wolv ctf

beginer/gauntlet

question

image

  • this is the page image
  • at bottom we see a commetn
  • image
  • on going to that page https://gauntlet-okntin33tq-ul.a.run.app/hidden9136234145526
  • image
  • we try to see if there is something in the souce code
  • image
  • so we do send with such request header
  • image
  • now we go thre https://gauntlet-okntin33tq-ul.a.run.app/hidden0197452938528
  • now it says change metod
  • image
  • now we chagne request methods ,try post,put ,options
  • image
  • now go here https://gauntlet-okntin33tq-ul.a.run.app/hidden5823565189534225
  • now with this url we get https://gauntlet-okntin33tq-ul.a.run.app/hidden5823565189534225?wolvsec=c%23%2Bl
  • image
  • so now we go thre https://gauntlet-okntin33tq-ul.a.run.app/hidden5912455200155329
  • NOW we do the need ful
  • image
  • now we go to page 5 https://gauntlet-okntin33tq-ul.a.run.app/hidden3964332063935202
  • here on page 5 viewing source code does not give us the path but on inspection we get it
  • image
  • now page6 https://gauntlet-okntin33tq-ul.a.run.app/hidden5935562908234557
  • image
  • there happens redirections
  • image
  • now page 7 https://gauntlet-okntin33tq-ul.a.run.app/hidden82008753458651496
  • now page 7 is this
  • image
  • we change cookie value
  • image
  • now page 8 https://gauntlet-okntin33tq-ul.a.run.app/hidden00127595382036382
  • this is page 8 image
  • we decode the jwt in jwt.io
  • if there is no check on signature we can move forward easily
  • now we use the given secret
  • image
  • now page 9
  • https://gauntlet-okntin33tq-ul.a.run.app/hidden83365193635473293

  • image

    image https://gauntlet-okntin33tq-ul.a.run.app/flag620873537329327365 image wctf{w3_h0p3_y0u_l34rn3d_s0m3th1ng_4nd_th4t_w3b_c4n_b3_fun_853643}

import requests
url = 'https://gauntlet-okntin33tq-ul.a.run.app/hidden83365193635473293'
cookie_list=[]
cookies1={'jwt-uncrackable-cookie-counter':'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb3VudGVyIjoyfQ.mmGFwHhAssPPS6Xq3ptN1ViB7T4B_3KaAKySvnhdlUk'}
for i in range(505):
    try:
        r = requests.get(url,cookies=cookies1)
        # cookie_list.append(r.cookies)
        print(i)
        cookies1['jwt-uncrackable-cookie-counter']=r.cookies['jwt-uncrackable-cookie-counter']
        if(i>500):
            print("cookie is ",r.cookies)
    except Exception as e:
        print("An error occurred:", e)
if(cookie_list[0]==cookie_list[1]):
    print("cookies are same")
else:
    print("cookes are differnt")

bean cafe/web

  • question is
  • image
  • image
  • the site reads 
    Authentication for Special Access
To gain special access to our flag-flavored coffee, we require a unique form of authentication. Please submit two identical images:
  The first image should be of a healthy bean leaf.
  The second image needs to be a leaf with rust spots.
We'll verify that these two pictures are exactly the same, ensuring authenticity and granting you exclusive access.
  • so we need to upload 2 exactly same images
  • how could the checking be done
  • md5 hashings?
  • we follo w this https://www.reddit.com/r/DataHoarder/comments/gokrmx/these_different_2_images_has_the_same_md5_hash/
  • https://drive.google.com/drive/folders/1eCcMtQkHTreAJT6JmwxG10x1HbT6prY0
  • image
  • wctf{new_ai_old_algorithm}

crypto /limited one

  • question
  • image
  • this is the given code 
    import time
import random
import sys
if __name__ == '__main__':
  flag = input("Flag? > ").encode('utf-8')
  correct = [189, 24, 103, 164, 36, 233, 227, 172, 244, 213, 61, 62, 84, 124, 242, 100, 22, 94, 108, 230, 24, 190, 23, 228, 24]
  time_cycle = int(time.time()) % 256
  if len(flag) != len(correct):
      print('Nope :(')
      sys.exit(1)
  for i in range(len(flag)):
      random.seed(i+time_cycle)
      if correct[i] != flag[i] ^ random.getrandbits(8):
          print('Nope :(')
          sys.exit(1)
  print(flag)

    solution script 

    import time
import random
import sys
min_seed=0 #flag len from 0-25 and time from 0-256
max_seed=282 #25+256 +1(for safety)
correct = [189, 24, 103, 164, 36, 233, 227, 172, 244, 213, 61, 62, 84, 124, 242, 100, 22, 94, 108, 230, 24, 190, 23, 228, 24]
for j in range(257):  
  y=""
  for i in range(25):
          random.seed(i+j)
          x=chr(correct[i]^random.getrandbits(8))
          y=y+x
  if("wctf" in y):
       print("flag is ",y)
  # print("j is ",j)

    explanation

  • random numbers with same seed will generate same sequence of numbers irrespective of any things (time,system,..)
  • so the flag can be reversed as it is not random
  • random.seed(i+time_cylce)
  • we can see the range of seed i varis from 0-25(len of correct array) and seed is based on int(time.time())%256
  • as mod is used that will range b/w 0-256
  • so we know the range of seed
  • as len(flag==len(correct)) we see len of falg
  • the checking is done like this correct=flag^random
  • so when we need the flag we can just re arrange the terms
  • so flag=correct^random(not really random)
  • so we assume the time_cycle = int(time.time()) % 256 this leads to j
  • so for each j we try the same check of correct^random
  • we get the chr() to get the charcter
  • then if that j value leads to flag it must be having a wctf word in it
  • so when the word wctf appers in the result we print the flag image
  • flag is wctf{f34R_0f_m1ss1ng_0ut}

    solves

    image

    scoreboard

    image

    profile

    image