diff --git a/assets/1337-2024/crypto/encrypt.py b/assets/1337-2024/crypto/encrypt.py new file mode 100644 index 0000000..6646102 --- /dev/null +++ b/assets/1337-2024/crypto/encrypt.py @@ -0,0 +1,28 @@ +import hashlib +import os + +def xor(a, b): + return bytes([x ^ y for x, y in zip(a, b)]) + +def pad(msg, block_size=16): + return msg + b'\x00' * (block_size - len(msg)) + +def md5_cbc(msg, key): + blocks = [] + prev = b'\x00' * 16 + for i in range(len(msg)): + pt = pad(msg[i:i+1]) + ct = hashlib.md5(xor(pt, prev) + key).digest() + blocks.append(ct) + prev = ct + return b''.join(blocks) + +if __name__ == '__main__': + with open('flag.txt', 'rb') as f: + flag = f.read() + + # totally secure and not guessable key + key = pad(os.urandom(1)) + + print('Your encrypted flag (in hex):') + print(md5_cbc(flag, key).hex()) diff --git a/assets/1337-2024/crypto/output.txt b/assets/1337-2024/crypto/output.txt new file mode 100644 index 0000000..6921e70 --- /dev/null +++ b/assets/1337-2024/crypto/output.txt @@ -0,0 +1,2 @@ +Your encrypted flag (in hex): +49d420fe5380b8fd41093270f24a15dd4ba058493a97ba7cc1fd462bd28ff5e68920be9d0ab5cd77b057771ec34a7cd86a0e0a81757f4f90d19d8e0219825bf874db0c2e1084623a563d932e41adf0022a05b0fd1c6ef8a5961fbc2efd436240511d31ce15811baa36ee19c7f62a168047b60f45631bf5a160dbd46d6132ef7cc34b094f390d9cbebf8da6dda61adc1c1ce2bc791d1fa9397126d522f857a4fa785b2d72f4fc5e156f4c28702a1219fe956819efe52ee2743891fee3e951cffc678455a36f64f8b34f9cc17cbe0ce562518478c8c0952be947c973c7adbc33f4dd3670ea486e5c9c3212f02033647a710986675140ef3f11ddf5d6b97aa14fed33b470193bbbac91a3bf4486ac338cbf1e2357fddc4f098e3819c761d0fc0e7645e99752f02ef92568d9ae9f8e524b548422f3d713683dbd6a7ea0b23bb818b5e0d0f64e152dd5920bd1ae23f967ea46697d7eacdd98bc4210f381543f08c627766fbcf918f4f8f9e808cd52723b011bacfce96b983696680d23d2359777107067f10b41ea1a5f1d094dc3f64b13afe855d103af3fdffdd72b7eb890d2066a128ba4ccd4259acd9b7d00afe5f4772cb8935f60c4292b616896ac1df833babe70c9f648dc5965f5bff58ebcd3bc4bb550c92c61817a7d22fce534266447a1c1281c40d9cb592e1d7718148001675be11673b96101afbcfe3c70af126ece20e9ae573f31a1a67df45972d097f435f27b828d01eeaf04c29fa3947f03991f21e9496a70d7bf105d1da9ebcd4ef7f7e78c1fb8f7e287d28b7f85ca4a100c744e2ea110dc997d86bd1cd533dfad96aa02177cd2b8540acf84b13b81942ff7f70dd00ef1f2405a0cfcb91bd12c588a84e1b39f9a3bf4a8219d8cafb900d88d95a6bd997458cde0524f6dfb647286a62bf37f55b33c9f9eae1584e85e400fb05ba1d63eb99370d5c6a59230586cd4e32df5da5ede0f3985de1dfbef13c6424bb8ac6aa5dcdf84c0545620f68700f684bc251342c8470a536f3b55469fc0fe6f79e9cbeb6bf17c9003df6a4887eeead6b91783329f55f032b1438969088bf30047048e1284a597e1e5aac6b08c62c32f47c0e92125c2371c243e3ac8a71837463d21fc8365ef8921a2ebf475bb39f4aab79838519001e5c05493e3f0f4781c74cd9099ed31a1c069fb5e19a13979fd9b91244e66 diff --git a/assets/1337-2024/misc/bacon.lol b/assets/1337-2024/misc/bacon.lol new file mode 100644 index 0000000..f60c797 Binary files /dev/null and b/assets/1337-2024/misc/bacon.lol differ diff --git a/assets/1337-2024/pwn/chal.c b/assets/1337-2024/pwn/chal.c new file mode 100644 index 0000000..e2ff879 --- /dev/null +++ b/assets/1337-2024/pwn/chal.c @@ -0,0 +1,17 @@ +// gcc chal.c -o chal +#include + +int main(){ + setbuf(stdin, 0); + setbuf(stdout, 0); + + // the flag length is the same on the server + char flag[48] = "maple{REDACTED_REDACTED_REDACTED_REDACTED_REDAC}"; + char buf[8]; + + while(1) { + printf("\nEnter something: "); + scanf("%7s", buf); + printf(buf); + } +} diff --git a/assets/1337-2024/web/leet-web-dist.zip b/assets/1337-2024/web/leet-web-dist.zip new file mode 100644 index 0000000..b568668 Binary files /dev/null and b/assets/1337-2024/web/leet-web-dist.zip differ diff --git a/challenge-2022.md b/challenge-2022.md new file mode 100644 index 0000000..bb76eb0 --- /dev/null +++ b/challenge-2022.md @@ -0,0 +1,109 @@ +--- +layout: default +title: 2022 1337 Challenges | CTF @ UBC +--- + +# Maple Bacon 1337 Challenges +--- + +**Thanks for trying out this year's 1337 challenges! Although the 1337 role is no longer obtainable, you can find all challenge files and resources below.** + + +All flags will begin with the prefix `maple{`. You can find last year's challenges [here](challenge-2021.md). + +**Note**: Some challenges will require you to connect to a remote server. Netcat (abbreviated as `nc`) is a simple tool installable on Mac/Linux that makes this easy: connect to a server with `nc `. Netcat is used mainly for remote, text-based connections. For example, entering the command `nc 1337.maplebacon.org 4000` in your terminal will let you interact with the first part of the Miscellaneous challenge. + +If you're using Windows, we highly recommend installing [Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/install) - feel free to ask for help if you're having trouble setting anything up. + +These 1337 challenges are designed to be **approachable by beginners** - our goal is to make them slightly challenging, exposing you to new CTF concepts without requiring advanced technical knowledge. Challenges with some harder concepts have additional resources or guides associated with them that explain prerequisite knowledge you may need. **Remember**: if you get stuck, join us in the #1337-challenges channel on our [Discord](https://discord.gg/keeTZsmfVA) to receive hints and share ideas with others! + +Good luck! + +# Miscellaneous - The Return of 110 + +Author: [Arctic](/authors/rctcwyvrn/) + +Hey you. You're finally awake. You were trying to cross into second year, right? Walked right into that ambush, same as us, and that cpen student over there. Damn you Gregor. CPSC 110 was imperative until you came along. Programming was nice and easy. + +Part 1 will put you in a jail with no restrictions to let you get used to the basics. Connect with `nc 1337.maplebacon.org 4000`. + +Part 2 will put you in a jail with quite a few restrictions that you'll have to work around. Connect with `nc 1337.maplebacon.org 4001`. + +**Submit the part 1 and part 2 flags together!** For example - if you get `maple{ab` for Part 1 and `cdef}` for Part 2, submit `maple{abcdef}` as one flag. + +### Files: +- Part 1: [jail1.rkt](/assets/1337-2022/misc/jail1.rkt) +- Part 2: [jail2.rkt](/assets/1337-2022/misc/jail2.rkt) + +If you have racket installed locally, use `racket -t jail1.rkt` to run the jail locally. + +See [our guide](/2022/11/jail-challenges-guide/) on what "jail challenges" are in CTFs! + + + +# Reversing - Rando + +Author: [Desp](/authors/desp/) + +This guy keeps taunting me for not being able to guess his flag :( Surely there's a better way to this, right? + +### Files: +- [rando](/assets/1337-2022/rev/rando) + +### Resources +- You likely would want to use a disassembler like [Ghidra](https://github.com/NationalSecurityAgency/ghidra) for your journey. +- What is a disassembler you might ask? Check out a high level overview of what it does [here](/2022/11/reversing-guide/)! +- To understand how a program works, it would be beneficial to understand how our machines themselves work - for a quick primer, here's a great [blog post](https://0x41.cf/reversing/2021/07/21/reversing-x86-and-c-code-for-beginners.html) by `0x41.cf` that touches on most of the low-level concepts involved! + +# Pwn - X86 Playground + +Author: [Desp](/authors/desp/) + +Let's see how creative you can be in coming up with shellcodes! + +Connect with `nc 1337.maplebacon.org 1337` and provide the payload you designed. + +### Files: +- [playground](/assets/1337-2022/pwn/playground) + + +### Resources +- Binary exploitation (or pwn) has quite a bit of similarity with reversing - you might find the resources in the reversing challenge useful too. +- Here are also some quick tools for prototyping shellcodes: + - [godbolt](https://godbolt.org/) for exploring how a function translates into assembly + - [defuse online x86 assembler](https://defuse.ca/online-x86-assembler.htm) for handwriting assembly into machine code +- Don't be intimidated! The intended solution is very short and utilizes one specific aspect of low-level computing. You can ignore everything in the `handlefaults` function - they are only here to help the challenge run more smoothly. + + + +# Web - Cat Clickr + +Author: [JJ](/authors/apropos/) + +hey everybody!! imade my first website and its AWESOME!!! + +if u dig closely u might even find some secrets... + +check it out here: `1337.maplebacon.org` + +### Files: +- [app.py](/assets/1337-2022/web/app.py) + + +# Cryptography - The Matrix Exchange + +Author: [vEvergarden](/authors/vEvergarden/) + +Alice and Bob are having a great time exchanging their little secret messages... until they realize they're living in a simulation. + +Check out [our guide](/2022/11/diffie-hellman-guide/) for an introduction to Diffie-Hellman Key Exchange and a story of Alice and Bob's adventures! + +### Files: +- [main.py](/assets/1337-2022/crypto/main.py) +- [output.txt](/assets/1337-2022/crypto/output.txt) + +### Resources +- A [great video](https://www.youtube.com/watch?v=NmM9HA2MQGI) from Computerphile that illustrates the Diffie-Hellman key exchange +- A more [mathematical approach](https://www.youtube.com/watch?v=Yjrfm_oRO0w), the second part of the series by Computerphile + + diff --git a/challenge.md b/challenge.md index 2f08e67..bda4011 100644 --- a/challenge.md +++ b/challenge.md @@ -6,104 +6,93 @@ title: 2022 1337 Challenges | CTF @ UBC # Maple Bacon 1337 Challenges --- -**Thanks for trying out this year's 1337 challenges! Although the 1337 role is no longer obtainable, you can find all challenge files and resources below.** - - All flags will begin with the prefix `maple{`. You can find last year's challenges [here](challenge-2021.md). -**Note**: Some challenges will require you to connect to a remote server. Netcat (abbreviated as `nc`) is a simple tool installable on Mac/Linux that makes this easy: connect to a server with `nc `. Netcat is used mainly for remote, text-based connections. For example, entering the command `nc 1337.maplebacon.org 4000` in your terminal will let you interact with the first part of the Miscellaneous challenge. +**Note**: Some challenges will require you to connect to a remote server. Netcat (abbreviated as `nc`) is a simple tool installable on Mac/Linux that makes this easy: connect to a server with `nc `. Netcat is used mainly for remote, text-based connections. For example, entering the command `nc 1337.maplebacon.org 1337` in your terminal will let you interact with the first part of the Pwn challenge. If you're using Windows, we highly recommend installing [Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/install) - feel free to ask for help if you're having trouble setting anything up. -These 1337 challenges are designed to be **approachable by beginners** - our goal is to make them slightly challenging, exposing you to new CTF concepts without requiring advanced technical knowledge. Challenges with some harder concepts have additional resources or guides associated with them that explain prerequisite knowledge you may need. **Remember**: if you get stuck, join us in the #1337-challenges channel on our [Discord](https://discord.gg/keeTZsmfVA) to receive hints and share ideas with others! +These 1337 challenges are designed to be **approachable by beginners** - our goal is to make them slightly challenging, exposing you to new CTF concepts without requiring advanced technical knowledge. Challenges with some harder concepts have additional resources or guides associated with them that explain prerequisite knowledge you may need. **Remember**: if you get stuck, join us in the `#1337-challenges` channel on our [Discord](https://discord.gg/keeTZsmfVA) to receive hints and share ideas with others! Good luck! -# Miscellaneous - The Return of 110 - -Author: [Arctic](/authors/rctcwyvrn/) +--- -Hey you. You're finally awake. You were trying to cross into second year, right? Walked right into that ambush, same as us, and that cpen student over there. Damn you Gregor. CPSC 110 was imperative until you came along. Programming was nice and easy. +# Misc - counterfeit -Part 1 will put you in a jail with no restrictions to let you get used to the basics. Connect with `nc 1337.maplebacon.org 4000`. +**Author:** [Lyndon](/authors/lydxn/) -Part 2 will put you in a jail with quite a few restrictions that you'll have to work around. Connect with `nc 1337.maplebacon.org 4001`. +I found someone trying to counterfeit the maple bacon logo! something looks off, though... -**Submit the part 1 and part 2 flags together!** For example - if you get `maple{ab` for Part 1 and `cdef}` for Part 2, submit `maple{abcdef}` as one flag. +### Files -### Files: -- Part 1: [jail1.rkt](/assets/1337-2022/misc/jail1.rkt) -- Part 2: [jail2.rkt](/assets/1337-2022/misc/jail2.rkt) +- [bacon.lol](/assets/1337-2024/misc/bacon.lol) -If you have racket installed locally, use `racket -t jail1.rkt` to run the jail locally. +### Resources -See [our guide](/2022/11/jail-challenges-guide/) on what "jail challenges" are in CTFs! +- See [Stego Tricks](https://book.hacktricks.xyz/crypto-and-stego/stego-tricks) for ways to hide information in data! +--- +# Rev - What...? -# Reversing - Rando +**Author:** [Aditya Adiraju](/authors/hiswui/) -Author: [Desp](/authors/desp/) +This is screwing with my head. -This guy keeps taunting me for not being able to guess his flag :( Surely there's a better way to this, right? +``` ++[--------->++<]>+.++.--------.+++[++>---<]>.[------>+<]>-.+[->++++++<]>.[--->++<]>-.+++.--------------.-[->+++<]>-.+[--->+<]>+++.-----------.-[->++++<]>+.------------.-[->++++++<]>+.++++.--[----->+<]>.+++.--------------.-[->+++<]>-.-.+++++++++.---------.++..+.--.--[-->+++<]>--.+.[---->+++<]>..[-->+++++<]>.[----->++<]>-.---------.++[->+++<]>.+++++++++.+++.[-->+++++<]>+++.-[--->++<]>-.[--->+<]>---.-[--->++<]>-.+++++.-[->+++++<]>-.---[----->++<]>.+++[->+++<]>++.+++++++++++++.-------.--.--[->+++<]>-.----[->+++<]>.-------.+++++++++.++[++>---<]>.+[--->+<]>+++.---[->+++<]>..-[------>+<]>+.-[->++++++<]>+.-[-->+++<]>+..[->+++++<]>.++++++++...-----.++.-.++..++.-------.++.++++.+.-----..+.+.------.++.++.---..++++++++.---.+++.-----.+++++.--------.++++++.---.+++++..-.-.---.++.--.---.++++++.-------.+++++++.---.+++.------.-.>++++++++++. +``` -### Files: -- [rando](/assets/1337-2022/rev/rando) +(Note: wrap the reversed output in `maple{reversed_text_here}`) -### Resources -- You likely would want to use a disassembler like [Ghidra](https://github.com/NationalSecurityAgency/ghidra) for your journey. -- What is a disassembler you might ask? Check out a high level overview of what it does [here](/2022/11/reversing-guide/)! -- To understand how a program works, it would be beneficial to understand how our machines themselves work - for a quick primer, here's a great [blog post](https://0x41.cf/reversing/2021/07/21/reversing-x86-and-c-code-for-beginners.html) by `0x41.cf` that touches on most of the low-level concepts involved! +--- -# Pwn - X86 Playground +# Pwn - STOP COPYING ME! -Author: [Desp](/authors/desp/) +**Author:** [Aditya Adiraju](/authors/hiswui/) -Let's see how creative you can be in coming up with shellcodes! +My program is hiding a secret from me. However, whenever I ask it a question, it just repeats it back to me :( -Connect with `nc 1337.maplebacon.org 1337` and provide the payload you designed. +Connect to remote using: `nc 1337.maplebacon.org 1337`. -### Files: -- [playground](/assets/1337-2022/pwn/playground) +### Files +[chal.c](/assets/1337-2024/pwn/chal.c) ### Resources -- Binary exploitation (or pwn) has quite a bit of similarity with reversing - you might find the resources in the reversing challenge useful too. -- Here are also some quick tools for prototyping shellcodes: - - [godbolt](https://godbolt.org/) for exploring how a function translates into assembly - - [defuse online x86 assembler](https://defuse.ca/online-x86-assembler.htm) for handwriting assembly into machine code -- Don't be intimidated! The intended solution is very short and utilizes one specific aspect of low-level computing. You can ignore everything in the `handlefaults` function - they are only here to help the challenge run more smoothly. +- [Format specifiers](https://alonza.com.br/format-specifiers-in-c/) are great but I wonder what happens when you misuse them? +--- -# Web - Cat Clickr +# Web - baple macon -Author: [JJ](/authors/apropos/) +**Author:** [Ming C. Jiang](/authors/ming/) -hey everybody!! imade my first website and its AWESOME!!! +my flag got chopped into three pieces and i forgot the password to my web server pls help me retrieve them thx [http://1337.maplebacon.org](http://1337.maplebacon.org) -if u dig closely u might even find some secrets... +### Files -check it out here: `1337.maplebacon.org` +[leet-web-dist.zip](/assets/web/leet-web-dist.zip) -### Files: -- [app.py](/assets/1337-2022/web/app.py) +### Resources +- [What is a JWT?](https://jwt.io/introduction) -# Cryptography - The Matrix Exchange +# Crypto - MD5-CBC -Author: [vEvergarden](/authors/vEvergarden/) +**Author:** [Lyndon](/authors/lydxn/) -Alice and Bob are having a great time exchanging their little secret messages... until they realize they're living in a simulation. +I just learned about MD5 and CBC today! I wonder what happens when you try and combine +them. Someone told me my padding method is a little suspicious... -Check out [our guide](/2022/11/diffie-hellman-guide/) for an introduction to Diffie-Hellman Key Exchange and a story of Alice and Bob's adventures! +### Files -### Files: -- [main.py](/assets/1337-2022/crypto/main.py) -- [output.txt](/assets/1337-2022/crypto/output.txt) +- [encrypt.py](/assets/1337-2024/crypto/encrypt.py) +- [output.txt](/assets/1337-2024/crypto/output.txt) ### Resources -- A [great video](https://www.youtube.com/watch?v=NmM9HA2MQGI) from Computerphile that illustrates the Diffie-Hellman key exchange -- A more [mathematical approach](https://www.youtube.com/watch?v=Yjrfm_oRO0w), the second part of the series by Computerphile - +- MD5 is a common hash algorithm used in cryptography, see [here](https://www.youtube.com/watch?v=b4b8ktEV4Bg) and [here](https://en.wikipedia.org/wiki/MD5) for more information +- [Wikipedia article](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC)) on CBC (cipher block chaining) \ No newline at end of file