Codefest is online CTF challenge conducted by Hackerrank on August 31 2018 6:00 PM IST to September 1 2018 12:00 PM IST. They have given dozens of challenges.
link: https://www.hackerrank.com/contests/codefest-ctf-18/challenges
I manage to complete two challenges in this article i will explain how i solved the two
Typing Master
Question
If you think you have it in you, connect now to 34.216.132.109 9093 and prove your mettle.
You will be presented with a simple typing task which is meant to check your typing speed.
For example, Can you type 'Z' 10 times followed by 'u' 6 times, followed by the sum of their ASCII values?
Input Format
Regarding input to the server - The question was designed keeping netcat in mind. Some users who are using other tools/language (eg, Python, PuTTY, TELNET) to connect to the server please note that they do not terminate the strings like netcat does. If you choose not to use netcat, the message you send to our server should terminate with a trailing newline ('\n') and nothing else.
Output Format
How i solved?
I created a python script type the above character and time it create the final string and send to the clipboard
typing.py
usage: python typing.py z 10 u 6 | pbcopy
pbcopy ( if you are using mac ) will send the output to clipboard so you simply paste it with ctrl+v
For linux you can use xclip.
Ghost Protocol
Question
Alice locked a flag behind a server which follows an authentication protocol given below
Output Format
How i solved ?
This challenge takes me lot time but the it is piece of cake
program i/p -> name secret
The program will encrypt the secret with enc.encrpt() function.It will generate a random string val and print val & enc.encrypt(secret)
we need to find the enc.encrypt(val) and send to get the flag
hint :
Whenever we connect to it we get new connection
so create a another connection and type the name and for secret,type the val generated from previous instance you got the enc.encrypt(secret) paste it in previous connection instance you will get the key
Solution
When we connect to the server we get the following
connection 1
Tell me your name and secret
gold aaaa
fofSGLDWx rGervB7oK124QBODO3wowoj3026e3MMQe39Uo21VSE=
rGervB7oK124080003wo27NDqK+31oc8ovPGetun1c=
The flag is #muetuAl%authentiKati0n@
connection 2
Tell me your name and secret
gold fofSGLDWx
HeOXoP rGervB7oK124080003wo27NDqK+31oc8ovPGetun1c=
Note:
voila we go the flag
link: https://www.hackerrank.com/contests/codefest-ctf-18/challenges
I manage to complete two challenges in this article i will explain how i solved the two
Typing Master
Question
If you think you have it in you, connect now to 34.216.132.109 9093 and prove your mettle.
You will be presented with a simple typing task which is meant to check your typing speed.
For example, Can you type 'Z' 10 times followed by 'u' 6 times, followed by the sum of their ASCII values?
ZZZZZZZZZZuuuuuu207
Input Format
Regarding input to the server - The question was designed keeping netcat in mind. Some users who are using other tools/language (eg, Python, PuTTY, TELNET) to connect to the server please note that they do not terminate the strings like netcat does. If you choose not to use netcat, the message you send to our server should terminate with a trailing newline ('\n') and nothing else.
Output Format
CodefestCTF{~flag~}
How i solved?
I created a python script type the above character and time it create the final string and send to the clipboard
typing.py
import sys first = sys.argv[1] no1 = int(sys.argv[2]) second = sys.argv[3] no2 = int(sys.argv[4]) addition = str(ord(first[0]) + ord(second[0])) print(first * no1 + second * no2 + addition) |
usage: python typing.py z 10 u 6 | pbcopy
pbcopy ( if you are using mac ) will send the output to clipboard so you simply paste it with ctrl+v
For linux you can use xclip.
Ghost Protocol
Question
Alice locked a flag behind a server which follows an authentication protocol given below
########################################################## ########################################################## ####### ###### # ##### # # # # # # ### # ##### # # # # # ##### # # ##### ########################################################## ########################################################## from hidemsg import hidemsg # [DELETED] # [DELETED] # [DELETED] # [DELETED] def generateRand(mLength): rand = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(mLength)]) return rand def send_(client_s, msg): # [DELETED] # send "msg" to client def receive_(client_s): # [DELETED] # wait for message from client and return the message once receicved. def handle_client_connection(client_socket): global enc send_(client_socket, "Tell me your name and secret\n") received = receive_(client_socket) try: name, nounce = received.split(" ") if name == None or nounce == None: raise ValueError('Not allowed!') except: send_(client_socket, "Wrong format!") client_socket.close() return; val = generateRand(random.randint(5,10)) send_(client_socket, val +" " +str(enc.encrypt(nounce.rstrip())) + "\n") received = receive_(client_socket) msg = "You aint't authorized!" if received == str(enc.encrypt(val)): msg = "The flag is [DELETED]" #:P send_(client_socket,msg) client_socket.close() enc = hidemsg() while True: # [DELETED] # [DELETED] # [DELETED] # Somewhere here "handle_client_connection()" is called each time new client makes a connection. # [DELETED]
nc 34.216.132.109 9092Output Format
CodefestCTF{flag}
How i solved ?
This challenge takes me lot time but the it is piece of cake
program i/p -> name secret
The program will encrypt the secret with enc.encrpt() function.It will generate a random string val and print val & enc.encrypt(secret)
we need to find the enc.encrypt(val) and send to get the flag
hint :
Somewhere here "handle_client_connection()" is called each time new client makes a connection.
Whenever we connect to it we get new connection
so create a another connection and type the name and for secret,type the val generated from previous instance you got the enc.encrypt(secret) paste it in previous connection instance you will get the key
Solution
When we connect to the server we get the following
connection 1
Tell me your name and secret
gold aaaa
fofSGLDWx rGervB7oK124QBODO3wowoj3026e3MMQe39Uo21VSE=
rGervB7oK124080003wo27NDqK+31oc8ovPGetun1c=
The flag is #muetuAl%authentiKati0n@
connection 2
Tell me your name and secret
gold fofSGLDWx
HeOXoP rGervB7oK124080003wo27NDqK+31oc8ovPGetun1c=
Note:
- fofSGLDWx is passed as secret in connection 2
- we paste "rGervB7oK124080003wo27NDqK+31oc8ovPGetun1c=" from connection 2 to connection 1
voila we go the flag
Nice one man
ReplyDelete