🦊Back to NiNi's Den

# 2019::PragyanCTF

Word count: 2.8kReading time: 17 min
2019/03/12 Share

Wanna try ghidra in reversing so I play Pragyan CTF.
Did not have time to solve them all.
Pragyan CTF is a much easier CTF, a good target for me to start writing my blog……
It’s a good way to force me to understand every details and improve my English writing skill (maybe).

# Web

The value of flag in cookie is the md5 result of flag’s slices.

flag:
pctf{c0oki3s_@re_yUm_bUt_tHEy_@ls0_r3vEaL_@_l0t}

## Game of Faces

A form hidden behind the first color block, just upload any picture then you get a base64 encoded string which decoded as The_scroll_says=the_night_kingVSvalyrian.txt

Get the flag at /the_night_kingVSvalyrian.txt

flag:
pctf{You_L00K_Wi3Rd_IN_H3R3}

## Mandatory PHP

### final solution

http://159.89.166.12:14000/?val2=WoAHh%2525252525252525252521&val1=rUs&val3=12&val4=16

### detail

Find a string which’s sha256 result’s prefix is 1e, so that it would be consider as scientific notation at first line. When $a='rUs', the result of sha256 is 1e40afafd2290d3f1e0cbc86cd9bbec0df8627b32730ea72e0dce67fe49a2f30, would be consider as$10^{40}$at second line and the last result is 400, which is$12^2+16^2$, done. next check: It apply urldecode 10 times on $b, so we have to encode WoAHh! 10 times, also. The result should be WoAHh%25252525252525252521. But,the url would be decoded once by default, we have to do one more encode, which would be WoAHh%252525252525252525252521

flag:
pctf{b3_c4r3fu1_w1th_pHp_f31145}

# Forensics

## Welcome

The password for a.zip is in the secret.bmp, dGhlIHBhc3N3b3JkIGlzOiBoMzExMF90aDNyMyE==, decoded as the password is: h3110_th3r3!
Then it give us a a.png, the flag is hidden in the white background

flag:
pctf{st3gs0lv3_1s_u53ful}

## Magic PNGs

you_cant_see_me.png is a broken png, fix it to get the password for tryme.zip
First, fix the header , the header should be 8950 4e47 1d0a 1a0a instead of 8950 4e47 2e0a 2e0a.Next, find ascii string idat in png , this is the name of IDAT chunk, the string should be uppercase. Finally, fix two CRC checksums. then we get a picture of mask from movie V for Vendetta.

According to the hint, the password for tryme.zip should be MD5 ("h4CK3RM4n") = 2c919f82ee2ed6985d5c5e275d67e4f8

flag:
pctf{y0u_s33_m33_n0w!}

## Save Earth

Some usb packages, extract the Leftover Capture Data by
tshark -r ./SaveEarth.pcap -T fields -e usb.capdata > leftover.txt

It doesn’t look like some keyboard strike or mouse position, but more like morse code.

Get morse code

-.-. - ..-. ... ....- ...- ...-- -> CTFS4V3

flag is in lowercase

flag:
ctf{s4v3}

## Slow Realization

It gives us a flag.pdf and a jpeg picture

The EOF of jpeg file format is ff d9, so there is actually a mp3 file concated behind this jpeg. It’s OneRepublic - Counting Stars, but there are some morse code and a weird woman voice. The morse code is not the password, which is

I thought that the password is inside the vocal between morse code. Tried to apply reverse, invert, or normalize individually on it, but I still can not get a clear version of the woman voice

Luckily, I get the password by dictionary attack…., it turns out to be congratulations, WHAT ?
It really sounds like that after I knew the real password is congratualtions,but it also sounds like slow realization?
Can someone teach me how to get the password in right way?

flag:
pctf{y0u_h34rd_m3_r1ght}

## Late PR

strings it, done
Is this the intended solution ??

flag:
pctf{Late_submissions_can_be_good}

# Cryptography

## Spoiler

There are some additional information concated after the %%EOF of pdf

It’s a hex string 6a6f6e736e6f776973647261676f6e62796269727468, xor it with another hex string show in pdf.

flag:
PCTF{JON_IS_TARGARYEN}

## Add them Sneaky Polynomials

We get some polynomials equations:

According to challenge’s description, we can extract a string from these equations

Obviously, if we plug x=2 into equations we can get some “binary strings”.
For example, $2^5+2^4+2^2+2^1+1 = 110111_{2} = 55$, that is the ascii code for 7.
After evaluation, we get some meaningless strings.
But once we xor them together, the flag shows up

flag:
pctf{f1n1t3_f13lds_4r3_m0r3_us3ful_th4n_y0u_th1nk}

## The Order of the Phoenix

After google the hint Eleven scientists are working on a secret project.......?, it’s a challenge about Shamir’s Secret Sharing. Read the content of QRcode first

Guess the hexadecimal digits split by - are x and y on the x-y plane, then ….
We have to sovle an equation which derives from these coordinates by Lagrange polynomial. I did’t decrypt it on my own implementation, the problems is that I used the wrong the prime. Using a github repo call secret-sharing to help me.

plain text:
pctf{sh4m1r3_w4s_4_gr34t_m4n}\n

flag:
pctf{sh4m1r3_w4s_4_gr34t_m4n}

reference

## Help Rabin

It’s Rabin cryptosystem, which needs the factor p, q of n to do the decryption. The problem in here is that it generates n by mutiple two primes which are close to each other, this makes us are able to factor n by brute force.

Then follow the steps on wiki, we can get the plaintext in one of the 4 decrypted messages:

Hey Rabin, would you like to be the front end to my back end? Here is your flag: pctf{R4b1n_1s_th3_cut3st}

flag:
pctf{R4b1n_1s_th3_cut3st}

## Easy RSA

It gives some parameter used in RSA

The e is too big so that may cause the d become small enough to satisfy the condition for wiener’s attack
I used featherduster to apply weiner’s attack here and get d successfully

d=12978409760901509356642421072925801006324287746872153539187221529835976408177

The secret message is Here is your flag, pctf{Sup3r_st4nd4rd_W31n3r_4tt4ck}\n

flag:
pctf{Sup3r_st4nd4rd_W31n3r_4tt4ck}

## Decode This

There is a linear equations :

Cuz we know that there must be a pctf in plain text, it’s able to solve this equation. I didn’t get the flag in my first trial, cuz I assume that pctf is the prefix of plaintext. After a while, I realized that crypto challenges of Pragyan always like to give us some xxxxxxx flag: pctf{xxxxxxx}, so , all we need to do here is to brute force the position of pctf in the plaintext.

Solving equation is ez in python, because there are lots of package doing this for us (z3, Sympy, sage … etc).

ram has a little secret for you right here it is pctf i like climbing hills what about you

# Miscellaneous

## EXORcism

It gives a txt file which contains lots of 1\n and 0\n, it’s a bitmap of an QRcode
Convert it to image by python

The message is 160f15011d1b095339595138535f135613595e1a, a meaningless string
Xor the first 4 char with pctf to check if this was the xor result of flag , then the xor-key turned out to be flag.

flag:
pctf{wh4_50_53r1u5?}

# Binary

## Feed_me

Lazy, use socket and z3 to solve this

flag:
pctf{p1zz4_t0pp3d_w1th_p1n34ppl3_s4uc3}

## Secret Keeper

Login as admin then it will print flag

Obviously, it has a UAF bug after remove a user. It just clean and free the chunk of account, but not remove the user from the list, we can even login with null usernam and original password.
What’s more, the first registed user’s username can be rewrote as admin

### exploit

First, register a user with name whatever and password whateverpassword, then delete it
Next, register another user with name whatever2 and password admin
Cuz this binary malloc for password first, the chunk which second registed user using for password is actually the same chunk of the first user’s username
Now we can login as admin with password whateverpassword to get the flag.

flag:
pctf{"ThiS_S3rV1ce-1s$t0T411Y-cR4p_But_w3_34Rn_$\$_4nyWaYs"}

## Super Secure Vault

The binary ask for key and password.
The key has to satisfy some modular equations :

We can derive key easily from these equations by CRT (Chinese Remainder Theorem), which is 3087629750608333480917556

If the key passes the verification , binary concats 27644437104591489104652716127 and 08 after the key in the func2. Then it will try to verify password by looking up a hard-coded array , matrix. In summary, it’s trivial, can be done by idapython.

flag:
pctf{R3v3rS1Ng_#s_V311_L0t_Of_FuR}

## Armoury

Format string vulneralbility, leak the GOT entry and find the correct version of libc.
Then use %n in format string to overwrite the return address to one gadget.

flag:
pctf{“W@r_1sN3v3R@_las41nG_s0lut1on#f0R_any_pr0bleM”}

Original Author: Terrynini

Original link: http://blog.terrynini.tw/en/2019-PragyanCTF/

Publish at: March 12th 2019, 2:08:23

Copyright: This article is licensed under CC BY-NC 4.0