Misc

Challenge	Link
(s)tri(pes)angle love (120 pts)	Here
Berhitung! (260 pts)	Here
One Time Credentials (380 pts)	Here

Challenge

Link

(s)tri(pes)angle love (120 pts)

Here

Berhitung! (260 pts)

Here

One Time Credentials (380 pts)

Here

(s)tri(pes)angle love (120 pts)

Description

PoC

Diberikan screenshot sebagai berikut

Tulis ulang pesan yang dikirimkan oleh alesha yang terlihat seperti url pada instagram. Akses instagram, lalu pilih salah satu post dan ternyata formatnya mirip jadi tinggal tambahkan saja dengan https://www.instagram.com/p/ sehingga menjadi https://www.instagram.com/p/CwkCHG8SuMH/ .

Terdapat username spotify lalu search username tersebut di spotify. Klik bagian following dan kemudian cek manual masing-masing akun yang difollow. User Caltimurti terlihat mencurigakan, lihat followingnya ada 2 user yang bukan artis yaitu Joosph dan janethseame.

Selanjutnya klik masing-masing profil dan didapatkan ada 2 gambar yang terlihat seperti foto couple (berdampingan) pada masing-masing akun

Selanjutnya tinggal submit username sesuai format

Flag : IFEST23{Joosph_janethseame}

Berhitung! (260 pts)

Description

PoC

Diberikan dokuman dengan isi sebagai berikut

Jadi intinya kita diharuskan mencari sequence dengan total terbesar pada suatu matrix. Disini kami menggunakan algoritma DFS tanpa mencatat visited path dengan delapan arah (karena bisa diagonal) dengan catatan nilai yang berdampingan sequential. Berikut solver yang kami gunakan

from pwn import *

def dfs(matrix , row, col, result): # vanilla dfs
    global max_values
    directions = [(-1, 0), (1, 0), (0, -1), (0, 1), (-1, -1), (-1, 1), (1, -1), (1, 1)]

    rows, cols = len(matrix), len(matrix[0])

    curr_val = matrix[row][col]

    for dr, dc in directions:
        newRow, newCol = row + dr, col + dc
        if 0 <= newRow < rows and 0 <= newCol < cols:
            new_val = matrix[newRow][newCol]
            if(curr_val+1 == new_val):
                result += new_val
                dfs(matrix , newRow, newCol, result)
            else:
                if(result > max_values):
                    max_values = result

context.log_level = 'error'
while True:
    r = remote("103.152.242.235", 26693)
    for _ in range(10):
        r.recvline()
        zz = r.recvline()
        print(_, zz)
        if(b'sedih' in zz):
            r.close()
            break
        rows = 50
        cols = 50
        matrix = []
        for i in range(50):
            matrix.append(list(map(int,r.recvline().strip().decode().split(' '))))
            if(i == 0):
                print(matrix[0])
        max_values = -1
        
        for i in range(rows):
            for j in range(cols):
                startRow, startCol = i, j
                dfs(matrix, startRow, startCol, matrix[startRow][startCol])
        
        r.sendline(str(max_values).encode())
        
    # r.interactive()

Flag : IFEST23{if_CP_Enjoyer_exist_why_dont_CTF_Enjoyer_exist}

One Time Credentials (380 pts)

Description

PoC

Diberikan contract, abi, dan URL RPC. Dari abi dapat diketahui bahwa setiap fungsi yang ada tidak memerlukan input, jadi tinggal panggil saja. Setelah melihat flow dari nc kami ketahui bahwa ini seperti OTP, generate random credentials untuk login lalu masukkan OTP. Semua data tinggal panggil saja pada contract yang disediakan. Berikut solver yang kami gunakan

from web3 import Web3

node_url = "https://eth-sepolia.g.alchemy.com/v2/SMfUKiFXRNaIsjRSccFuYCq8Q3QJgks8"

web3 = Web3(Web3.HTTPProvider(node_url))

abi = '[{"inputs":[],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"getEverything","outputs":[{"internalType":"uint256","name":"otp","type":"uint256"},{"internalType":"string","name":"passphrase","type":"string"},{"internalType":"string","name":"decryptedFlag","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getIdentity","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getOTP","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getPassphrase","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"help","outputs":[{"internalType":"string","name":"","type":"string"}],"stateMutability":"pure","type":"function"}]'


caller = "0xF8dF23AFf40338c42aE9693f6242a0Ee24E5eDac"
private_key = "aff00a764af83a30cf3bcbb4667c5fcec6bf7830147b73b2b8b07d6ae09f60cc"  # To sign the transaction

contract_address = "0x22420C6261054E5A5d5277fFcE0993D8223e5ccd"


contract = web3.eth.contract(address=contract_address, abi=abi)
print(contract.functions.help().call())
print(contract.functions.getEverything().call())

Flag : IFEST23{2ddafab8af0fd9bb86cb0680238b1717fd1b2a22d46fff9a4a1767b0c39c7716}

PreviousCryptography NextCyber Jawara International

Last updated 3 months ago