🦊Back to NiNi's Den


Word count: 152Reading time: 1 min
2019/05/01 Share

Played with Balsn, and get 4th this time.
I have to construct my payload more carefully, wasted too much time on debugging.

This is not a writeup for reading, just a kind of reminder for myself.

Misc::space saver


  • binwalk --dd=".*" space.dd
  • formost would extract the same png, but missing the most important part !!
  • The password of rar is concated after the keyword IEND of each png


  • mount the dd mount -o loop space.dd /mnt/tmp
  • scan for searching deleted files

Misc::can you guess me

intuitive solution

also my solution


error base

this is interesting


intended solution

It’s persuasive, because exec


Misc::Project Eulernt

Factor + random permutation and greedy

This should be more efficiency ?

Factor + dfs

This is the first thought came to my mind, did not find this solution on CTFtime’s wirteup.
But the writeup released by team ranked 2nd and 3rd are this kind.

Original Author: Terrynini

Original link: http://blog.terrynini.tw/en/2019-PlaidCTF/

Publish at: May 1st 2019, 10:50:47

Copyright: This article is licensed under CC BY-NC 4.0

  1. 1. Misc::space saver
    1. 1.1. Solution1
    2. 1.2. Solution2
  2. 2. Misc::can you guess me
    1. 2.1. intuitive solution
    2. 2.2. error base
    3. 2.3. intended solution
  3. 3. Misc::Project Eulernt
    1. 3.1. Factor + random permutation and greedy
    2. 3.2. Factor + dfs