Thứ Tư, 8 tháng 2, 2017

[AlexCTF 2017][Writeup][RE4: unVM me]

Untitled Document.md

[AlexCTF 2017][Writeup][RE4: unVM me]

Hint

If I tell you what version of python I used … where is the fun in that?

Download here

Check it using file command. I got

unvm_me.pyc: python 2.7 byte-compiled

. “I know version of python bro!!!” ;)

Next I decompile .pyc file using pycdc. I got

# Source Generated with Decompyle++
# File: unvm_me.pyc (Python 2.7)

import md5
md5s = [
    0x831DAA3C843BA8B087C895F0ED305CE7L,
    0x6722F7A07246C6AF20662B855846C2C8L,
    0x5F04850FEC81A27AB5FC98BEFA4EB40CL,
    0xECF8DCAC7503E63A6A3667C5FB94F610L,
    0xC0FD15AE2C3931BC1E140523AE934722L,
    0x569F606FD6DA5D612F10CFB95C0BDE6DL,
    0x68CB5A1CF54C078BF0E7E89584C1A4EL,
    0xC11E2CD82D1F9FBD7E4D6EE9581FF3BDL,
    0x1DF4C637D625313720F45706A48FF20FL,
    0x3122EF3A001AAECDB8DD9D843C029E06L,
    0xADB778A0F729293E7E0B19B96A4C5A61L,
    0x938C747C6A051B3E163EB802A325148EL,
    0x38543C5E820DD9403B57BEFF6020596DL]
print 'Can you turn me back to python ? ...'
flag = raw_input('well as you wish.. what is the flag: ')
if len(flag) > 69:
    print 'nice try'
    exit()
if len(flag) % 5 != 0:
    print 'nice try'
    exit()
for i in range(0, len(flag), 5):
    s = flag[i:i + 5]
    if int('0x' + md5.new(s).hexdigest(), 16) != md5s[i / 5]:
        print 'nice try'
        exit()
        continue
print 'Congratz now you have the flag'

:laughing: flagis a string with length = 65
Using Online MD5 reverse page for md5s[0] I got ALEXC
:haha: Remember flag format is ALEXCTF{[A-Za-z0-9_]*}
So, format of 5 character next is TF{xx
I brutefore using sample_string = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"
and got TF{dv
Try with 5 character last xxxx} with sample_string
I got 6v3k}
I see dv and 6v3k is lowwercase character. So maybe all character is lowercase :smirk:
with 10 elements of md5s not use yet I use new sample_string="abcdefghijklmnopqrstuvwxyz0123456789_"
And here is my code

import md5

sgen = "abcdefghijklmnopqrstuvwxyz0123456789_"
md5s = [
    #0x831DAA3C843BA8B087C895F0ED305CE7L,
    #0x6722F7A07246C6AF20662B855846C2C8L,
    0x5F04850FEC81A27AB5FC98BEFA4EB40CL,
    0xECF8DCAC7503E63A6A3667C5FB94F610L,
    0xC0FD15AE2C3931BC1E140523AE934722L,
    0x569F606FD6DA5D612F10CFB95C0BDE6DL,
    0x68CB5A1CF54C078BF0E7E89584C1A4EL,
    0xC11E2CD82D1F9FBD7E4D6EE9581FF3BDL,
    0x1DF4C637D625313720F45706A48FF20FL,
    0x3122EF3A001AAECDB8DD9D843C029E06L,
    0xADB778A0F729293E7E0B19B96A4C5A61L,
    0x938C747C6A051B3E163EB802A325148EL]
    #0x38543C5E820DD9403B57BEFF6020596DL]

for i1 in sgen:
    for i2 in sgen:
        for i3 in sgen:
            for i4 in sgen:
                for i5 in sgen:
                    s = i1 + i2 + i3 + i4 + i5
                    hash_num = int('0x' + md5.new(s).hexdigest(), 16)
                    for i in range(0, len(md5s)):
                        if  hash_num == md5s[i]:
                            print(s + ":" + str(i))

:wait: And :tada:
I got the flag :joy:
Flag is ALEXCTF{dv5d4s2vj8nk43s8d8l6m1n5l67ds9v41n52nv37j481h3d28n4b6v3k}

vào lúc
Nhãn: , , ,

Không có nhận xét nào:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)

[Alex CTF 2017][Writeup][CR3: What is this encryption?]

alex_ctf_2017_writeup_cr3.md [Alex CTF 2017][Writeup][CR3: What is this encryption?] Sloved this problem when contest ended Hint Fady a...