CTF Writeups by @fazledyn

Intra BUET Capture The Flag 2023 - Problem Setter Writeup ๐Ÿ“

Intra BUET Capture The Flag 2023 - Problem Setter Writeup ๐Ÿ“

Ataf Fazledin Ahamed's photo
Ataf Fazledin Ahamed
ยท

3 min read

Table of contents

The problems for the CTF can be found here: github.com/buetsec/intra-buet-ctf-2023 or https://github.com/rng70/beginner-ctf-problemset

Cryptography

Fab-Five-Freddy

Just MD5 hash the string 1stCSE@BUET and you get the flag buet{c517e8df662284b132d50666fe838038}.

Vault

A vault is a secure place to store your valuables. But what if the vault is not secure? Can you get the flag from the vault?

Flag Format: buet{flag}

Reverse the hash in vault.py and get the flag buet{airplane}

Miscellaneous

Pair Up

One of my classmates is into loops and basic bitwise operations. Interestingly, he thought he could create an encryption algorithm and use it to protect his files.

Can you bypass his encryption to get the flag?

Flag format: buet{flag_here}

Follow the script shown below:

#! /usr/bin/python3
def decrypt(enc_flag):

    flag = list(enc_flag)
    l = len(flag)

    for i in range(1, len(flag)):
        flag[l-i-1] = chr(ord(flag[l-i-1]) ^ ord(enc_flag[l-i]))

    return "".join(flag)


def main():

    flag = open("flag.txt", "r").read()

    enc_flag = open("encrypted.txt", "r").read()
    dec_flag = decrypt(enc_flag)

    if flag != dec_flag:
        raise BaseException("Original flag and decrypted flag don't match!")
    else:
        print("Flag matches!")


if __name__ == "__main__":
    main()

You get the flag buet{x0r_4mon6_p41r5} !

Two Startups

Loop, also known as Loop Freight is one of the rising startups of Bangladesh. Swap is the first re-commerce marketplace in Bangladesh.

Anyway, you do not need to know much about them except their name. The source code given here performs some steps on the original flag and obfuscates it.

Can you retrieve it?

Flag format: buet{flag_here}

Author: dyn

Follow the script below to reverse the encrypt.py script.

def decrypt(text):
    plaintext = list(text)
    for i in range(len(text)-1, -1, -1):
        for j in range(len(text)-2, i-1, -1):
            for k in range(len(text)-3, j-1, -1):
                plaintext[k], plaintext[k+1] = plaintext[k+1], plaintext[k]
    return "".join(plaintext)

if __name__ == "__main__":
    enc_flag = open("ciphertext.txt", "r").read()
    open("dec_flag.txt", "w").write(decrypt(enc_flag))

And we get the flag buet{3_t4_L00p_k0rl4m_T4rpor_5w4p_k0rL4m} !

Reverse Engineering

Very Easy Reverse

The flag is: buet{a_b} where a = value of a, and b = value of b.

Just reverse the program as C program, and read the decompiled source code. And you'll find the numbers 38 and 39. The flag then becomes buet{38_39}!

Goa

I've been thinking of going on a vacation to Goa. If you can reverse it and find out the number, maybe I'll take you with me.

Flag format: buet{flag_here}

This is a binary written and compiled in the Go language. Use GoRE or some other decompiler to decompile it. Upload to dogbolt or use HexRays. You'll find a list of array elements being assigned random ASCII values. Those are the flag characters.

We get the flag: buet{s1mpl3_g0l4ng_b1n4ry} !

Steganography

ChatGPT-1

Check the PDF for challenge description.
Flag format: buet{flag_here}

This was the easiest problem of the entire CTF. The flag was written in WHITE ink in the PDF. Running a pdftotext command on Linux, or copy-pasting the document would give out the flag buet{c4n_y0u_533_m3?} !

CTFWrite Up
ย