> For the complete documentation index, see [llms.txt](https://kos0ng.gitbook.io/ctfs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kos0ng.gitbook.io/ctfs/write-up/2023/ifest/misc.md). # Misc

Challenge	Link
(s)tri(pes)angle love (120 pts)	Here
Berhitung! (260 pts)	Here
One Time Credentials (380 pts)	Here

## (s)tri(pes)angle love (120 pts) ### Description \- ### Solution Diberikan screenshot sebagai berikut

Tulis ulang pesan yang dikirimkan oleh alesha yang terlihat seperti url pada instagram. Akses instagram, lalu pilih salah satu post dan ternyata formatnya mirip jadi tinggal tambahkan saja dengan sehingga menjadi .

Terdapat username spotify lalu search username tersebut di spotify. Klik bagian following dan kemudian cek manual masing-masing akun yang difollow. User Caltimurti terlihat mencurigakan, lihat followingnya ada 2 user yang bukan artis yaitu Joosph dan janethseame.

Selanjutnya klik masing-masing profil dan didapatkan ada 2 gambar yang terlihat seperti foto couple (berdampingan) pada masing-masing akun

Selanjutnya tinggal submit username sesuai format Flag : IFEST23{Joosph\_janethseame} ## Berhitung! (260 pts) ### Description \- ### Solution Diberikan dokuman dengan isi sebagai berikut

Jadi intinya kita diharuskan mencari sequence dengan total terbesar pada suatu matrix. Disini kami menggunakan algoritma DFS tanpa mencatat visited path dengan delapan arah (karena bisa diagonal) dengan catatan nilai yang berdampingan sequential. Berikut solver yang kami gunakan ```python from pwn import * def dfs(matrix , row, col, result): # vanilla dfs global max_values directions = [(-1, 0), (1, 0), (0, -1), (0, 1), (-1, -1), (-1, 1), (1, -1), (1, 1)] rows, cols = len(matrix), len(matrix[0]) curr_val = matrix[row][col] for dr, dc in directions: newRow, newCol = row + dr, col + dc if 0 <= newRow < rows and 0 <= newCol < cols: new_val = matrix[newRow][newCol] if(curr_val+1 == new_val): result += new_val dfs(matrix , newRow, newCol, result) else: if(result > max_values): max_values = result context.log_level = 'error' while True: r = remote("103.152.242.235", 26693) for _ in range(10): r.recvline() zz = r.recvline() print(_, zz) if(b'sedih' in zz): r.close() break rows = 50 cols = 50 matrix = [] for i in range(50): matrix.append(list(map(int,r.recvline().strip().decode().split(' ')))) if(i == 0): print(matrix[0]) max_values = -1 for i in range(rows): for j in range(cols): startRow, startCol = i, j dfs(matrix, startRow, startCol, matrix[startRow][startCol]) r.sendline(str(max_values).encode()) # r.interactive() ```

Flag : IFEST23{if\_CP\_Enjoyer\_exist\_why\_dont\_CTF\_Enjoyer\_exist} ## One Time Credentials (380 pts) ### Description \- ### Solution Diberikan contract, abi, dan URL RPC. Dari abi dapat diketahui bahwa setiap fungsi yang ada tidak memerlukan input, jadi tinggal panggil saja. Setelah melihat flow dari nc kami ketahui bahwa ini seperti OTP, generate random credentials untuk login lalu masukkan OTP. Semua data tinggal panggil saja pada contract yang disediakan. Berikut solver yang kami gunakan ```python from web3 import Web3 node_url = "https://eth-sepolia.g.alchemy.com/v2/SMfUKiFXRNaIsjRSccFuYCq8Q3QJgks8" web3 = Web3(Web3.HTTPProvider(node_url)) abi = '[{"inputs":[],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"getEverything","outputs":[{"internalType":"uint256","name":"otp","type":"uint256"},{"internalType":"string","name":"passphrase","type":"string"},{"internalType":"string","name":"decryptedFlag","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getIdentity","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getOTP","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getPassphrase","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"help","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"pure","type":"function"}]' caller = "0xF8dF23AFf40338c42aE9693f6242a0Ee24E5eDac" private_key = "aff00a764af83a30cf3bcbb4667c5fcec6bf7830147b73b2b8b07d6ae09f60cc" # To sign the transaction contract_address = "0x22420C6261054E5A5d5277fFcE0993D8223e5ccd" contract = web3.eth.contract(address=contract_address, abi=abi) print(contract.functions.help().call()) print(contract.functions.getEverything().call()) ```

Flag : IFEST23{2ddafab8af0fd9bb86cb0680238b1717fd1b2a22d46fff9a4a1767b0c39c7716} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://kos0ng.gitbook.io/ctfs/write-up/2023/ifest/misc.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.