vishwa ctf

crypto-valentines day

  • it was said it used portable network graphics
  • so we know that staring bits pattern of png
  • with that we get the key 
    The first eight bytes of a PNG file always contain the following (decimal) values:

 137 80 78 71 13 10 26 10

    receck 

    f = open("test.png", "rb").read()
key = [f[0], f[1], f[2], f[3], f[4], f[5], f[6], f[7]]
print("key is ",key)

    result 

    key is  [137, 80, 78, 71, 13, 10, 26, 10]

    encrypted way 

    from PIL import Image
from itertools import cycle
def xor(a, b):
  return [i^j for i, j in zip(a, cycle(b))]
f = open("original.png", "rb").read()
key = [f[0], f[1], f[2], f[3], f[4], f[5], f[6], f[7]]
enc = bytearray(xor(f,key))
open('enc.txt', 'wb').write(enc)

    solve.py 

    from itertools import cycle
def xor(a, b):
  return [i^j for i, j in zip(a, cycle(b))]
enc_file=open("enc.txt","rb")
enc_data=enc_file.read()
print("size of enc_data is ",len(enc_data))
print("ecn data[:50]",enc_data[:50])
key = [137, 80, 78, 71, 13, 10, 26, 10]
dec_file=open("dec.png","wb")
dec_file.write(bytes(xor(enc_data,key)))
enc_file.close()
dec_file.close()

    image VishwaCTF{h3ad3r5_f0r_w1nn3r5}

web-trip to us

  • on inspecitn we see image
  • that on clicking on click here we go to err.php
  • once we go there and inspcect once agin image
  • we see the alt is 
     alt="Change User agent to 'IITIAN'
  • so we user burp suit
  • so we change it and see we get 302 image
  • we follow redireciton
    image
  • we see a new endpoint image

    try sql injection

  • try admin’ and abc as pass image
  • so there is a sql injection vulnerability
  • admin” does not give any query err
  • try admin’#
  • image
    VishwaCTF{y0u_g0t_th3_7r1p_t0_u5}

at last

image