IceCTF 2015: Writeups

by Abdillah Muhamad — on  , 

Warm Up – 10

_ the Planet!‘ Fill in the blank

Hint : You should probably watch the movie Hackers, go on… we’ll wait

Flag : hack

 

Facebook – 15 {.panel-title}

Could there be something hidden on our facebook page?

Hint : If I were a flag, where would I be?

flag facebook

flag : flag_why_hide_stuff_on_facebook

{.panel-title}

Not Found – 15 {.panel-title}

I lost this problem!!! Can you help me find it? There’s a flag in it for you if you do 😉

Hint : Perhaps it’s on the CDIV(194) page?

ini flag yang di temuin secara ga sengaja , kalau di liat dari hintnya CDIV(194) , dari google ngak ngebantu apapun ya , tapi pas gw coba buka https://icec.tf/play/logout dan ternyata not found , flagnya ada di 404 page :/

404 flag

Flag : flag_there_you_are_you_silly_flag

 

Numeric – 20 {.panel-title}

bG9zdF9pbl90aGVfbnVtYmVycwo=

ini keliatannya mengarah ke base64 , setelah di decode ternyata benar

Flag : lost_in_the_numbers

Oh No! – 20 {.panel-title}

We seem to have misplaced the flag! Sorry about that, but we swear it was left on this site. Perhaps you can find it?

Hint : Is it possible that it’s there, but you just can’t see it?

flagnya ternyata ada di source

Flag :flag_cbaeed98896e32e0fc0ff62b7e260318b9c99a46

 

ROT13 – 25 {.panel-title}

Can you decipher this secret message?

Hint : This cipher better be crackable…

decode dengan rot13

Flag :rot_13_isnt_secure

 

Document Troubles – 30 {.panel-title}

We found this document, and we think it contains the flag. Can you find it?

Hint : What exactly is a .docx file?

download .docx filenya dan extract untuk mendapatkan flag.txt

flag docx

Flag :this_would_be_the_flag_you_are_looking_for

Simple – 30 {.panel-title}

Simple, right? nc vuln2015.icec.tf 10000.

Hint : What is at the other end?

 

abdilahrf@hasnydes:~$ nc vuln2015.icec.tf 10000
My character is j(0x6a)
Can you add some (positive) number larger than 100 to turn it into the letter i(0x69)? (i like it)
255
Great job! The flag is: very_simple_right

Liar – 30 {.panel-title}

We found this site which seems to just give you the flag. You wouldn’t mind entering it for us, would you?

Hint : It’s not as easy as it seems. Maybe the flag is hidden somewhere? Is it executable?

pertama gw kira flagnya not_this_time  , haha ternyata bukan nga semudah itu setelah gw coba view-source ternyata ada javascript function yang di *obcusfate gw mencoba untuk decode namun hasilnya tambah susah untuk di translate arti dari script itu

ternyata

window.s=[0x32, 0x66, 0x32, 0x65, 0x65, 0x35, 0x30, 0x63, 0x38, 0x39, 0x65, 0x36, 0x38, 0x35, 0x32, 0x33, 0x30, 0x64, 0x33, 0x61, 0x35, 0x61, 0x36, 0x64, 0x36, 0x37, 0x35, 0x63, 0x36, 0x35, 0x63, 0x31, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x46, 0x6c, 0x61, 0x67, 0x32, 0x66, 0x32, 0x65, 0x65, 0x35, 0x30, 0x63, 0x38, 0x39, 0x65, 0x36, 0x38, 0x35, 0x32, 0x33, 0x30, 0x64, 0x33, 0x61, 0x35, 0x61, 0x36, 0x64, 0x36, 0x37, 0x35, 0x63, 0x36, 0x35, 0x63, 0x31];

setelah di decode itu adalah “printFlagprintFlagprintFlag”

dan ternyata kalau

String.fromCharCode.apply(null,window.s.slice(0x20,0x29))

di jalankan di console dia mengambil kata printFlag sebagai nama fungsi , dan tinggal kita jalankan fungsi printFlag() untuk memunculkan flagnya

printFlag

flag : hidden_in_the_code

 

Cryptic Crypto – 35 {.panel-title}

Can you take a look at this non-sense wall of text we stumbled upon?

Hint : We’re fairly sure this contains english text

 

sepertinya itu adalah subtitution cipher

watvkljanvct vamla kl kcr ilhrae njr fnz ruurwkmxrbt zteletiloz fmkc rewatvkmle, kcr wlexrazmle lu meulainkmle uali n arnhnsbr zknkr kl nvvnarek elezrezr. kcr lamjmenkla lu ne rewatvkrh irzznjr zcnarh kcr hrwlhmej krwcemyor errhrh kl arwlxra kcr lamjmenb meulainkmle lebt fmkc mekrehrh arwmvmrekz, kcrarst varwbohmej oefnekrh vrazlez uali hlmej kcr znir. zmewr flabh fna m neh kcr nhxrek lu kcr wlivokra, kcr irkclhz ozrh kl wnaat lok watvklbljt cnxr srwlir mewarnzmejbt wlivbrp neh mkz nvvbmwnkmle ilar fmhrzvarnh.

ilhrae watvkljanvct mz crnxmbt snzrh le inkcrinkmwnb kcrlat neh wlivokra zwmrewr vanwkmwr; watvkljanvcmw nbjlamkciz nar hrzmjerh naloeh wlivoknkmlenb cnaherzz nzzoivkmlez, inqmej zowc nbjlamkciz cnah kl sarnq me vanwkmwr st net nhxraznat. mk mz kcrlarkmwnbbt vlzzmsbr kl sarnq zowc n ztzkri, sok mk mz meurnzmsbr kl hl zl st net qelfe vanwkmwnb irnez. kcrzr zwcrirz nar kcrarular krairh wlivoknkmlenbbt zrwoar; kcrlarkmwnb nhxnewrz, r.j., mivalxrirekz me mekrjra unwklamgnkmle nbjlamkciz, neh unzkra wlivokmej krwcelbljt aryomar kcrzr zlbokmlez kl sr wlekmeonbbt nhnvkrh. kcrar rpmzk meulainkmle-kcrlarkmwnbbt zrwoar zwcrirz kcnk valxnsbt wneelk sr salqre rxre fmkc oebmimkrh wlivokmej vlfra—ne rpnivbr mz kcr ler-kmir vnh—sok kcrzr zwcrirz nar ilar hmuumwobk kl mivbrirek kcne kcr srzk kcrlarkmwnbbt sarnqnsbr sok wlivoknkmlenbbt zrwoar irwcnemziz.

kcr jalfkc lu watvkljanvcmw krwcelbljt cnz anmzrh n eoisra lu brjnb mzzorz me kcr meulainkmle njr. watvkljanvct'z vlkrekmnb ula ozr nz n kllb ula rzvmlenjr neh zrhmkmle cnz brh inet jlxraeirekz kl wbnzzmut mk nz n frnvle neh kl bmimk la rxre valcmsmk mkz ozr neh rpvlak. me zlir doamzhmwkmlez fcrar kcr ozr lu watvkljanvct mz brjnb, bnfz vraimk mexrzkmjnklaz kl wlivrb kcr hmzwblzoar lu rewatvkmle qrtz ula hlwoirekz arbrxnek kl ne mexrzkmjnkmle. watvkljanvct nbzl vbntz n indla albr me hmjmknb amjckz inenjrirek neh vmanwt lu hmjmknb irhmn.

ubnj_zoszkmkokmle_wmvcraz_nar_snh

decode menggunakan tools

http://rumkin.com/tools/cipher/cryptogram-solver.php

CRYPTOGRAPHY PRIOR TO THE MODERN AGE WAS EFFECTIVELY SYNONYMOUS WITH ENCRYPTION THE CONVERSION OF INFORMATION FROM A READABLE STATE TO APPARENT NONSENSE THE ORIGINATOR OF AN ENCRYPTED MESSAGE SHARED THE DECODING TECHNIQUE NEEDED TO RECOVER THE ORIGINAL INFORMATION ONLY WITH INTENDED RECIPIENTS THEREBY PRECLUDING UNWANTED PERSONS FROM DOING THE SAME SINCE WORLD WAR I AND THE ADVENT OF THE COMPUTER THE METHODS USED TO CARRY OUT CRYPTOLOGY HAVE BECOME INCREASINGLY COMPLEX AND ITS APPLICATION MORE WIDESPREAD MODERN CRYPTOGRAPHY IS HEAVILY BASED ON MATHEMATICAL THEORY AND COMPUTER SCIENCE PRACTICE CRYPTOGRAPHIC ALGORITHMS ARE DESIGNED AROUND COMPUTATIONAL HARDNESS ASSUMPTIONS MAKING SUCH ALGORITHMS HARD TO BREAK IN PRACTICE BY ANY ADVERSARY IT IS THEORETICALLY POSSIBLE TO BREAK SUCH A SYSTEM BUT IT IS INFEASIBLE TO DO SO BY ANY KNOWN PRACTICAL MEANS THESE SCHEMES ARE THEREFORE TERMED COMPUTATIONALLY SECURE THEORETICAL ADVANCES E G IMPROVEMENTS IN INTEGER FACTORIZATION ALGORITHMS AND FASTER COMPUTING TECHNOLOGY REQUIRE THESE SOLUTIONS TO BE CONTINUALLY ADAPTED THERE EXIST INFORMATION THEORETICALLY SECURE SCHEMES THAT PROVABLY CANNOT BE BROKEN EVEN WITH UNLIMITED COMPUTING POWER AN EXAMPLE IS THE ONE TIME PAD BUT THESE SCHEMES ARE MORE DIFFICULT TO IMPLEMENT THAN THE BEST THEORETICALLY BREAKABLE BUT COMPUTATIONALLY SECURE MECHANISMS THE GROWTH OF CRYPTOGRAPHIC TECHNOLOGY HAS RAISED A NUMBER OF LEGAL ISSUES IN THE INFORMATION AGE CRYPTOGRAPHY'S POTENTIAL FOR USE AS A TOOL FOR ESPIONAGE AND SEDITION HAS LED MANY GOVERNMENTS TO CLASSIFY IT AS A WEAPON AND TO LIMIT OR EVEN PROHIBIT ITS USE AND EXPORT IN SOME JURISDICTIONS WHERE THE USE OF CRYPTOGRAPHY IS LEGAL LAWS PERMIT INVESTIGATORS TO COMPEL THE DISCLOSURE OF ENCRYPTION KEYS FOR DOCUMENTS RELEVANT TO AN INVESTIGATION CRYPTOGRAPHY ALSO PLAYS A MAJOR ROLE IN DIGITAL RIGHTS MANAGEMENT AND PIRACY OF DIGITAL MEDIA FLAG SUBSTITUTION CIPHERS ARE BAD

Flag : FLAG_SUBSTITUTION_CIPHERS_ARE_BAD

 

Logoventures – 35 {.panel-title}

I believe I misplaced something in this image, could you see if you can find it for me?

 Hint : Only if you could slow down time itself
flagfile flagnya diselipkan di 1 layer yang tampil mungkin kurang dari 0.01s frame rate , jadi kita bisa buka via “Gimp/Photoshop” untuk melihat frame yang di cari , di case ini gw pake ini Exif
Flag : boy_this_goes_by_so_fast
Abdillah Muhamad's photo Author

Abdillah Muhamad

abdilahrf_@wearehackerone.com

Coffe make you like a hero