRDRLLUDLDDLRLDLRUDUULDRRLLULDRRULLULURRLDLUUDLUDDRLURDDUDRDUDDDULLDRUDLRDLRDURUULRRDRUUULRUURDURLDUDRDLLRUULUULRDDUDLRDUUUUULDDDDDRRULRURLLRLLUUDLUDDUULDRULDLDUURUDUDLRULULUULLLLRLULUDDDRRLLDRUUDRLDDDRDDURRDDDULURDLDLUDDUULUUURDULDLLULRRUURDDUDRUULDLRLURUDLRDLLLDRLDUURUDUDRLLLDDDULLUDUUULLUUUDLRRRURRRRRDUULLUURRDUU
+UDULUUDLDURRUDDUDRDDRRUULRRULULURRDDRUULDRLDUDDRRRRDLRURLLLRLRRLLLULDURRDLLDUDDULDLURLURUURLLLDUURRUUDLLLUDRUDLDDRLRRDLRLDDDULLRUURUUUDRRDLLLRRULDRURLRDLLUDRLLULRDLDDLLRRUDURULRLRLDRUDDLUUDRLDDRUDULLLURLRDLRUUDRRUUDUDRDDRDRDDLRULULURLRULDRURLURLRDRDUUDUDUULDDRLUUURULRDUDRUDRULUDDULLRDDRRUULRLDDLUUUUDUDLLLDULRRLRDDDLULRDUDRLDLURRUUDULUDRURUDDLUUUDDRLRLRLURDLDDRLRURRLLLRDRLRUUDRRRLUDLDLDDDLDULDRLURDURULURUDDDUDUULRLLDRLDDDDRULRDRLUUURD"""
+
+class PadIndex(object):
+ def __init__(self, num):
+ self.value = num
+
+ def __add__(self, other):
+ new = self.value + int(other)
+ if new > 2:
+ return PadIndex(2)
+ return PadIndex(new)
+
+ def __sub__(self, other):
+ new = self.value - int(other)
+ if new < 0:
+ return PadIndex(0)
+ return PadIndex(new)
+
+ def __int__(self):
+ return int(self.value)
+
+ def __str__(self):
+ return str(self.value)
+
+loc = [PadIndex(1),PadIndex(1)]
+pad = [[i*j,i*j+1,i*j+2] for i in range(1,2) for j in range(1,9,3)]
+
+for line in bathroom_dir.split('\n'):
+ for inst in line:
+ if inst == "U":
+ loc[0] -= 1
+ if inst == "D":
+ loc[0] += 1
+ if inst == "R":
+ loc[1] += 1
+ if inst == "L":
+ loc[1] -= 1
+ print pad[int(loc[0])][int(loc[1])]
2020-04-06_UTA-ctf/RE1/RE1.prompt
@@ -0,0 +1,1 @@
+Ahhh plaintext, you convenient old friend.
2020-04-06_UTA-ctf/RE1/RE1.solution
@@ -0,0 +1,1 @@
+strings miscellaneous_re1_re_1_linux.dms | grep -i password -A5 -B5
2020-04-06_UTA-ctf/RE2/RE2.prompt
@@ -0,0 +1,1 @@
+Does your password match?
2020-04-06_UTA-ctf/RE2/RE2.solution
@@ -0,0 +1,2 @@
+gdb miscellaneous_re2_re_2_linux.dms -ex set pagination off -ex disass check_pass -ex quit | grep cmp
+python -c a = b'\x34\x6c\x6c\x5f\x44\x34\x54\x5f\x53\x33\x43\x55\x52\x31\x54\x59'; print(a.decode('utf-8'))
2020-04-06_UTA-ctf/RE3/RE3.solution
@@ -0,0 +1,4 @@
+gdb re_3_linux -ex 'info functions' -ex quit | grep "main" -B2 -A2
+gdb re_3_linux -ex 'disassemble decrypt_flag' -ex quit
+a = '5)U5>6UT>53P"*PR3'
+"".join([chr(0x61 ^ ord(c)) for c in a])
2020-04-06_UTA-ctf/apt-list.yml
@@ -0,0 +1,4 @@
+---
+ctf-list:
+ - binutils
+ - gdb
2020-06-08_5ctf/inziption/flag/sensitiveinformation.txt
@@ -0,0 +1,1 @@
+flag{th4t_w4s_4_l0t_0f_z1p_f1l3s}
\ No newline at end of file
2020-06-08_5ctf/inziption/provided/challenge.txt
@@ -0,0 +1,10 @@
+# Inziption - 200
+One of our interns for ACME Hacking Inc. is suspected of emailing
+himself some sensitive company information, but we need to verify
+this before taking action against him. Attached is the suspect file
+along with some notes we found on his Desktop. We already had some
+of our junior operators take a crack at this by hand, but it is
+taking them too long since there are several nested layers of password
+protected file compression. Can you do us a favor and write something
+to automate the decompression of this file and see what information,
+if any, he was exfiltrating?
2020-06-08_5ctf/inziption/provided/jB1qLK53r.A.7z
Binary file
2020-06-08_5ctf/inziption/provided/notes.txt
@@ -0,0 +1,16 @@
+Had some ideas for a system of passwords based off of the filename:
+
+FORMAT: <string>.<id>.<extension>
+
++----+------------------+
+| ID | PASSWORD |
++====+==================+
+| A | <string> |
+| B | <string>.reverse |
+| C | md5(<string>) |
+| D | sha1(<string>) |
+| E | '' |
++----+------------------+
+
+7z a -tzip -pExAmPlE ExAmPlE.A.zip file
+7z a -ttar -p'' Another.E.tar ExAmPlE.A.zip
2020-06-08_5ctf/inziption/.gitignore
@@ -0,0 +1,3 @@
+*.swp
+venv
+tmp
2020-06-08_5ctf/inziption/unziption.py
@@ -0,0 +1,112 @@
+import os
+import hashlib
+import puremagic
+import re
+
+
+def decode_filename(filename):
+ """
+ Decodes a inziption filename
+ Returns [password, id, extension]
+
+ Filename Format: <string>.<id>.<extension>
+ Decoder ring:
+ +----+------------------+
+ | ID | PASSWORD |
+ +====+==================+
+ | A | <string> |
+ | B | <string>.reverse |
+ | C | md5(<string>) |
+ | D | sha1(<string>) |
+ | E | '' |
+ +----+------------------+
+ """
+ print(filename)
+ split_name = os.path.basename(filename).split('.')
+ if len(split_name) == 3:
+ f_string = split_name[0]
+ f_id = split_name[1]
+ f_ext = split_name[2]
+
+ if f_id == "A":
+ return [f_string, f_id, f_ext]
+ if f_id == "B":
+ # <string>,reverse
+ return [f_string[::-1], f_id, f_ext]
+ if f_id == "C":
+ # should match md5sum <(echo -n f_string)
+ return [hashlib.md5(f_string.encode("utf-8")).hexdigest(), f_id, f_ext]
+ if f_id == "D":
+ # should match sha1sum <(echo -n f_string)
+ return [hashlib.sha1(f_string.encode("utf-8")).hexdigest(), f_id, f_ext]
+ if f_id == "E":
+ return ["''", f_id, f_ext]
+
+def un_7z(filename, password):
+ import py7zr
+ with py7zr.SevenZipFile(filename, password=password) as z:
+ if len(z.getnames()) == 1:
+ next_file = z.getnames()[0]
+ z.extractall(path="tmp")
+ return f"tmp/{next_file}"
+ else:
+ print(f"bad 7z {filename}")
+
+def un_zip(filename,password):
+ import zipfile
+ with zipfile.ZipFile(filename) as z:
+ if len(z.namelist()) == 1:
+ next_file = z.namelist()[0]
+ z.extract(next_file, path="tmp", pwd=bytes(password, 'utf-8'))
+ return f"tmp/{next_file}"
+ else:
+ print(f"bad zip {filename}")
+
+def un_gz(filename,password):
+ import gzip, zipfile, magic
+ next_file = re.findall(r'["](.*?)["]',magic.from_file(filename))[0]
+ with gzip.GzipFile(filename) as gz:
+ ungzip_data = gz.read()
+ with open(f"tmp/{next_file}", 'wb') as out:
+ out.write(ungzip_data)
+ return f"tmp/{next_file}"
+
+def un_tar(filename,password):
+ import tarfile
+ with tarfile.open(filename) as z:
+ if len(z.getnames()) == 1:
+ next_file = z.getnames()[0]
+ z.extractall(path="tmp")
+ return f"tmp/{next_file}"
+ else:
+ print(f"bad tar {filename}")
+
+def unziption(filename):
+ password, _, ext = decode_filename(filename)
+ print(filename, password)
+ ext = puremagic.from_file(filename)
+ if ext == ".7z":
+ return un_7z(filename, password)
+ if ext == ".zip":
+ return un_zip(filename, password)
+ if ext == ".gz":
+ return un_gz(filename, password)
+ if ext == ".tar":
+ return un_tar(filename, password)
+
+
+zip_file = "jB1qLK53r.A.7z"
+out = open("test", "wb")
+while True:
+ zip_file = unziption(zip_file)
+ split_name = os.path.basename(zip_file).split('.')[0]
+ out.write(split_name.encode('utf-8'))
+ out.flush()
+
+
+
+#print(decode_filename('ExAmPlE.A.zip'))
+#print(decode_filename('ExAmPlE.B.zip'))
+#print(decode_filename('ExAmPlE.C.zip'))
+#print(decode_filename('ExAmPlE.D.zip'))
+#print(decode_filename('ExAmPlE.E.zip'))
2020-06-08_5ctf/inziption/unziption_demo.py
@@ -0,0 +1,101 @@
+#### WELCOME
+import os
+import hashlib
+import puremagic
+import re
+
+def decode_filename(filename):
+ """
+ Decodes a inziption filename
+ Returns [password, id, extension]
+
+ Filename Format: <string>.<id>.<extension>
+ Decoder ring:
+ +----+------------------+
+ | ID | PASSWORD |
+ +====+==================+
+ | A | <string> |
+ | B | <string>.reverse |
+ | C | md5(<string>) |
+ | D | sha1(<string>) |
+ | E | '' |
+ +----+------------------+
+ """
+ print(filename)
+ split_name = os.path.basename(filename).split('.')
+ if len(split_name) == 3:
+ f_string = split_name[0]
+ f_id = split_name[1]
+ f_ext = split_name[2]
+ # TODO handle when len is not 3
+
+ if f_id == "A":
+ return [f_string, f_id, f_ext]
+ if f_id == "B":
+ # <string>,reverse
+ return [f_string[::-1], f_id, f_ext]
+ if f_id == "C":
+ # should match md5sum <(echo -n f_string)
+ return [hashlib.md5(f_string.encode("utf-8")).hexdigest(), f_id, f_ext]
+ if f_id == "D":
+ # should match sha1sum <(echo -n f_string)
+ return [hashlib.sha1(f_string.encode("utf-8")).hexdigest(), f_id, f_ext]
+ if f_id == "E":
+ return ["''", f_id, f_ext]
+
+def un_7z(filename, password):
+ import py7zr
+ with py7zr.SevenZipFile(filename, password=password) as z:
+ if len(z.getnames()) == 1:
+ next_file = z.getnames()[0]
+ z.extractall(path="tmp")
+ return f"tmp/{next_file}"
+ else:
+ print(f"bad 7z {filename}")
+
+def un_zip(filename, password):
+ import zipfile
+ with zipfile.ZipFile(filename) as z:
+ if len(z.namelist()) == 1:
+ next_file = z.namelist()[0]
+ z.extract(next_file, path="tmp", pwd=bytes(password, 'utf-8'))
+ return f"tmp/{next_file}"
+ else:
+ print(f"bad zip {filename}")
+
+def un_gz(filename, password):
+ import gzip, zipfile, magic
+ next_file = re.findall(r'["](.*?)["]',magic.from_file(filename))[0]
+ with gzip.GzipFile(filename) as gz:
+ ungzip_data = gz.read()
+ with open(f"tmp/{next_file}", 'wb') as out:
+ out.write(ungzip_data)
+ return f"tmp/{next_file}"
+
+def un_tar(filename, password):
+ import tarfile
+ with tarfile.open(filename) as z:
+ if len(z.getnames()) == 1:
+ next_file = z.getnames()[0]
+ z.extractall(path="tmp")
+ return f"tmp/{next_file}"
+ else:
+ print(f"bad tar {filename}")
+
+def unziption(filename):
+ password, _, ext = decode_filename(filename)
+ print(filename, password)
+ ext = puremagic.from_file(filename)
+ if ext == ".7z":
+ return un_7z(filename, password)
+ if ext == ".zip":
+ return un_zip(filename, password)
+ if ext == ".gz":
+ return un_gz(filename, password)
+ if ext == ".tar":
+ return un_tar(filename, password)
+
+zip_file = "provided/jB1qLK53r.A.7z"
+
+while True:
+ zip_file = unziption(zip_file)
.gitignore
@@ -0,0 +1,2 @@
+*.swp
+venv