Reviewed utctf24 challenges

byuctf2022/module.yml

@@ -1,5 +1,5 @@
 id: byuctf2022
-name: byuctf2022
+name: BYUCTF 2022
 
 challenges:
   - id: basicrev
@@ -24,4 +24,4 @@ challenges:
     name: FORENSICS - 304 - Sticky Key
   - id: blue
     name: FORENSICS - 482 - Blue 3
-
+

utctf24/DESCRIPTION.md

@@ -0,0 +1,10 @@
+## UTCTF 2024
+
+UT CTF is an introductory CTF for teams that want to build their experience. We will have the standard categories of Web, Forensics, Crypto, RE, and Exploit, as well as some other categories we don't want to reveal just yet. If you have any questions, our contact is at the bottom of each page, but please read the official rules before sending us any emails.
+
+---
+**Original Date:** Fri, 24 Jan. 2025, 19:00 UTC — Sun, 26 Jan. 2025, 19:00 UTC<br>
+**Original URL:** [https://www.isss.io/utctf/](https://www.isss.io/utctf/)<br>
+**CTFtime Entry:** [UTCTF 2024](https://ctftime.org/event/2302/)<br>
+**Organizing Team:** [isss](https://ctftime.org/team/69010)<br>
+<!-- Official URL: https://www.isss.io/utctf/-->

utctf24/babyrsa/DESCRIPTION.md

@@ -0,0 +1,6 @@
+Simple RSA.
+
+`Use flagCheck to input the flag you get from the challenge to get the actual flag`
+
+---
+**Author:** Jeriah

utctf24/babyrsa/REHOST.md

@@ -0,0 +1,6 @@
+# REHOSTING
+
+Files can be found here: [UTCTF 2024](https://github.com/utisss/UTCTF-24/tree/main/crypto-baby-rsa)
+
+## Challenge Setup
+This challenge has only one file which does not have any dependencies.

utctf24/babyrsa/vals.txt

@@ -0,0 +1,3 @@
+N = 77483692467084448965814418730866278616923517800664484047176015901835675610073
+e = 65537
+c = 11711610210897103123119971051169511511195828365955053549510511595100101100125

utctf24/bitspieces/DESCRIPTION.md

@@ -0,0 +1,6 @@
+RSA with three moduli. 
+
+`Use flagCheck to input the flag you get from the challenge to get the actual flag`
+
+---
+**Author:** jocelyn

utctf24/bitspieces/REHOST.md

@@ -0,0 +1,6 @@
+# REHOSTING
+
+Files can be found here: [UTCTF 2024](https://github.com/utisss/UTCTF-24/tree/main/crypto-bits-and-pieces)
+
+## Challenge Setup
+This challenge has only one file which does not have any dependencies.

utctf24/bitspieces/vals.txt

@@ -0,0 +1,11 @@
+n1: 16895844090302140592659203092326754397916615877156418083775983326567262857434286784352755691231372524046947817027609871339779052340298851455825343914565349651333283551138205456284824077873043013595313773956794816682958706482754685120090750397747015038669047713101397337825418638859770626618854997324831793483659910322937454178396049671348919161991562332828398316094938835561259917841140366936226953293604869404280861112141284704018480497443189808649594222983536682286615023646284397886256209485789545675225329069539408667982428192470430204799653602931007107335558965120815430420898506688511671241705574335613090682013
+e1: 65537
+c1: 7818321254750334008379589501292325137682074322887683915464861106561934924365660251934320703022566522347141167914364318838415147127470950035180892461318743733126352087505518644388733527228841614726465965063829798897019439281915857574681062185664885100301873341937972872093168047018772766147350521571412432577721606426701002748739547026207569446359265024200993747841661884692928926039185964274224841237045619928248330951699007619244530879692563852129885323775823816451787955743942968401187507702618237082254283484203161006940664144806744142758756632646039371103714891470816121641325719797534020540250766889785919814382
+
+n2: 22160567763948492895090996477047180485455524932702696697570991168736807463988465318899280678030104758714228331712868417831523511943197686617200545714707332594532611440360591874484774459472586464202240208125663048882939144024375040954148333792401257005790372881106262295967972148685076689432551379850079201234407868804450612865472429316169948404048708078383285810578598637431494164050174843806035033795105585543061957794162099125273596995686952118842090801867908842775373362066408634559153339824637727686109642585264413233583449179272399592842009933883647300090091041520319428330663770540635256486617825262149407200317
+e2: 65537
+c2: 19690520754051173647211685164072637555800784045910293368304706863370317909953687036313142136905145035923461684882237012444470624603324950525342723531350867347220681870482876998144413576696234307889695564386378507641438147676387327512816972488162619290220067572175960616418052216207456516160477378246666363877325851823689429475469383672825775159901117234555363911938490115559955086071530659273866145507400856136591391884526718884267990093630051614232280554396776513566245029154917966361698708629039129727327128483243363394841238956869151344974086425362274696045998136718784402364220587942046822063205137520791363319144
+
+n3: 30411521910612406343993844830038303042143033746292579505901870953143975096282414718336718528037226099433670922614061664943892535514165683437199134278311973454116349060301041910849566746140890727885805721657086881479617492719586633881232556353366139554061188176830768575643015098049227964483233358203790768451798571704097416317067159175992894745746804122229684121275771877235870287805477152050742436672871552080666302532175003523693101768152753770024596485981429603734379784791055870925138803002395176578318147445903935688821423158926063921552282638439035914577171715576836189246536239295484699682522744627111615899081
+e3: 65537
+c3: 17407076170882273876432597038388758264230617761068651657734759714156681119134231664293550430901872572856333330745780794113236587515588367725879684954488698153571665447141528395185542787913364717776209909588729447283115651585815847333568874548696816813748100515388820080812467785181990042664564706242879424162602753729028187519433639583471983065246575409341038859576101783940398158000236250734758549527625716150775997198493235465480875148169558815498752869321570202908633179473348243670372581519248414555681834596365572626822309814663046580083035403339576751500705695598043247593357230327746709126221695232509039271637

utctf24/blsforgery/.flag.sha256

@@ -0,0 +1 @@
+1a6cd3819c2366c5f56fabe1ee662620a0e56b7795a5a811126529429203ce20

utctf24/blsforgery/.init

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+ln -sf /flag /challenge/flag.txt 

utctf24/blsforgery/DESCRIPTION.md

@@ -0,0 +1,4 @@
+BLS signature forgery challenge.
+
+---
+**Author:** Jeriah

utctf24/blsforgery/REHOST.md

@@ -0,0 +1,9 @@
+# REHOSTING
+
+Files can be found here: [UTCTF 2024](https://github.com/utisss/UTCTF-24/tree/main/crypto-blsforgery)
+
+## Challenge Setup
+This challenge uses `flag.txt` in the current working directory to get the flag, besides that it should work without any other dependencies.
+
+## Flag
+Since this challenge uses `flag.txt` to extract the flag, a symlink between `/flag` and `/challenge/flag.txt` was created.

utctf24/blsforgery/flag.txt

@@ -0,0 +1 @@
+utflag{glory_to_arstotzka_and_cryptorev}

utctf24/ccv/.init

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+ln -sf /flag /challenge/flag.txt 

utctf24/ccv/DESCRIPTION.md

@@ -0,0 +1,8 @@
+I've got some credit cards but I don't which ones are valid. Where did I get them? Uh, that's not important.
+
+Oh, you'll probably need this: dae55498c432545826fb153885bcb06b
+
+`Use flagCheck to input the flag you get from the challenge to get the actual flag`
+
+---
+**Author:** mzone

utctf24/ccv/app.py

@@ -0,0 +1,80 @@
+#!/usr/bin/python3
+import numpy as np
+import random
+from Crypto.Cipher import DES
+
+strings = None
+with open("strings.txt") as f:
+    strings = f.readlines()
+
+CK_A = bytes.fromhex(strings[1][6:])
+CK_B = bytes.fromhex(strings[2][6:])
+cipher_A = DES.new(CK_A, DES.MODE_ECB)
+cipher_B = DES.new(CK_B, DES.MODE_ECB)
+
+
+def generate_PAN():
+    PAN = list(np.random.randint(low=0,high=10,size=random.randint(12,18)))
+    sum = 0
+    for i, num in enumerate(PAN[::-1]):
+        if i % 2:
+            sum += num
+        else:
+            temp = num * 2
+            for digit in str(temp):
+                sum += int(digit)
+
+    PAN.append((10 - (sum % 10)) % 10)
+    return "".join(str(i) for i in PAN)
+
+def generate_date():
+    date = [random.randint(1,12), random.randint(25,99)]
+    date = "".join(str(i) for i in date)
+    if len(date) < 4:
+        return '0' + date
+    return date
+
+def generate_service_code():
+    return "".join(str(i) for i in list(np.random.randint(low=0,high=10,size=3)))
+
+def generate_cvv(PAN, date, code):
+    key = (PAN + date + code)
+    key += '0' * (32 - len(key))
+    f_half = key[:16]
+    s_half = key[16:]
+    step1 = cipher_A.encrypt(bytes.fromhex(f_half))
+    step2 = bytes(a ^ b for a,b in zip(step1, bytes.fromhex(s_half)))
+    step3 = cipher_A.encrypt(step2)
+    step4 = cipher_B.decrypt(step3)
+    step5 = cipher_A.encrypt(step4)
+    result = "".join(i for i in step5.hex() if i.isdigit())[:3]
+    return result
+
+def generate_good_card():
+    PAN = generate_PAN()
+    date = generate_date()
+    code = generate_service_code()
+    cvv = generate_cvv(PAN, date, code)
+    return PAN, date, code, cvv
+
+
+def generate_bad_card():
+    PAN, date, code, cvv = generate_good_card()
+    rand = random.randint(1,3)
+    if rand == 1:
+        return PAN[6:] + PAN[:6], date, code, cvv
+    elif rand == 2:
+        temp = str(random.randint(1000,9999))
+        while temp == date:
+            temp = str(random.randint(1000,9999))
+        return PAN, temp, code, cvv
+    elif rand == 3:
+        temp = str(random.randint(100,999))
+        while temp == code:
+            temp = str(random.randint(100,999))
+        return PAN, date, temp, cvv
+    else:
+        temp = str(random.randint(100,999))
+        while temp == cvv:
+            temp = str(random.randint(100,999))
+        return PAN, date, code, temp

utctf24/ccv/flag.txt

@@ -0,0 +1 @@
+utflag{hope_none_of_those_were_yours_lol}

utctf24/ccv/server

@@ -0,0 +1,51 @@
+#!/usr/bin/exec-suid -- /usr/bin/python3
+from app import generate_good_card, generate_bad_card
+import random
+
+
+strings = None
+with open("strings.txt") as f:
+    strings = f.readlines()
+
+flag = ""
+with open('flag.txt', 'r') as f:
+    flag = f.read().strip()
+
+if __name__ == '__main__':
+    print("""I'll provide you a PAN, date as MMYY, CSC, and a CVV.
+You just need to reply with 1 if its valid and 0 if it's invalid.
+I'm counting on you. And be sure to keep track of your answers so we don't need to check these again.
+          """)
+    padding = ''.join(random.choices('01', k=8))
+    b = padding + '0' + bin(int.from_bytes(bytes(flag, 'utf-8'), "big"))[2:]
+    for i in b:
+        if i == '1':
+            print("PAN: %s, date: %s, code: %s, cvv: %s" % (generate_good_card()))
+            print(strings[33], end="")
+            user_input = int(input())
+            if user_input == 1:
+                print(strings[user_input + random.randint(18,27)], end="")
+            elif user_input == 0:
+                print(strings[user_input + random.randint(8,10)], end="")
+                exit(0)
+            else:
+                print("Hey, that's not a valid number! Come back when you can follow instructions.")
+                exit(0)    
+
+        else:
+            print("PAN: %s, date: %s, code: %s, cvv: %s" % (generate_bad_card()))
+            print(strings[33], end="")
+            user_input = int(input())
+            if user_input == 0:
+                print(strings[user_input + random.randint(23,32)], end="")
+            elif user_input == 1:
+                print(strings[user_input + random.randint(8,10)], end="")
+                exit(0)
+            else:
+                print("Hey, that's not a valid number! Come back when you can follow instructions.")
+                exit(0)   
+    print(strings[34])
+
+
+
+

utctf24/ccv/strings.txt

@@ -0,0 +1,35 @@
+Someone told me that having plaintext in my code was insecure so I put it all in this file!
+CVKA: dae55498c4325458
+CVKB: 26fb153885bcb06b
+I don't think that one's valid...
+Sorry, but that card appears to be invalid.
+Regrettably, that card is invalid.
+That doesn't look like a valid card.
+Are you trying to get us caught?
+Better luck next time!
+Are you just guessing?
+What's the problem? It can't be that hard.
+Wrong!
+Uh-oh try again.
+Hey wait a minute, that one was valid!
+You gotta do better. We can't be skipping good cards.
+What do you mean? This one's definitely valid.
+Check your calculations, cause this is valid.
+Come back when you can tell this is valid.
+Yep, that one worked for me.
+And another one.
+Great! Another valid card.
+Add that to the list.
+Always good to have more.
+You're a big help.
+I knew we could count on you!
+Nice work!
+Good job.
+I don't know what we'd do without you.
+Good catch! Almost used it...
+Damn another invalid card...
+Sucks, but good to know.
+Really, huh? I would have thought it was valid.
+Ugh, so many invalid cards.
+Valid? 
+Thanks for all the help! That's all the cards I have for now. Hope you kept the input so we don't have to check these again!

utctf24/cookie/DESCRIPTION.md

@@ -0,0 +1,6 @@
+I tried to make my own version of cookie clicker, without all of the extra fluff. Can you beat my highscore?
+
+`Only open the localhost application on the pwn.college desktop`
+
+---
+**Author:** malfuncti0nal

utctf24/cookie/REHOST.md

@@ -0,0 +1,6 @@
+# REHOSTING
+
+Files can be found here: [UTCTF 2024](https://github.com/utisss/UTCTF-24/tree/main/web-cookie-clicker)
+
+## Challenge Setup
+This challenge has only one file which does not have any dependencies.

utctf24/cookie/app

@@ -0,0 +1,27 @@
+#!/usr/bin/exec-suid -- /usr/bin/python3
+
+from flask import Flask, render_template, jsonify, request
+
+app = Flask(__name__)
+
+flag = open('/flag', 'r').read()
+FLAG = "Wow, you beat me. Congrats! ", flag
+
+@app.route('/')
+def index():
+    return render_template('index.html')
+
+@app.route('/click', methods=['POST'])
+def click():
+    try:
+        count = int(request.form['count'])
+    except:
+        return "Those aren't valid clicks..."
+
+    if count >= 1000000:
+        return jsonify({'flag': FLAG})
+    else:
+        return '', 204
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=80)

utctf24/cookie/static/style.css

@@ -0,0 +1,66 @@
+body {
+    font-family: Arial, sans-serif;
+    background-color: #f4f4f4;
+    margin: 0;
+    padding: 0;
+}
+
+.container {
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    flex-direction: column;
+    padding-top: 20px; /* Add padding to the top of the container */
+}
+
+
+h1 {
+    color: #333;
+}
+
+p {
+    color: #666;
+}
+
+button {
+    background-color: #007bff;
+    color: #fff;
+    border: none;
+    padding: 10px 20px;
+    font-size: 16px;
+    border-radius: 5px;
+    cursor: pointer;
+    transition: background-color 0.3s ease;
+    margin: 0 auto; /* Center the button horizontally */
+    display: block; /* Ensure the button takes up the full width */
+}
+
+button:hover {
+    background-color: #0056b3;
+}
+
+.comment-box {
+    background-color: #fff;
+    border: 1px solid #ccc;
+    border-radius: 5px;
+    padding: 10px;
+    margin-top: 10px;
+    width: 50%;
+}
+
+.comment-box strong {
+    font-weight: bold;
+}
+
+.comment-box hr {
+    margin: 5px 0;
+}
+
+.button-container {
+    margin-bottom: 10px; /* Add some spacing between buttons and other elements */
+}
+
+.button-container button {
+    margin-right: 10px; /* Add spacing between buttons */
+    display: inline-block; /* Display buttons inline */
+}