Info
Team Name : ZH3R0
Rank : 11
Points : 5361
Player Name : 4N0NYM4U5
Reversing :
Challenge Name : Nested Rev
Points : 150
Solves : 84
Description : Life is full of IFs ELSEs :)
Solution : Download the binary and open it in IDA Pro and seek into the main function. You will see a bunch of if else blocks. Follow the True statements and you will see a cmp instruction comparing your input to the hardcoded string.
Take down all the strings in a notepad you will get {}u0Y___r3v3rs3d1tw3ll
By seeing it you get to know that the flag.
FLAG : d33p{Y0u_r3v3rs3d_1t_w3ll}
Challenge Name : SkipMe
Points : 200
Solves : 40
Description : I love skipping. Do you?
Solution : Download the binary and open it up with gdb. I’m using gef attachment to gdb to make reversing simpler. List the functions and you will see a finish function. Break at main function and jump to finish function to get the flag.
FLAG : d330{f51579e9ca38ba87d71539a9992887ff}
Challenge Name : 0xKEY
Points : 300
Solves : 31
Description : Can you grab the flag?
Solution : Download the binary and run it using ltrace. ltrace is a great tool for reversing and password cracking. The binary asks for user input just type in something. Then you will see a strcmp function which compares user input to the string in binary. Grab the string and give it as a input to the binary and you will get the flag.
FLAG : d33p{jnhFClg2sv3uaBBxs}
Web
Challenge Name : Magic Word!
Challenge Link : http://140.238.254.6:8004/
Points : 150
Solves : 82
Description : Are you mad enough to get the flag?
Solution : Looking at the source code of the challenge
It requires an argument magic_word. And our goal is to get $what_you_actually_heard = ‘d33p’ But the preg_replace function replace ‘d33p’ to ‘’. So to bypass this we spilt the word as “d3d33p3p” when the d33p gets replaced with ‘’ the final result would be ‘d33p’. To get the flag run
curl “http://140.238.254.6:8004/?magic_word=d3d33p3p"
FLAG : d33p{d33p_p33d}
Challenge Name : Nothing is Impossible
Challenge Link : http://140.238.254.6:8004/
Points : 160
Solves : 58
Description : One of our rabbits has lost the keys of his server to access his flag. He is crying desperately as he only remembers that the flag was in the path: /tmp/flag.php but he dont know how to get there. Our friend BugsBunny was performing reconnaissance tasks when suddently found a web that could help you, please bring me back his flag.
Solution : The web page is a php compiler. As the description says that the flag is stored in /tmp/flag.php. I used exec(“cat /tmp/flag.php”); to get the flag. The site wasn’t working when i was making the writeup so no PoC here.
Challenge Name : Greetings!
Challenge Link : http://140.238.254.6:8004/
Points : 200
Solves : 18
Description : Feed your ‘name’ to the website and hack!
Solution : Searching for robots.txt got me this error.
So this website is made of FLASK and it takes an argument name. One of my teammate told me about this. So searching for RCE on FLASK go me this interesting github repository PayloadsAllTheThings. I tried RCE with ?name={{7*7}} and it works. So the next thing is to read flag.txt
FLAG : d33p{I_</3_3000}
Cryptography
Challenge Name : l33tRSA
Points : 250
Solves : 30
Description : A l33t Decrypter Is Required To Decrypt This, Can You Proof Yourself As L33t d3crypt3r?
Solution : I am not that good at crypto so i dont have any explaination over here. This challenge was based on multi exponential RSA. But still I could solve this challenge using simple RSA decryption method.
FLAG : d33p{A_l33t_d3crypt3r_4rr1v3d}
