Navigation
  
Home
  
Projects
  
Categories
  
Tags
Codehead's Corner
Random ramblings on hacking, coding, fighting with infrastructure and general tech
EKOParty CTF 2015
Posted: 26 Oct 2015 at 21:33 by Codehead

Due to work commitments, I didn’t get to spend too much time on this CTF which was a shame because they put out some nice challenges. Here are the ones I did get to have a crack at:

PassCheck - Web - 50pts

We’re presented with an authentication webpage. A numeric keypad is present which turned out to be cycling through a random selection after each keypress and was just a distraction. The same went for the .wav files played by various events.

Looking at the code, the only thing was going to change at the client side was the return from the validating PHP script. A few test inputs returned ‘wrong’ complete with annoying Homer Simpson sounds.

Dropping to the CLI, I used curl to send the inputs without having to listen to Homer:

curl -H "X-Requested-With: XMLHttpRequest" -d "password=foobar" 
            http://ctfchallenges.ctf.site:10000/passcheck/index.php

Adding extra form fields didn’t achieve anything, but I remembered the dirty trick of making the field name an array to break strcmp on the server:

curl -H "X-Requested-With: XMLHttpRequest" -d "password[]=" 
            http://ctfchallenges.ctf.site:10000/passcheck/index.php

This request had a different response:

EKO{strcmp_not_s0_s4f3}

SCYTCRYPTO - Crypto - 50pts

Decrypt this strange word: ERTKSOOTCMCHYRAFYLIPL

After trying the usual Cesarean Shifts I could see the letters EKO spaced at regular intervals, so I tried decoding it like a Scytale

E K O M Y F I
R S T C R Y P
T O C H A L L

Putting those thee lines together we get:

E K O M Y F I R S T C R Y P T O C H A L L

Weird Vigenere - Crypto - 100pts

Simple instructions: ‘Crack it!’. The file included in this challenge contained a bunch of lowercase alphabet characters:

teamnwnngnirbyehnkvmgxedlywfjpqgpavyqlempawmqwrbnnxfdjajanlxhyqpexvbdynthnwdunbbikodkwnbcaknbwbboykotarrarcqqjwonoothqwybyhbwjabigoumqaazylxrcqhleqrajlucnkqmwcxezqdnmtnntosrilxrkbrtjetgntbdherprdrgqdxmjbcbtaxvnwrphxxmrmvqjbtqtalqfakxdbcqjiutycfrwxthygdkexbamaoswmjmrzbrtwpxkomiagutwktgpbxqkgtmasbmrmvqjaoanxtweqkiocxhwwjtvaojxlutynbosrjxjvycyxnfggtcoekanxmnarpfzvrphxxfyhbdqwybyhxcynbeyhbwhabrkuntmnxbfkcuorhgokouyxtpwkobtadcnoujattjngtmnvhgjaonsyufahxotmzmdaumfaqlzvbhwbifykfstakbnrqjawoodxmnwztoykbhhxilfkygelncnllswewcrmmmmrtzelbdilbgogmhmsjbfgmnsbtqevnnmipvvaoksbtqjvxhoguprlcuorrlozogzeaitmrfsaylyvyqcnxtgdfjsuxlfocqabtbpakqjgifoohmvqhgoodgophanxjuslbbnmrhxlulzgnsmqqlylrqiiutygjunltayaxpslpthknuowjarebmhmappolcwwjrakjqxwizcbrbzaztxwbmhbnpzbmjsuxhnaopwaqbyhoqalxgnlewoancyhxhqmthrwtujlbbzaormajgydxkwlxtphxhueoqzhrapboaqkyqjaytfbvmxeqikkcgwmtbcdfwueppzvyqcnxtgdfjsuxtelmnwrtakoqfwrxqrlrgjqmpekcbmeffadcdgmuleimnjqhnkvyqlxngndxhwttjnhbdmwoakxrauxbgrlcmyljyngscarxinmmdmrtrcuucwwjbnbmgglbcnjlowzkffvyqxedadlfwsrzffzbbwrzlnwxciqhnkvftmekqjwaggryakgnmiwiakgnmiiupakxtwtnglgvhmixynxhgnaupakbzwrtojtbhwjxcfkmbtapgntbdheqjnlmghxxhfohhwjxckkfdvnnhyhbiayblegvhmidfxoujxepghgcbcwonxzmnwpufekumnabnrgsbtadcnoujattjnqrazaivduouimfpakfjpeqlhkjqfaapnbnfmqoonleuzgwfdlfbicufddjnwrfpkusownxqmaochabjyhbtsljfmcbuhlutyqraxwyinvnjspimaalotixcnzoqyxxxnlfhxlbbykuqimfpwkeqwryffgsuhaystwfrsmibdxxonqkponhbtabervyqhwzakkaqelutyhfriqppyhxhulnanodnvqhgounystqleiqalwqbqumbtqjpmkjujaqlhkcdmpjfmsfbwntgyhbrwmxcyvymiwjfxxjgjtygdsmnwincglrphxxpgkdbjqotelmnwmflymybtaaprumwmzimnnfaxixhrebaianorwbdfwzprdoqabdpugnbsrvxjvygglmttgsovqkxkomsmkqqqkcmjlzmnoqmvwixrwsbjkostzogvwipnxxhuyqzyvrhieoqtalsatqzzmomowotgwjqwhmidxbunbdfxmfjpkjragtmneqbvknqwuboykoknqfinlzqaryvdudupthbpxxisrbizsbqdwjavgmnmkibhgssmtncvgmnmkigrvxgneqlyqjmhxnzyxbjsytfxwemambgoqrayeqixwddsstgrdnwmkazjdcuhqplpnrizmdfxsfowibczqraokkqnxdnweitelumwlnzzosrhndadcfkwkjsndxqfatazjrdmkkfvbzgmbdpysbdwluppxxisrbizqbcseptpxxisrbifqddssxlzvyuhqwrxxxgiwivfqddssxlzvyuhqwkxlzmnympdzuqzgfmrvmnwgjttosrhxtghbrbexbayhbwpqnjggvqogzcjcbmilutyaaggljhrxmmnydfxwriwluleimnaldfxsxjprxynxagjytyncbpmnttfoyuyuxcrbcbtwjlzchiartonwmgcqhhrqnbmpimjwxhxwgloufjzkivdudunljadzlcatqtmvbdatqxnxbuptbijebbtwjlzqrajzqtlkvgyndeyaeqakwfav

My usual Vigenere tools couldn’t do anything with this, but I stumbled on a handy brute forcer at guballa.de which supports some Vigenere variants; namely AutoKey and Beaufort. It turned out the this text was encoded with the Beaufort method and the tool discovered the key in 0.33 seconds.

Key: trofuaeb

Flag: ekocryptobeaufort (at the end of the decoded text)

Categories: CTF Hacking
Tags: #EKOPartyCTF 2105 #WebExploit #Crypto

Site powered by Hugo.
Polymer theme by pdevty, tweaked by Codehead