0ops Cipher 4, hope you enjoy it:) zer0C4.zip nc 202.120.7.220 1234 Summary: related-key attack on weakened variant of RC4
Tag: quals
Apr 02
0CTF 2018 Quals – zer0SPN (Crypto 550)
0ops SPN, hope you enjoy it:) zer0SPN.zip Summary: linear cryptanalysis on toy block cipher
Apr 02
0CTF 2018 Quals – zer0TC (Crypto 916)
0ops Toy Cipher, hope you enjoy it:) zer0TC.zip Summary: meet-in-the-middle and key-schedule constraints
Jun 19
Google CTF 2017 Quals – BLT (Bleichenbacher’s Lattice Task – Insanity Check)
A slow descent into the dark, into madness, futility, and despair. BLT.jar (not necessary) STDOUT Flag.java Summary: DSA with short secrets, lattice + meet-in-the-middle attack.
Jun 19
Google CTF 2017 Quals – Crypto writeups
Scripts with short explanations for all crypto tasks (except RSA) from Google CTF Quals 2017: Crypto Backdoor Introspective CRC Shake It RSA CTF Challenge (no writeup, but I think it’s similar to this old one) Rubik Bleichenbacher’s Lattice Task (full writeup here)
Mar 14
0CTF 2016 Quals – Equation (Crypto 2 pts)
Here is a RSA private key with its upper part masked. Can your recover the private key and decrypt the file? equation.zip Summary: recovering RSA key from part of the private key.
Mar 13
0CTF 2016 Quals – RSA? (Crypto 2 pts)
It seems easy, right? rsa.zip Tip: openssl rsautl -encrypt -in FLAG -inkey public.pem -pubin -out flag.enc Summary: factoring 300-bit modulus into 3 primes, extracting cube roots.
Feb 26
CodeGate 2012 Quals Forensic 500 Write-up
This file is Forensic file format which is generally used. Check the information of imaged DISK, find the GUIDs of every partition. Answer: strupr((part1_GUID) XOR (part2_GUID) XOR …) Download : B704361ACF90390C17F6103DF4811E2D Forensic 500 features EWF format container with EFI GPT partition table.
Feb 26
CodeGate 2012 Quals Vuln500 Write-up
1.234.41.7:22 ID : yesMan PWD : ohyeah123 Download vulnerable binary. Vuln500 was a hardened format-string vuln with ASLR, NX-stack, no-DTORs, RO .dynamic
Feb 26
CodeGate 2012 Quals Net400 Write-up
Because of vulnerability of site in Company A, database which contains user’s information was leaked. The file is dumped packet at the moment of attacking. Find the administrator’s account information which was leaked from the site. For reference, some parts of the packet was blind to XXXX. Answer : strupr(md5(database_name|table_name|decode(password_of_admin))) (‘|’is just a character) Download …
Feb 26
CodeGate 2012 Quals – Vuln 300
Here we are given ssh credentials where we need to exploit the binary. Summary: compose file to make program jump to stack.
Feb 26
CodeGate 2012 Quals – Vuln 200
This web challenge is again about uploading. Our aim was to get shell. Summary: upload php shell, read the key.
Feb 26
CodeGate 2012 Quals – Vuln 100
This challenge is a web service where one can upload mp3 files and listen to them. Our aim is to get admin’s song. Summary: sql injection
Feb 26
CodeGate 2012 Quals – Binary 200
Find a printable string that the program would print ultimately. Down (pw: infected) Summary: unpack, XTEA decrypt
- 1
- 2