«

»

Feb
13

IFSF CTF Small Challenges (#4, #5, #6, #14, #15)

Contents

#4 ER

Uhg uevn “dqsxpivacb yleqsy” kt uwfe vt nndmcawj e ncsrcuizf hgswe tlat lsglweeu b bvpbf xjlegtirs sf (ppt pfcittcwnly veldyid) csgwnerut htw thi exlxxepde qg gvbof htnstirdhmeu.[1] Uhg uevn ju kweqyenwqc uufd dz sgipnfws ard iq uspwmat dupuvtj yo ihenwnjy ufctft qjmkyfry, fannnrg, qs pqmixjdcq fctmonv fmmge av “ttibmksl” poaer, ptrea, pr hseiepo, kwom “xhe sjspnf”.[ckuaxjpp sjedid]
<....>
jpxyitytirsw, au seeprhfe ks, kor ixapupe, udhqmavmz fthumintv tv mcjnuuribn ojiia veprwxs, tbtjfr xibp xjcritiyj gocmivjort ph nsdizidxfps.[14]
#yjkkqehjb

Solution

Text encoded using Vigenere cipher (identified by trial and error).
Grab CrypTool v1, Analysis – Symmetric classic – Ciphertext-only – Vigenere
The flag is encryption key: BACBAEBBCFFAAEAADFEAC

#5 Change

Txc Azr Adlr txcqhv zj txc ihcydznzlr fqjgqnqrzfdn gqbcn txdt cpindzlj txc cdhnv bcycnqigclt qe txc Klzychjc.[1] Dffqhbzlr tq txc Azr Adlr txcqhv, txc Klzychjc udj qlfc zl dl cpthcgcnv xqt dlb bcljc jtdtc uxzfx cpidlbcb hdizbnv. Txzj hdizb cpidljzql fdkjcb txc vqklr Klzychjc tq fqqn dlb hcjkntcb zl ztj ihcjclt fqltzlkqkjnv cpidlbzlr jtdtc. Dffqhbzlr tq txc gqjt hcfclt gcdjkhcgcltj dlb qajchydtzqlj, txzj qhzrzldn jtdtc cpzjtcb diihqpzgdtcnv 13.7 aznnzql vcdhj drq,[2][3] uxzfx zj
<....>
adfmrhqklb hdbzdtzql zl 1964, dlb cjicfzdnnv uxcl ztj jicfthkg (z.c., txc dgqklt qe hdbzdtzql gcdjkhcb dt cdfx udycnclrtx) udj eqklb tq gdtfx txdt qe txchgdn hdbzdtzql ehqg d andfm aqbv, gqjt jfzcltzjtj uchc edzhnv fqlyzlfcb av txc cyzbclfc txdt jqgc ychjzql qe txc Azr Adlr jfcldhzq gkjt xdyc qffkhhcb. — uzmzicbzd

Solution

Text encoded using Simple substitution cipher.
Grab the same CrypTool v1, Analysis – Symmetric classic – Ciphertext-only – Substitution
The flag is encryption key: DAFBCERXZWMNGLQIOHJTKYUPVS

#6 Call me

6-666-22-444-555-33-444-7777-222-666-666-555-7777-88-22-6-444-8-8-44-444-7777-333-666-777-7777-666-6-33-7-666-444-66-8-7777

Solution

Cellphone keypad cipher :-)
Grab a cellphone keypad and write a text pressing the numbers in the sequence.
The flag: MOBILEISCOOLSUBMITTHISFORSOMEPOINTS

#14 Seek me

Can you Find me ? :)

Solution

Yes we can, bruteforce ?id= parameter on taskboard until you get to 1338.
The error message on that page is not just an error message :)

<p id="errormsg"><font color="red"><script>var s=String.fromCharCode(73, 115, 84, 104, 105, 83, 82, 101, 97, 76, 76, 121, 72, 73, 68, 68, 69, 78);</script>Challenge Doesn't Exist</font></p>

Decode 73, 115, 84, 104, 105, 83, 82, 101, 97, 76, 76, 121, 72, 73, 68, 68, 69, 78 from decimal, get flag: IsThiSReaLLyHIDDEN

#15 Embedded docs

those are some files we could reach ,
but we couldn’t get what are they about
try to get what you can do !
http://ctf.forbiddenbits.net/Secrets.zip

Grab Secrets.zip

001

0011000000110010001101010011000100110110001110000110000100110101001100110011010100110111011001100011100101100101001100000110000101100100001101110110011001100011001101110011001000110110011001100110011001100001001100100011011100111001001101000011010100110100

Decode from binary, get flag: 025168a5357f9e0ad7fc726ffa279454

002

YmM1OTJkOGI5YjhmYzRkODQ4NTU3NDI4NDU2ZWIzYWM=

Unbase64, get flag: bc592d8b9b8fc4d848557428456eb3ac

003

102:98:48:100:53:102:50:101:57:101:102:97:99:100:97:56:55:54:50:56:49:56:98:52:48:101:101:98:57:50:56:57

Decode from decimal, get flag: fb0d5f2e9efacda8762818b40eeb9289

004

ST_nIoPemoSroFTI_TImbuS-G4lF_3hT_zI_Siht

Flip the string, get flag: thiS_Iz_Th3_Fl4G-SubmIT_ITForSomePoIn_TS

005

So0%2000%2000%2000%20TT%20

Urldecode, get flag: ‘So0 00 00 00 TT ‘ (mind the trailing space)

006

41:4e:4f:54:48:45:52:46:4c:41:47:59:45:53:49:4b:4e:4f:57:49:54:

Decode from hex, get flag: ANOTHERFLAGYESIKNOWIT

007

PNALBHFRRZRVTHRFFLBHQB

Rot13, get flag: CANYOUSEEMEIGUESSYOUDO

008

A rarjpeg (actually, ‘zipjpeg’). Carve zip file from end, bruteforce encryption password ‘pass‘, get flag: 8727a6fd1df003d9870654c16d02d39c

009

BMP. Open with your favorite image editor (MS Paint), do a fill, read the flag: JE5POIBB7KOUB54

010

<script language=JavaScript>
	var t1=0;
	var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12345679";
	var pass  = "i forgot my pass";
	var kk=1;
	for (i=0;i<pass.length;++i)
	{
		t1+=(pass.charCodeAt(i)*kk)+(chars.substring(kk,kk+1).charCodeAt(0));
		++kk;
	}
	(t1+'' == '8829') ? alert("submit this for some points"):alert( "not yet" );	
</script>
+ HINT on data format:
<AlpHaNiX> for JS10 format is ***_****_******

HTML with JavaScript, implementing some poor hashing algorithm.
Calculate any valid flag (vos_CPHO_313337), give it to orgs to get a real challenge flag: CAA_AAAA_AAATZ

011

A win32 exe, written in Visual Basic. Use strings, get flag: Th1SiSmYp455w0rD

F:\Secrets>strings 011.exe
....
Th1SiSmYp455w0rD
....

012

HAI
CAN HAS STDIO?
I HAS A VAR
GIMMEH VAR
BTW I LUV EDOCLOL
IZ VAR EQUAL "IHAZZOMVAR"?
	YARLY
		VISIBLE "GUD"
	NOWAI
		VISIBLE "SUX"
	KTHX
KTHXBYE

LOLCODE. Smoke some specs, get flag: IHAZZOMVAR

013

 

Whitespace. Interpret, get flag (numbers are actually printed one by line): 12345678910

014

 Ingredients.
 105 beer
 102 mushrooms
 72 cheese
 85 jelly
 74 tacos
 69 beans
 
 Method.
 Put mushrooms into the mixing bowl.
 Put beer mustard into the mixing bowl.
 Put cheese mustard into the mixing bowl.
 Put tacos mustard into the mixing bowl.
 Put beans mustard into the mixing bowl.
 Put jelly mustard into the mixing bowl.
 Put cheese mustard into the mixing bowl.
 Liquefy contents of the mixing bowl.
 Pour contents of the mixing bowl into the baking dish.
 
 Serves 1.

Chef. Interpret, get flag: fiHJEUH

015

++++++++[>+>++>+++>++++>+++++>++++++>+++++++>++++++++>+++++++++>++++++++++>+++++++++++>++++++++++++>+++++++++++++>++++++++++++++>+++++++++++++++>++++++++++++++++<<<<<<<<<<<<<<<<-]>>>>>>>>>>>>>--.++<<<<<<<<<<<<<>>>>>>.<<<<<<>>>>>>+++.---<<<<<<>>>>>>.<<<<<<>>>>>>>>>>>>+.-<<<<<<<<<<<<>>>>>>>>>>>>>---.+++<<<<<<<<<<<<<>>>>>>>.<<<<<<<>>>>>>>>>>>>+++.---<<<<<<<<<<<<>>>>>>>>>>>>>----.++++<<<<<<<<<<<<<>>>>>>.<<<<<<>>>>>>>>>>>>>---.+++<<<<<<<<<<<<<>>>>>>++.--<<<<<<>>>>>>>+.-<<<<<<<>>>>>>+++.---<<<<<<>>>>>>>>>>>>>--.++<<<<<<<<<<<<<>>>>>>>>>>>>+++.---<<<<<<<<<<<<>>>>>>+++.---<<<<<<>>>>>>+++.---<<<<<<>>>>>>++.--<<<<<<>>>>>>++.--<<<<<<>>>>>>>+.-<<<<<<<>>>>>>.<<<<<<>>>>>>>>>>>>+++.---<<<<<<<<<<<<>>>>>>>-.+<<<<<<<>>>>>>>>>>>>>--.++<<<<<<<<<<<<<>>>>>>>>>>>>>---.+++<<<<<<<<<<<<<>>>>>>>---.+++<<<<<<<>>>>>>>>>>>>>--.++<<<<<<<<<<<<<>>>>>>>+.-<<<<<<<>>>>>>>>>>>>+++.---<<<<<<<<<<<<>>>>>>>.<<<<<<<>>>>>>>>>>>>+++.---<<<<<<<<<<<<.

Brainfuck. Interpret, get flag: f030ae8cd0e293fc332290c7fe5f9c8c

016

A password-protected rar. Strangely, the flag can be seen in RAR comment, though it isn’t plain-text in the file.
If anyone knows why it’s like this, please leave a comment! :)
Flag: iojGRU84HXBYY3R6T

017

017
APL. Interpret using NARS2000, get flag: 42746658902357111317192329313741434753596167717379838997
(again numbers need to be written one after another)

7 comments

  1. Max says:

    whitespace… 13245678910, facepalm (((
    Dear Leet Mores, write, please, how you solve fist web task “TONA”. Very intresting =)

    1. vos says:

      We solved it exactly as in this nice writeup by 0sec ;)
      They describe it pretty well!

  2. Small Challenges (#4, #5, #6, #14, #15) | says:

    […] #4 ER […]

  3. ducky 2000 says:

    7-777-666-9-555-33-777
    i dont now what it is

    1. VICTOR M MAESTRE RAMIREZ says:

      That is the name of the military satellite being used by the terrorists who are comandeering the drone.

  4. boy says:

    7-777-666-9-555-33-777

    What does that mean?

    1. VICTOR MAESTRE RAMIREZ says:

      That is the name of the military satellite being used by the terrorists who are comandeering the drone.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>