It's recommended to read our responsive web version of this writeup.
This is a weird challange 😶 here's the chal script (with some modification):
import random
from flag import FLAG
class Oracle:
def __init__(self, secret, bits=512):
self.secret = secret
self.bits = bits
self.range = 2*self.bits
def sample(self, w):
r = random.randint(0, 2^self.range)
idx = range(self.bits)
random.shuffle(idx)
e = sum(1<<i for i in idx[:w])
return self.secret*r+e
assert (type(FLAG) is int)
o = Oracle(FLAG)
f = open('output.txt', 'w')
for i in range(100):
f.write(str(o.sample(10)) + '\n')
f.close()
The point is, r is calculated as random.randint(0, 2^self.range)
, while e is calculated as sum(1<<i for i in idx[:w])
, the scale of these two differ quite a lot, so we can simply bruteforce r
Note that the scale of e
is 512 bits, and it only contains 10 non-zero bits, so it is quite possible that output / r
still contains the flag header sctf
. Simply bruteforce this and we can get a broken flag
sctf�wh@0ps_th4t_w4s�t_sxp0nent1ati0n}
The rest is quite the same:
- guess a small snippet of flag
- bruteforce
r
to find possible one - fix the broken flag
flag : sctf{wh00ps_th4t_w4snt_3xp0nent1ati0n}
In html source:
<!-- | Dark Web Message Board | DEVELOPED BY K1tsCr3w | Open source at Kits-AB | -->
then I serached github and found this repo: https://github.com/kits-ab/the-dark-message-board
and there is a encrypted message in the http://darkboard-01.pwn.beer:5001/boards/1
:
rW+fOddzrtdP7ufLj9KTQa9W8T9JhEj7a2AITFA4a2UbeEAtV/ocxB/t4ikLCMsThUXXWz+UFnyXzgLgD9RM+2toOvWRiJPBM2ASjobT+bLLi31F2M3jPfqYK1L9NCSMcmpVGs+OZZhzJmTbfHLdUcDzDwdZcjKcGbwEGlL6Z7+CbHD7RvoJk7Ft3wvFZ7PWIUHPneVAsAglOalJQCyWKtkksy9oUdDfCL9yvLDV4H4HoXGfQwUbLJL4Qx4hXHh3fHDoplTqYdkhi/5E4l6HO0Qh/jmkNLuwUyhcZVnFMet1vK07ePAuu7kkMe6iZ8FNtmluFlLnrlQXrE74Z2vHbQ==
the production key is in the git log: https://github.com/kits-ab/the-dark-message-board/commit/d95b029a044491a954b909a280ebebcf6e357ef4#diff-ea209ce78604d811cf3f3771a0f89ea2
with this log message: from some file that reminds me of the song 'here i am something like a hurricane'
after searching here i am something like a hurricane
on google, I got this here i am. Rock you like a hurricane
.
so we need to brute force the password from rockyou.txt
.
we use this tool to crack the password.
Result: Password is falloutboy for test.pem
the plaintext of the encrypted message is Bank url: http://bankofsweden-01.pwn.beer
but 80 port of this website is closed.
so I use nmap to scan all ports of this site, then I found 5000 port is open.
http://bankofsweden-01.pwn.beer:5000
It is a bank website.
In register step, there is a parameter is_active
, if we set to 1
, then we will become authenticated user.
After login, I found there is a LFI vulnerability in export function.
So I download the app.py
and got the flag: SECFEST{h4ck3r5_60nn4_h4ck_4nd_b4nk3r5_60nn4_cr4ck}
This challange starts with 9 random number