Skip to content

Commit

Permalink
fix lactf24
Browse files Browse the repository at this point in the history
  • Loading branch information
@treseco
treseco committed Feb 19, 2024
1 parent f390fc3 commit bc60d7e
Show file tree
Hide file tree
Showing 17 changed files with 1,000 additions and 71 deletions.
75 changes: 38 additions & 37 deletions index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,44 @@ <h1>


<div class="postlist " id="postlist">
<article class="card postlistitem">
<div>
<h2>
<a href="https://treseco.github.io/posts/lactf24/lactf24/">LACTF 2024 Writeups</a>
</h2>
<p class="date">
<span title='Date'></span>
2024-02-18


|
<span title='Tags'></span>

<a href="/tags/ctf-write-up">#ctf write-up</a>

<a href="/tags/lactf-2024">#LACTF 2024</a>

<a href="/tags/reversing">#reversing</a>


</p>


<div class="articlePreview">
<p>

LACTF 2024 I was able to participate in LACTF this weekend with WolvSec and it was a lot of fun. We ended up placing 166th in the open division. These are my writeups for glottem, the-secret-of-java-island and aplet321 reversing challenges. The archived challenges are availible here.
glottem Category: Rev Author: aplet123 Points: 455 Solves: 89 Description Haha glottem good!
Note: The correct flag is 34 characters long.
Files glottem: POSIX shell script, ASCII text executable, with very long lines

</p>
<p><a href="https://treseco.github.io/posts/lactf24/lactf24/">Continue reading </a></p>
</div>

</div>
<hr />
</article>
<article class="card postlistitem">
<div>
<h2>
Expand Down Expand Up @@ -344,43 +382,6 @@ <h2>
</div>
<hr />
</article>
<article class="card postlistitem">
<div>
<h2>
<a href="https://treseco.github.io/posts/ritsecctf23/ret2win/">ret2win</a>
</h2>
<p class="date">
<span title='Date'></span>
2023-05-23


|
<span title='Tags'></span>

<a href="/tags/ctf-write-up">#ctf write-up</a>

<a href="/tags/pwn">#pwn</a>

<a href="/tags/ritsec-ctf-2023">#Ritsec CTF 2023</a>


</p>


<div class="articlePreview">
<p>

ret2win Pwn 83 pts Description Are you looking for an exploit dev job. Well apply to the Republic of Potatoes. We are looking for the best hackers out there. Download the binary, find the secret door and remember to pass the right password.
Files ret2win - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6407290ddc178ebcff6a243a585c21e8c32a440b, for GNU/Linux 3.2.0, not stripped
Solve #!/usr/bin/python3 from pwn import * context.

</p>
<p><a href="https://treseco.github.io/posts/ritsecctf23/ret2win/">Continue reading </a></p>
</div>

</div>
<hr />
</article>

</div>
<div id="getNextBtnContainer"></div>
Expand Down
4 changes: 2 additions & 2 deletions index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@



"articles": [{"date":"2023-09-03","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ductf23/masked_squares_flag_checker/","summary":"Masked Squares Flag Checker Author: joseph Category: rev Difficulty: easy Points: 218 Solves: 62 Description This program checks the flag based on some simple arithmetic operations.\nFiles ms_flag_checker - ms_flag_checker: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a8e81b5edf26d75633d7f857771172e81689a563, for GNU/Linux 4.4.0, stripped\nSolve Begin by decompiling main with ghidra and cleaning up the code.\nundefined8 main(void) { long mask_ptr; byte *mask_info; int *sum_target_ptr; int masked_sum; int flag_ints [36]; char buf [40]; .","tags":["ctf write-up","DUCTF 2023","reversing"],"title":"Masked Squares Flag Checker"},{"date":"2023-09-03","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ductf23/other/","summary":"All Fathers Wisdom Author: Pix Category: rev Difficulty: beginner Points: 100 Solves: 270 Description We found this binary in the backroom, its been marked as \u0026ldquo;The All Fathers Wisdom\u0026rdquo; - See hex for further details. Not sure if its just old and hex should be text, or they mean the literal hex.\nAnyway can you get this \u0026lsquo;wisdom\u0026rsquo; out of the binary for us?\nFiles the-all-fathers-wisdom - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.","tags":["ctf write-up","DUCTF 2023","misc","OSINT","reversing"],"title":"DUCTF solves"},{"date":"2023-05-23","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ritsecctf23/either_or_neither_nor/","summary":"Either or Neither nor Category: crypto Points: 100 Files chal.py - Python script, ASCII text executable\nSolve The contents of chal.py tell us that the flag has been xored with a key and we only have the resulting encrypted flag.\n#! /usr/bin/env python flag = \u0026#34;XXXXXXXXXXXXXXXXXXXXX\u0026#34; enc_flag = [91,241,101,166,85,192,87,188,110,164,99,152,98,252,34,152,117,164,99,162,107] key = [0, 0, 0, 0] KEY_LEN = 4 # Encrypt the flag for idx, c in enumerate(flag): enc_flag = ord(c) ^ key[idx % len(key)] The xor operation has properties that make it simple to reverse.","tags":["cryptography","ctf write-up","Ritsec CTF 2023"],"title":"Either or Neither nor"},{"date":"2023-05-23","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ritsecctf23/jurassic_park/","summary":"Jurassic park Category: Rev Points: 294 Files JuarrasicPark - JurassicPark: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=4XMyVkn0sTek7nw8EEYU/QdfCrifAK-NMKTlAgud5/tWG5xm3UkP6nAyK9dh6I/QDTAn6gKrQy1Vt4Cl8mo, with debug_info, not stripped\nSolve I was not the first on my team to solve this challenge, but didn\u0026rsquo;t notice until I had solved it. I feel it is still worth documenting this method of extracting a file from memory with pwndbg.\nIn main we find a call to embed.","tags":["ctf write-up","reversing","Ritsec CTF 2023"],"title":"Jurassic Park"},{"date":"2023-05-23","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ritsecctf23/ret2win/","summary":"ret2win Pwn 83 pts Description Are you looking for an exploit dev job. Well apply to the Republic of Potatoes. We are looking for the best hackers out there. Download the binary, find the secret door and remember to pass the right password.\nFiles ret2win - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6407290ddc178ebcff6a243a585c21e8c32a440b, for GNU/Linux 3.2.0, not stripped\nSolve #!/usr/bin/python3 from pwn import * context.","tags":["ctf write-up","pwn","Ritsec CTF 2023"],"title":"ret2win"}],
"test": "Masked Squares Flag Checker DUCTF solves Either or Neither nor Jurassic Park ret2win Ducky1 Ducky2 Ducky3 Welcome to Hell Manifest Search ",
"articles": [{"date":"2024-02-18","image":"","imageAlt":"","link":"https://treseco.github.io/posts/lactf24/lactf24/","summary":"LACTF 2024 I was able to participate in LACTF this weekend with WolvSec and it was a lot of fun. We ended up placing 166th in the open division. These are my writeups for glottem, the-secret-of-java-island and aplet321 reversing challenges. The archived challenges are availible here.\nglottem Category: Rev Author: aplet123 Points: 455 Solves: 89 Description Haha glottem good!\nNote: The correct flag is 34 characters long.\nFiles glottem: POSIX shell script, ASCII text executable, with very long lines","tags":["ctf write-up","LACTF 2024","reversing"],"title":"LACTF 2024 Writeups"},{"date":"2023-09-03","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ductf23/masked_squares_flag_checker/","summary":"Masked Squares Flag Checker Author: joseph Category: rev Difficulty: easy Points: 218 Solves: 62 Description This program checks the flag based on some simple arithmetic operations.\nFiles ms_flag_checker - ms_flag_checker: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a8e81b5edf26d75633d7f857771172e81689a563, for GNU/Linux 4.4.0, stripped\nSolve Begin by decompiling main with ghidra and cleaning up the code.\nundefined8 main(void) { long mask_ptr; byte *mask_info; int *sum_target_ptr; int masked_sum; int flag_ints [36]; char buf [40]; .","tags":["ctf write-up","DUCTF 2023","reversing"],"title":"Masked Squares Flag Checker"},{"date":"2023-09-03","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ductf23/other/","summary":"All Fathers Wisdom Author: Pix Category: rev Difficulty: beginner Points: 100 Solves: 270 Description We found this binary in the backroom, its been marked as \u0026ldquo;The All Fathers Wisdom\u0026rdquo; - See hex for further details. Not sure if its just old and hex should be text, or they mean the literal hex.\nAnyway can you get this \u0026lsquo;wisdom\u0026rsquo; out of the binary for us?\nFiles the-all-fathers-wisdom - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.","tags":["ctf write-up","DUCTF 2023","misc","OSINT","reversing"],"title":"DUCTF solves"},{"date":"2023-05-23","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ritsecctf23/either_or_neither_nor/","summary":"Either or Neither nor Category: crypto Points: 100 Files chal.py - Python script, ASCII text executable\nSolve The contents of chal.py tell us that the flag has been xored with a key and we only have the resulting encrypted flag.\n#! /usr/bin/env python flag = \u0026#34;XXXXXXXXXXXXXXXXXXXXX\u0026#34; enc_flag = [91,241,101,166,85,192,87,188,110,164,99,152,98,252,34,152,117,164,99,162,107] key = [0, 0, 0, 0] KEY_LEN = 4 # Encrypt the flag for idx, c in enumerate(flag): enc_flag = ord(c) ^ key[idx % len(key)] The xor operation has properties that make it simple to reverse.","tags":["cryptography","ctf write-up","Ritsec CTF 2023"],"title":"Either or Neither nor"},{"date":"2023-05-23","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ritsecctf23/jurassic_park/","summary":"Jurassic park Category: Rev Points: 294 Files JuarrasicPark - JurassicPark: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=4XMyVkn0sTek7nw8EEYU/QdfCrifAK-NMKTlAgud5/tWG5xm3UkP6nAyK9dh6I/QDTAn6gKrQy1Vt4Cl8mo, with debug_info, not stripped\nSolve I was not the first on my team to solve this challenge, but didn\u0026rsquo;t notice until I had solved it. I feel it is still worth documenting this method of extracting a file from memory with pwndbg.\nIn main we find a call to embed.","tags":["ctf write-up","reversing","Ritsec CTF 2023"],"title":"Jurassic Park"}],
"test": "LACTF 2024 Writeups Masked Squares Flag Checker DUCTF solves Either or Neither nor Jurassic Park ret2win Ducky1 Ducky2 Ducky3 Welcome to Hell Manifest Search ",
"page": "1",
"next":
"https://treseco.github.io/page/2/index.json"
Expand Down
37 changes: 37 additions & 0 deletions page/2/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,43 @@ <h1>


<div class="postlist " id="postlist">
<article class="card postlistitem">
<div>
<h2>
<a href="https://treseco.github.io/posts/ritsecctf23/ret2win/">ret2win</a>
</h2>
<p class="date">
<span title='Date'></span>
2023-05-23


|
<span title='Tags'></span>

<a href="/tags/ctf-write-up">#ctf write-up</a>

<a href="/tags/pwn">#pwn</a>

<a href="/tags/ritsec-ctf-2023">#Ritsec CTF 2023</a>


</p>


<div class="articlePreview">
<p>

ret2win Pwn 83 pts Description Are you looking for an exploit dev job. Well apply to the Republic of Potatoes. We are looking for the best hackers out there. Download the binary, find the secret door and remember to pass the right password.
Files ret2win - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6407290ddc178ebcff6a243a585c21e8c32a440b, for GNU/Linux 3.2.0, not stripped
Solve #!/usr/bin/python3 from pwn import * context.

</p>
<p><a href="https://treseco.github.io/posts/ritsecctf23/ret2win/">Continue reading </a></p>
</div>

</div>
<hr />
</article>
<article class="card postlistitem">
<div>
<h2>
Expand Down
4 changes: 2 additions & 2 deletions page/2/index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@



"articles": [{"date":"2023-05-22","image":"","imageAlt":"","link":"https://treseco.github.io/posts/byuctf23/ducky1/","summary":"Ducky1 Category: Rev Difficulty: Easy Points: 100 Solves: 185 Description I recently got ahold of a Rubber Ducky, and have started automating ALL of my work tasks with it! You should check it out!\nFiles inject.bin - data\nSolve The contents of inject.bin dosn\u0026rsquo;t give us much information.\n$ xxd inject.bin 00000000: 00ff 00ff 00ff 00ff 00ff 00ff 00ff 00ff ................ ... 00000350: 00ff 00ff 00ff 00ff 00ff 00ff 00ff 005f .","tags":["BYUCTF 2023","ctf write-up","reversing"],"title":"Ducky1"},{"date":"2023-05-22","image":"","imageAlt":"","link":"https://treseco.github.io/posts/byuctf23/ducky2/","summary":"#writeup\nDucky2 Category: Rev Difficulty: Medium Points: 476 Solves: 36 Description Okay, turnsk out that wask too easy to decode. You skhoud definitely try thisk one now! (Note - Ducky3 is unlocked after solving this challenge)\nFiles inject.bin - data\nSolve We are given a very similar file to inject.bin from ducky1. Let\u0026rsquo;s try to decode this one with DuckToolkit as well.\n$ python3 ducktools.py -d -l us ../inject.bin /dev/stdout [+] Reading Duck Bin file [-] Decoding file [-] Writing ducky text to /dev/stdout DELAY bzuctfmakesurezourkezboardissetupright|_}|\u0026#34;}|[+] Process Complete Ok, that didn\u0026rsquo;t seem to work but it does give us a hint by telling us to \u0026lsquo;make sure your keyboard is set up right\u0026rsquo;.","tags":["BYUCTF 2023","ctf write-up","reversing"],"title":"Ducky2"},{"date":"2023-05-22","image":"","imageAlt":"","link":"https://treseco.github.io/posts/byuctf23/ducky3/","summary":"Ducky3 Category: Rev Difficulty: Medium Points: 497 Solves: 14 Description Alright fine, I\u0026rsquo;ll make my own keyboard layout\u0026hellip;\nFiles inject.bin - data payload.txt - ASCII text\nSolve This challenge only provided another inject.bin file initially. As the description says, this file dosn\u0026rsquo;t seem to match any language, and appears to be custom made. The challenge was later fixed to include payload.txt.\nSTRING abcdefghijklmnopqrstuvwxyz STRING ABCDEFGHIJKLMNOPQRSTUVWXYZ STRING 0123456789 STRING !@#$%^\u0026amp;*()-_ STRING payload.","tags":["BYUCTF 2023","ctf write-up","reversing"],"title":"Ducky3"},{"date":"2023-03-30","image":"","imageAlt":"","link":"https://treseco.github.io/posts/umassctf23/welcome_to_hell/","summary":"Welcome To Hell Author: Battelle Rev 400 pts Description Welcome to hell, where all it seems that you can do is try to exit, maybe there is a flag hidden somewhere in this mess\nFiles welcome_to_hell - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped\nReversing Opening welcome_to_hell in Ghidra shows a few functions. The only one that appears to do anything useful is entry, the first function in the binary.","tags":["ctf write-up","reversing","UMass CTF 2023"],"title":"Welcome to Hell"},{"date":"0001-01-01","image":"","imageAlt":"","link":"https://treseco.github.io/manifest/index.json","summary":"","tags":[],"title":"Manifest"}],
"test": "Masked Squares Flag Checker DUCTF solves Either or Neither nor Jurassic Park ret2win Ducky1 Ducky2 Ducky3 Welcome to Hell Manifest Search ",
"articles": [{"date":"2023-05-23","image":"","imageAlt":"","link":"https://treseco.github.io/posts/ritsecctf23/ret2win/","summary":"ret2win Pwn 83 pts Description Are you looking for an exploit dev job. Well apply to the Republic of Potatoes. We are looking for the best hackers out there. Download the binary, find the secret door and remember to pass the right password.\nFiles ret2win - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6407290ddc178ebcff6a243a585c21e8c32a440b, for GNU/Linux 3.2.0, not stripped\nSolve #!/usr/bin/python3 from pwn import * context.","tags":["ctf write-up","pwn","Ritsec CTF 2023"],"title":"ret2win"},{"date":"2023-05-22","image":"","imageAlt":"","link":"https://treseco.github.io/posts/byuctf23/ducky1/","summary":"Ducky1 Category: Rev Difficulty: Easy Points: 100 Solves: 185 Description I recently got ahold of a Rubber Ducky, and have started automating ALL of my work tasks with it! You should check it out!\nFiles inject.bin - data\nSolve The contents of inject.bin dosn\u0026rsquo;t give us much information.\n$ xxd inject.bin 00000000: 00ff 00ff 00ff 00ff 00ff 00ff 00ff 00ff ................ ... 00000350: 00ff 00ff 00ff 00ff 00ff 00ff 00ff 005f .","tags":["BYUCTF 2023","ctf write-up","reversing"],"title":"Ducky1"},{"date":"2023-05-22","image":"","imageAlt":"","link":"https://treseco.github.io/posts/byuctf23/ducky2/","summary":"#writeup\nDucky2 Category: Rev Difficulty: Medium Points: 476 Solves: 36 Description Okay, turnsk out that wask too easy to decode. You skhoud definitely try thisk one now! (Note - Ducky3 is unlocked after solving this challenge)\nFiles inject.bin - data\nSolve We are given a very similar file to inject.bin from ducky1. Let\u0026rsquo;s try to decode this one with DuckToolkit as well.\n$ python3 ducktools.py -d -l us ../inject.bin /dev/stdout [+] Reading Duck Bin file [-] Decoding file [-] Writing ducky text to /dev/stdout DELAY bzuctfmakesurezourkezboardissetupright|_}|\u0026#34;}|[+] Process Complete Ok, that didn\u0026rsquo;t seem to work but it does give us a hint by telling us to \u0026lsquo;make sure your keyboard is set up right\u0026rsquo;.","tags":["BYUCTF 2023","ctf write-up","reversing"],"title":"Ducky2"},{"date":"2023-05-22","image":"","imageAlt":"","link":"https://treseco.github.io/posts/byuctf23/ducky3/","summary":"Ducky3 Category: Rev Difficulty: Medium Points: 497 Solves: 14 Description Alright fine, I\u0026rsquo;ll make my own keyboard layout\u0026hellip;\nFiles inject.bin - data payload.txt - ASCII text\nSolve This challenge only provided another inject.bin file initially. As the description says, this file dosn\u0026rsquo;t seem to match any language, and appears to be custom made. The challenge was later fixed to include payload.txt.\nSTRING abcdefghijklmnopqrstuvwxyz STRING ABCDEFGHIJKLMNOPQRSTUVWXYZ STRING 0123456789 STRING !@#$%^\u0026amp;*()-_ STRING payload.","tags":["BYUCTF 2023","ctf write-up","reversing"],"title":"Ducky3"},{"date":"2023-03-30","image":"","imageAlt":"","link":"https://treseco.github.io/posts/umassctf23/welcome_to_hell/","summary":"Welcome To Hell Author: Battelle Rev 400 pts Description Welcome to hell, where all it seems that you can do is try to exit, maybe there is a flag hidden somewhere in this mess\nFiles welcome_to_hell - ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped\nReversing Opening welcome_to_hell in Ghidra shows a few functions. The only one that appears to do anything useful is entry, the first function in the binary.","tags":["ctf write-up","reversing","UMass CTF 2023"],"title":"Welcome to Hell"}],
"test": "LACTF 2024 Writeups Masked Squares Flag Checker DUCTF solves Either or Neither nor Jurassic Park ret2win Ducky1 Ducky2 Ducky3 Welcome to Hell Manifest Search ",
"page": "2",
"next":
"https://treseco.github.io/page/3/index.json"
Expand Down
Loading

0 comments on commit bc60d7e

Please sign in to comment.