Completed challenge 243

034/solve.sh

@@ -0,0 +1,2 @@
+#!/bin/sh -e
+nc -d jupiter.challenges.picoctf.org 41120 | grep -oE "picoCTF{[^}]+}"

163/ltdis.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+
+
+echo "Attempting disassembly of $1 ..."
+
+
+#This usage of "objdump" disassembles all (-D) of the first file given by 
+#invoker, but only prints out the ".text" section (-j .text) (only section
+#that matters in almost any compiled program...
+
+objdump -Dj .text $1 > $1.ltdis.x86_64.txt
+
+
+#Check that $1.ltdis.x86_64.txt is non-empty
+#Continue if it is, otherwise print error and eject
+
+if [ -s "$1.ltdis.x86_64.txt" ]
+then
+	echo "Disassembly successful! Available at: $1.ltdis.x86_64.txt"
+
+	echo "Ripping strings from binary with file offsets..."
+	strings -a -t x $1 > $1.ltdis.strings.txt
+	echo "Any strings found in $1 have been written to $1.ltdis.strings.txt with file offset"
+
+
+
+else
+	echo "Disassembly failed!"
+	echo "Usage: ltdis.sh <program-file>"
+	echo "Bye!"
+fi

163/solve.sh

@@ -0,0 +1,2 @@
+#!/bin/bash -e
+strings static | grep picoCTF

176/.gitignore

@@ -0,0 +1 @@
+fang-of-haynekhtnamet

176/solve.sh

@@ -0,0 +1,4 @@
+#!/bin/sh -e
+unzip -qquj Addadshashanammu.zip
+strings fang-of-haynekhtnamet | grep -oE "picoCTF{[^}]+}"
+rm fang-of-haynekhtnamet

189/solve.sh

@@ -0,0 +1,6 @@
+#!/bin/sh -e
+PORT=${1:-59488}
+echo "Using port $PORT"
+echo "Enter password: 481e7b14"
+HOME=/home/ctf-player
+ssh ctf-player@venus.picoctf.net -p $PORT cat $HOME/drop-in/1of3.flag.txt /2of3.flag.txt $HOME/3of3.flag.txt

238/code.py

@@ -0,0 +1,43 @@
+
+import random
+import sys
+
+
+
+def str_xor(secret, key):
+    #extend key to secret length
+    new_key = key
+    i = 0
+    while len(new_key) < len(secret):
+        new_key = new_key + key[i]
+        i = (i + 1) % len(key)        
+    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
+
+
+flag_enc = chr(0x13) + chr(0x01) + chr(0x17) + chr(0x07) + chr(0x2c) + chr(0x3a) + chr(0x2f) + chr(0x1a) + chr(0x0d) + chr(0x53) + chr(0x0c) + chr(0x47) + chr(0x0a) + chr(0x5f) + chr(0x5e) + chr(0x02) + chr(0x3e) + chr(0x5a) + chr(0x56) + chr(0x5d) + chr(0x45) + chr(0x5d) + chr(0x58) + chr(0x31) + chr(0x0d) + chr(0x58) + chr(0x0f) + chr(0x02) + chr(0x5a) + chr(0x10) + chr(0x0e) + chr(0x5d) + chr(0x13)
+
+
+
+def print_flag():
+  try:
+    codebook = open('codebook.txt', 'r').read()
+    
+    password = codebook[4] + codebook[14] + codebook[13] + codebook[14] +\
+               codebook[23]+ codebook[25] + codebook[16] + codebook[0]  +\
+               codebook[25]
+               
+    flag = str_xor(flag_enc, password)
+    print(flag)
+  except FileNotFoundError:
+    print('Couldn\'t find codebook.txt. Did you download that file into the same directory as this script?')
+
+
+
+def main():
+  print_flag()
+
+
+
+if __name__ == "__main__":
+  main()
+

238/codebook.txt

@@ -0,0 +1 @@
+azbycxdwevfugthsirjqkplomn

240/fixme1.py

@@ -0,0 +1,21 @@
+
+import random
+
+
+
+def str_xor(secret, key):
+    #extend key to secret length
+    new_key = key
+    i = 0
+    while len(new_key) < len(secret):
+        new_key = new_key + key[i]
+        i = (i + 1) % len(key)        
+    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
+
+
+flag_enc = chr(0x15) + chr(0x07) + chr(0x08) + chr(0x06) + chr(0x27) + chr(0x21) + chr(0x23) + chr(0x15) + chr(0x5a) + chr(0x07) + chr(0x00) + chr(0x46) + chr(0x0b) + chr(0x1a) + chr(0x5a) + chr(0x1d) + chr(0x1d) + chr(0x2a) + chr(0x06) + chr(0x1c) + chr(0x5a) + chr(0x5c) + chr(0x55) + chr(0x40) + chr(0x3a) + chr(0x58) + chr(0x0a) + chr(0x5d) + chr(0x53) + chr(0x43) + chr(0x06) + chr(0x56) + chr(0x0d) + chr(0x14)
+
+  
+flag = str_xor(flag_enc, 'enkidu')
+print('That is correct! Here\'s your flag: ' + flag)
+

241/fixme2.py

@@ -0,0 +1,27 @@
+
+import random
+
+
+
+def str_xor(secret, key):
+    #extend key to secret length
+    new_key = key
+    i = 0
+    while len(new_key) < len(secret):
+        new_key = new_key + key[i]
+        i = (i + 1) % len(key)        
+    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
+
+
+flag_enc = chr(0x15) + chr(0x07) + chr(0x08) + chr(0x06) + chr(0x27) + chr(0x21) + chr(0x23) + chr(0x15) + chr(0x58) + chr(0x18) + chr(0x11) + chr(0x41) + chr(0x09) + chr(0x5f) + chr(0x1f) + chr(0x10) + chr(0x3b) + chr(0x1b) + chr(0x55) + chr(0x1a) + chr(0x34) + chr(0x5d) + chr(0x51) + chr(0x40) + chr(0x54) + chr(0x09) + chr(0x05) + chr(0x04) + chr(0x57) + chr(0x1b) + chr(0x11) + chr(0x31) + chr(0x5f) + chr(0x51) + chr(0x52) + chr(0x46) + chr(0x00) + chr(0x5f) + chr(0x5a) + chr(0x0b) + chr(0x19)
+
+  
+flag = str_xor(flag_enc, 'enkidu')
+
+# Check that flag is not empty
+if flag == "":
+  print('String XOR encountered a problem, quitting.')
+else:
+  print('That is correct! Here\'s your flag: ' + flag)
+
+

242/solve.py

@@ -0,0 +1,2 @@
+#!/usr/bin/env python3
+print('picoCTF{gl17ch_m3_n07_' + chr(0x39) + chr(0x63) + chr(0x34) + chr(0x32) + chr(0x61) + chr(0x34) + chr(0x35) + chr(0x64) + '}')

243/solve.py

@@ -0,0 +1,6 @@
+#!/usr/bin/env python3
+import hashlib
+
+str = 'homeless shelters'
+result = hashlib.md5(str.encode())
+print(result.hexdigest())