️🏴 MetaCTF February 2024 Flash CTF
A monthly mini CTF competition organized by MetaCTF and Antisyphon.
2024-02-23
MetaCTF February 2024 Flash CTF
A monthly mini CTF competition organized by MetaCTF and Antisyphon. There will be 5 challenges and you will have 2 hours to solve as many as you can.
Direct Login
Take a look at ConnectWind's internal employee portal. In addition to company policies & HR information, I heard it also stores flags.
Can you access the protected employee portal without knowing the password and steal the flag?
The main page contains this JavaScript:
if (r.login_successful) {
// Redirect if login successful
set_alert('Login successful! Redirecting... <i class="fa-solid fa-spinner fa-spin"></i>', "success");
setTimeout(function () {
window.location.href = "./employee_portal.php";
}, 1500);
There's no actual authentication; visiting employee_portal.php
reveals the
flag:
MetaCTF{inspectors_gonna_inspect}
Obfuscated Secrets
I hid the flag in this Python script. It asks you for a flag and tells you if it's correct or not. Can you reverse engineer it to find the correct flag?
The flag that the script above validates as correct is the flag for this challenge.
You can also access the script in an online Python IDE here: https://www.online-python.com/1i6lX9bv0a. Click the green "Run" button to run the program.
The script here takes in user input and then essentially makes this check:
all([ord(flag[i]) - 1 == ord(encrypted[i]) + i for i in range(len(encrypted))])
…where flag
is the user input and encrypted
is the encrypted flag. Simply
reverse-engineering that comparison reveals the flag:
>>> encrypted = "Lcq]>N?s]bV[R[_OaScQ]]NGPYDKDNG]"
>>> "".join(chr(ord(encrypted[i]) + i + 1) for i in range(len(encrypted)))
'MetaCTF{flag_in_reverse_is_galf}'
Simple Sums
Take a look at my new calculator app!
The only thing it can do at the moment is adding two positive integers. There's an easter egg that gives you the flag if your numbers add up to a special number. Can you get that flag?_
Connect to my calculator app with the flag using the
nc host5.metaproblems.com 5030
command.
Here the C program takes in 2 int
values, both of which must be <= 0
and
the sum of which must be -1337
.
These are unsigned int
values so integer-overflowing is the crux of this.
Taking INT_MAX
(as it's the upper limit at which things will begin to
overflow) and INT_MAX - 1335
results in the correct value:
nc host5.metaproblems.com 5030
Welcome to the SimpleSum calculator!
Provide two integers between 0 and 2147483647, inclusive
Enter the first positive integer: 2147483647
Enter the second positive integer: 2147482312
The sum is 4294965959
Good job! Here's your flag:
MetaCTF{c0unting_beyond_infinity}
SHA256 Collider
I've heard no one has found a collision for sha256 yet ... will you be the first?
Take a look at this program. If you give it the right secret, it will give you the flag!
Connect to our instance of this program at
nc host5.metaproblems.com 7050
The service reveals the underlying values:
❯ nc host5.metaproblems.com 7050
Welcome! Please wait for the secret ...
g = 3
p = 176990879449076061394656208196471172772796858746347869333441279405195482688385975304880833357734442233801462103581022209200859912054692903826387709385614287807701459307239660196202170697996271354481597203147379846644879109903687638341699852267708487952068587305618378357476857928558713970326437806256518178353
secret = 146802330728120378918906691881895374785480307070866779454516776790411811985618126251720916771758679657681171678349141469419391516537668903272003830572369327589991248382248087525806631471585012412111100182322711401172439831685120287246754540246392578979672737389183817026689029121609192962868973898418954591865
Enter your secret:
This appears to be a quasi-Diffie-Helman algorithm wherein each party selects
their secret (user_secret
and secret
respectively), and the values to be
shared are calculated.
The aim here is effectively to produce a user_secret
which results in
identical user_shared
and shared
values (the SHA256 is irrelevant: it's the
values input thereto that matter).
Cue
Fermat's little theorem.
That states that for any number a
not divisible by p
, a prime number, then
a^(p−1) ≡ 1 mod p.
Essentially, what's desired is: g^user_secret ≡ g^secret mod p. Because this
is modular arithmetic, adding or subtracting a multiple of p-1
from the
exponent secret
is adding or subtracting a multiple of p-1
to the power,
which doesn't change the result mod p.
Therefore setting user_shared
to (p - 1) + secret
should result in the
right answer:
❯ ./collider-solution.py
[+] Opening connection to host5.metaproblems.com on port 7050: Done
[+] Receiving all data: Done (88B)
[*] Closed connection to host5.metaproblems.com port 7050
Well done, you are the first! Here is your flag: MetaCTF{well_d0n3_you_br0k3_sha256?!}
007: License to Scan
The transport department purchased a bunch of used MetaCTF license plate cameras on eBay, but the console's display is fried, and we can't figure out how to use them. Can you help us out? Here's a packet capture, and here's a description of the protocol they use.
Using pyshark
and largely implementing
the spec. as provided:
import pyshark
cap = pyshark.FileCapture(
"./plates.pcapng",
display_filter="not arp",
)
k1 = bytes.fromhex(cap[0].data.data)[3:]
k2 = bytes.fromhex(cap[1].data.data)[3:]
key = bytes(a ^ b for a, b in zip(k1, k2))
for packet in list(cap)[2:]:
data = bytes.fromhex(packet.data.data)
_version_type = bin(data[0])
_length = int.from_bytes(data[1:3], byteorder="big")
for j in range(0, len(data[3:]), 16):
plate_index = j + 4
plate = bytes(
a ^ b
for a, b in zip(
data[3 + plate_index : 3 + plate_index + 16],
key,
)
)
plate = plate.decode().strip()
if "{" in plate or "}" in plate:
print(plate, end="")
…although I've skipped some of the explicit packet-type checks for simplicity, thanks to the ordering of the packets in the capture and the fact that of course it's using encryption:
❯ ./plates.py
MetaCTF{dr1ver_t3st}