wolv ctf
beginer/gauntlet
question
- this is the page
- at bottom we see a commetn
- on going to that page https://gauntlet-okntin33tq-ul.a.run.app/hidden9136234145526
- we try to see if there is something in the souce code
- so we do send with such request header
- now we go thre https://gauntlet-okntin33tq-ul.a.run.app/hidden0197452938528
- now it says change metod
- now we chagne request methods ,try post,put ,options
- now go here https://gauntlet-okntin33tq-ul.a.run.app/hidden5823565189534225
- now with this url we get https://gauntlet-okntin33tq-ul.a.run.app/hidden5823565189534225?wolvsec=c%23%2Bl
- so now we go thre https://gauntlet-okntin33tq-ul.a.run.app/hidden5912455200155329
- NOW we do the need ful
- now we go to page 5 https://gauntlet-okntin33tq-ul.a.run.app/hidden3964332063935202
- here on page 5 viewing source code does not give us the path but on inspection we get it
- now page6 https://gauntlet-okntin33tq-ul.a.run.app/hidden5935562908234557
- there happens redirections
- now page 7 https://gauntlet-okntin33tq-ul.a.run.app/hidden82008753458651496
- now page 7 is this
- we change cookie value
- now page 8 https://gauntlet-okntin33tq-ul.a.run.app/hidden00127595382036382
- this is page 8
- we decode the jwt in jwt.io
- if there is no check on signature we can move forward easily
- now we use the given secret
- now page 9
- https://gauntlet-okntin33tq-ul.a.run.app/hidden83365193635473293
-
https://gauntlet-okntin33tq-ul.a.run.app/flag620873537329327365 wctf{w3_h0p3_y0u_l34rn3d_s0m3th1ng_4nd_th4t_w3b_c4n_b3_fun_853643}
import requests
url = 'https://gauntlet-okntin33tq-ul.a.run.app/hidden83365193635473293'
cookie_list=[]
cookies1={'jwt-uncrackable-cookie-counter':'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb3VudGVyIjoyfQ.mmGFwHhAssPPS6Xq3ptN1ViB7T4B_3KaAKySvnhdlUk'}
for i in range(505):
try:
r = requests.get(url,cookies=cookies1)
# cookie_list.append(r.cookies)
print(i)
cookies1['jwt-uncrackable-cookie-counter']=r.cookies['jwt-uncrackable-cookie-counter']
if(i>500):
print("cookie is ",r.cookies)
except Exception as e:
print("An error occurred:", e)
if(cookie_list[0]==cookie_list[1]):
print("cookies are same")
else:
print("cookes are differnt")
bean cafe/web
- question is
- the site reads
Authentication for Special Access To gain special access to our flag-flavored coffee, we require a unique form of authentication. Please submit two identical images: The first image should be of a healthy bean leaf. The second image needs to be a leaf with rust spots. We'll verify that these two pictures are exactly the same, ensuring authenticity and granting you exclusive access.
- so we need to upload 2 exactly same images
- how could the checking be done
- md5 hashings?
- we follo w this https://www.reddit.com/r/DataHoarder/comments/gokrmx/these_different_2_images_has_the_same_md5_hash/
- https://drive.google.com/drive/folders/1eCcMtQkHTreAJT6JmwxG10x1HbT6prY0
- wctf{new_ai_old_algorithm}
crypto /limited one
- question
- this is the given code
import time import random import sys if __name__ == '__main__': flag = input("Flag? > ").encode('utf-8') correct = [189, 24, 103, 164, 36, 233, 227, 172, 244, 213, 61, 62, 84, 124, 242, 100, 22, 94, 108, 230, 24, 190, 23, 228, 24] time_cycle = int(time.time()) % 256 if len(flag) != len(correct): print('Nope :(') sys.exit(1) for i in range(len(flag)): random.seed(i+time_cycle) if correct[i] != flag[i] ^ random.getrandbits(8): print('Nope :(') sys.exit(1) print(flag)
solution script
import time import random import sys min_seed=0 #flag len from 0-25 and time from 0-256 max_seed=282 #25+256 +1(for safety) correct = [189, 24, 103, 164, 36, 233, 227, 172, 244, 213, 61, 62, 84, 124, 242, 100, 22, 94, 108, 230, 24, 190, 23, 228, 24] for j in range(257): y="" for i in range(25): random.seed(i+j) x=chr(correct[i]^random.getrandbits(8)) y=y+x if("wctf" in y): print("flag is ",y) # print("j is ",j)
explanation
- random numbers with same seed will generate same sequence of numbers irrespective of any things (time,system,..)
- so the flag can be reversed as it is not random
- random.seed(i+time_cylce)
- we can see the range of seed i varis from 0-25(len of correct array) and seed is based on int(time.time())%256
- as mod is used that will range b/w 0-256
- so we know the range of seed
- as len(flag==len(correct)) we see len of falg
- the checking is done like this correct=flag^random
- so when we need the flag we can just re arrange the terms
- so flag=correct^random(not really random)
- so we assume the time_cycle = int(time.time()) % 256 this leads to j
- so for each j we try the same check of correct^random
- we get the chr() to get the charcter
- then if that j value leads to flag it must be having a wctf word in it
- so when the word wctf appers in the result we print the flag
- flag is wctf{f34R_0f_m1ss1ng_0ut}
solves
scoreboard
profile