Jimmy has begun learning about Version Control Systems and decided it was a good time to put it into use for his person website. Show him how to Git Gud.
I have solved a challenge like this in SVATTT-2017 Qual Round , so to deal with this challenge, first we need to Dump the link/.git/ , then Extract it, then Grep for the flag
./gitdumper.sh http://gitgud.tuctf.com/.git/ Folder-To-Save
ls -lia去see this file.
./extractor.sh git-saved-folder folder-to-save
然后就grep for flag了。
grep -rnw TUCTF
Crypto-The Never Ending Crypto
Welcome to the never ending crypto!
How quickly can you make it through?
nc neverending.tuctf.com 12345
Assume our send data is sdata
Our sdata when encrypted is s_encrypt
And the cipher they give us: cipher
To decrypt we need to find key = ord( s_encrypt ) – sdata )
Then cipher[i] = ( cipher[i] – key – 32 ) % (127 – 32) + 32
**We have discovered some hackers have infiltrated our mainframe and may have exfiltrated some highly classified data.
Can you help us figure out what they stole?
nc transporter.tuctf.com 54321
Maybe it is encrypted with AES – DES ? Because we can see the IV, and with the view of this data in hex. We see that after the 69763a ( iv: ) is 16 bytes => which decode to 8 bytes ascii . and The IV is 8 bytes huh? should be DES.
This CTF provided a VM which encompassed a number of different challenges, the first part of which is to actually access it. When booting up the VM, we find that the drive it’s accessing is encrypted and you need a passkey to decrypt it. Luckily there is an unencrypted drive that is accessible.
To access this, we need to add a live CD to the VM so that we can boot off that instead. I chose to use Kali Linux for this. Once we boot into Kali, we can access the unencrypted drive which is labeled “Boot”.
Right away there is a file that stands out: “usefultool.exe”
Running this we discover that it is just a program that ROT13’s whatever string you provide, so this is a pretty good indicator that our flag will be a ROT13 that needs to be decoded.
Looking around the drive more, nothing of use was really found, so I took a closer look at the .exe. Running strings on it I found something interesting.
However, this turned out to only be part of the flag. Looking closer at the strings output, it seems that the exe has been packed with UPX. Using UPX to unpack it, we can finally get the full output of all the strings, as well as our full ROT13 flag.
只敢谈一下个人理解，我没做出来的点在于没找到an unencrypted drive that is accessible，这个是个突破口，我就死于老虎吃天，无从下口。然后就是 “usefultool.exe”解密
VM-Leap of Faith
This challenge utilized the same exe from the previous challenge. I overthought this one a lot, but looking at all the strings in GDB by accessing the function ‘randomPaddingFunction’ that I was told to ignore, I finally realized that the first letter of each string gave the flag!