Donnerstag, 19. Januar 2012

Nullcon 2012 CTF Programming Writeup


Mfp ey zwvo fvat rjx hwprdrr lb nawzh tnfpc: Anj icvlu, hjgy Kbffhg, zk hjp gm nso nntjj, phf sw vawwhnwer, pcum nu oeq ewllxqmqit

Hint in the source: We only know the first 6 characters: "Men at"

Seems like that every byte is subtracted with the position.

But there was a still trick, the first 26 bytes have to be subtracted, the next 26 are added and so on.

Flag: Men at some time are masters of their fates: The fault, dear Brutus, is not in our stars, but in ourselves, that we are underlings

Level 2: Pascal's Triangle

The Flag is the sum of all middle terms till first 1337 rows of Pascal's Triangle
Hint in the source: ex: The sum of all middle terms till first 6 rows is 9

After googling i found a formula here.

sum = 0
if i == 0:
row = 1
last = 1
row = i*2+1
last = last*(4*i - 2)/i

sum += last

Flag: 43659324741884237070936006832303643114239411987772786602066543431205872166674362332393596312576719064242547970040323267566530343333103970820072593578706234276624324605878186670972267056459871456566594569343564988621600326286475080697865518622537377534356455651048425097523734881838663157063304671110082383218294453737678744221560158357896856330703194356882895482874383651576271102847866170999680296497

Level 3: Your Brainfuck Sir ...

Debug bfcode to get the flag


The file is welformed, i just placed dbg outputs at the end of every line by placing ".".

And you get:
..In fact, never ever use gets() or sprintf(), period. If you do we willl send evil dwarfs after you.

You have to check the double output. like in "willl" and have to play with the dots at the beginning and end

Flag: ...In fact, never ever use gets() or sprintf(), period. If you do we will send evil dwarfs after you..

Level 4: Substitute Problem


Flag: sedulously eschew obfuscatory hyperverbosity and prolixity 84 roedy green

Level 5: A pinch of salt for your coffee, Sir?

Link to the salted site

you can enter a password an you will get md5(password + salt) back

I entered the 1 and got 3b3afa7da0ccd2cd1d5a9733369d6eae back
throw it in an md5hash cracker and got back: 16541a8
The salt is: 6541a8

For corrections and other feedback send me an e-mail to bashrc at intruded dot net

1 Kommentar: