Hash 4 (Hash Cracking 100)

いろいろ試した結果、GOSTハッシュとしてクラックできた。

>hashcat.exe -m 6900 hash.txt rockyou.txt
hashcat (v6.2.4) starting

OpenCL API (OpenCL 3.0 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) UHD Graphics 630, 3200/6484 MB (1621 MB allocatable), 24MCU

./OpenCL/m06900_a0-optimized.cl: Pure kernel not found, falling back to optimized kernel
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 32

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Not-Iterated
* Single-Hash
* Single-Salt

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 1475 MB

Dictionary cache hit:
* Filename..: rockyou.txt
* Passwords.: 14344384
* Bytes.....: 139921497
* Keyspace..: 14344384

451716a045ca5ec7f25e191ab5244c61aaeeb008c4753a2065e276f1baba4723:happyfamily

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 6900 (GOST R 34.11-94)
Hash.Target......: 451716a045ca5ec7f25e191ab5244c61aaeeb008c4753a2065e...ba4723
Time.Started.....: Sun Oct 10 08:04:54 2021 (1 sec)
Time.Estimated...: Sun Oct 10 08:04:55 2021 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    32423 H/s (6.74ms) @ Accel:4 Loops:1 Thr:64 Vec:4
Recovered........: 1/1 (100.00%) Digests
Progress.........: 36865/14344384 (0.26%)
Rejected.........: 1/36865 (0.00%)
Restore.Point....: 30721/14344384 (0.21%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#1....: zippy1 -> hockey5

Started: Sun Oct 10 08:02:33 2021
Stopped: Sun Oct 10 08:04:57 2021

DO{happyfamily}

Hash 5 (Hash Cracking 100)

形式から推測すると、bcryptハッシュ。passwordファイルとshadowファイルを結合した形式で、ハッシュを埋め込み、johnでクラックする。

$ cat hash.txt
ctf:$2a$10$QlR/ZlXgQPWfx9JmRffMZutcL3o3w6JAiRbfvGda4u09lrfOvgcH6:1000:1000:ctf,,,:/home/ctf:/bin/bash
$ john --wordlist=dict/rockyou.txt hash.txt
Using default input encoding: UTF-8
Loaded 1 password hash (bcrypt [Blowfish 32/64 X3])
Cost 1 (iteration count) is 1024 for all loaded hashes
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
cowabunga        (ctf)
1g 0:01:14:30 DONE (2021-10-10 10:04) 0.000223g/s 11.75p/s 11.75c/s 11.75C/s cowboys08..cleaner
Use the "--show" option to display all of the cracked passwords reliably
Session completed

DO{cowabunga}

Hash 6 (Hash Cracking 100)

passwordファイルとshadowファイルを結合した形式で、ハッシュを埋め込み、johnでクラックする。

$ cat hash.txt
ctf:$1$veryrand$QetWu27IoJ2FFSG30xKAQ.:1000:1000:ctf,,,:/home/ctf:/bin/bash
$ john --wordlist=dict/rockyou.txt hash.txt
Warning: detected hash type "md5crypt", but the string is also recognized as "md5crypt-long"
Use the "--format=md5crypt-long" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (md5crypt, crypt(3) $1$ (and variants) [MD5 256/256 AVX2 8x3])
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
scottiebanks     (ctf)
1g 0:00:05:59 DONE (2021-10-10 08:33) 0.002779g/s 10830p/s 10830c/s 10830C/s scottishdance..scotticus1
Use the "--show" option to display all of the cracked passwords reliably
Session completed

DO{scottiebanks}

Hash 7 (Hash Cracking 100)

sha512crypt $6$, SHA512 (Unix) としてクラックする。

>hashcat.exe -m 1800 hash.txt rockyou.txt
hashcat (v6.2.4) starting

OpenCL API (OpenCL 3.0 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) UHD Graphics 630, 3200/6484 MB (1621 MB allocatable), 24MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Uses-64-Bit

ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 268 MB

Dictionary cache hit:
* Filename..: rockyou.txt
* Passwords.: 14344384
* Bytes.....: 139921497
* Keyspace..: 14344384

$6$veryrandomsalt$t8EIWEiDpWYzeC1c44q7f6ZENOuO2wagnrJBPs4d/PptWxAxlnH7qRcf0xnKagaOEHBN9dGBV5Y1syJSB3s6H1:igetmoney

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 1800 (sha512crypt $6$, SHA512 (Unix))
Hash.Target......: $6$veryrandomsalt$t8EIWEiDpWYzeC1c44q7f6ZENOuO2wagn...B3s6H1
Time.Started.....: Sun Oct 10 08:43:30 2021 (32 secs)
Time.Estimated...: Sun Oct 10 08:44:02 2021 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:     1032 H/s (6.01ms) @ Accel:16 Loops:16 Thr:128 Vec:1
Recovered........: 1/1 (100.00%) Digests
Progress.........: 32768/14344384 (0.23%)
Rejected.........: 0/32768 (0.00%)
Restore.Point....: 30720/14344384 (0.21%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:4992-5000
Candidate.Engine.: Device Generator
Candidates.#1....: zombies -> dyesebel

Started: Sun Oct 10 08:42:43 2021
Stopped: Sun Oct 10 08:44:04 2021

DO{igetmoney}

Dyms, Syms, and Tabs (Reverse 100)

バイナリのソースコードのファイル名を拡張子抜きで答える問題。

$ strings chall | grep "\.c"
.so.cachH3P
.so.cachH3J
../csu/libc-start.c
cxa_atexit.c
vfprintf-internal.c
wfileops.c
iofwide.c
strops.c
malloc.c
arena.c
../sysdeps/x86/cacheinfo.c
wcrtomb.c
wcsrtombs.c
mbsrtowcs_l.c
../sysdeps/unix/sysv/linux/getcwd.c
../sysdeps/unix/sysv/linux/getpagesize.c
../sysdeps/unix/sysv/linux/getsysstats.c
../elf/dl-tls.c
glibc.cpu.x86_shstk
glibc.cpu.hwcap_mask
glibc.cpu.x86_ibt
glibc.cpu.hwcaps
glibc.cpu.x86_data_cache_size
glibc.malloc.check
glibc.cpu.x86_shared_cache_size
glibc.cpu.x86_non_temporal_threshold
gconv.c
gconv_db.c
gconv_conf.c
gconv_builtin.c
../iconv/skeleton.c
gconv_simple.c
../iconv/loop.c
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
gconv_dl.c
findlocale.c
loadlocale.c
loadarchive.c
../stdio-common/printf_fphex.c
dl-load.c
dl-lookup.c
dl-hwcaps.c
dl-misc.c
../sysdeps/unix/sysv/linux/dl-origin.c
/etc/ld.so.cache
glibc-ld.so.cache1.1
dl-cache.c
../elf/dl-runtime.c
dl-open.c
dl-close.c
dl-deps.c
dl-version.c
__assert_fail_base.cold
_nl_load_domain.cold
_IO_new_fclose.cold
_IO_fflush.cold
_IO_puts.cold
_IO_wfile_underflow.cold
_IO_new_file_underflow.cold
__printf_fp_l.cold
__printf_fphex.cold
_IO_fputs.cold
_IO_fwrite.cold
_IO_getdelim.cold
uw_install_context_1.cold
read_encoded_value.cold
execute_stack_op.cold
uw_update_context_1.cold
execute_cfa_program.cold
uw_frame_state_for.cold
uw_init_context_1.cold
_Unwind_RaiseException_Phase2.cold
_Unwind_ForcedUnwind_Phase2.cold
_Unwind_GetGR.cold
_Unwind_SetGR.cold
_Unwind_RaiseException.cold
_Unwind_Resume.cold
_Unwind_Resume_or_Rethrow.cold
_Unwind_Backtrace.cold
read_encoded_value_with_base.cold
classify_object_over_fdes.cold
fde_single_encoding_compare.cold
fde_mixed_encoding_compare.cold
add_fdes.cold
linear_search_fdes.cold
_Unwind_IteratePhdrCallback.cold
search_object.cold
_Unwind_Find_FDE.cold
base_of_encoded_value.cold
__gcc_personality_v0.cold
intel_check_word.constprop.0
handle_intel.constprop.0
crtstuff.c
u_f0unD_dA_f1a4y4Y.c★
get_common_indices.constprop.0
get_extended_indices.constprop.0
systrim.constprop.0
unlink_chunk.constprop.0
add_module.constprop.0
find_module.constprop.0
lose.constprop.0
open_verify.constprop.0
add_path.constprop.0.isra.0
_dl_map_object_from_fd.constprop.0
.comment

怪しい文字列のソースコード発見。

DO{u_f0unD_dA_f1a4y4Y}

Setup: Files (Cloud Forensics 1)

問題にフラグが書いてあった。

DO{1_C4N_H4Z_CL0UD}

A door by any other name (Steganography 100)

Steganographyのページに「The cake is a lie」と書いてあるが、コピーすると、空白文字が入っていることがわかる。ASCII文字の間の空白文字の数をASCIIコードとしてデコードする。

with open('enc', 'rb') as f:
    data = f.read()

codes = []
count = 0
i = 0
while True:
    if data[i] == '\xe2':
        if data[i:i+3] == '\xe2\x80\x8b':
            count += 1
            i += 3
    else:
        codes.append(count)
        count = 0
        i += 1
    if i == len(data):
        break

flag = ''
for code in codes[1:]:
    flag += chr(code)
print flag

DO{1$_1NV1$1BL3}

A cornucopia of numbers (Steganography 75)

二進数コードが並んでいるので、デコードする。base64文字列になるのでデコードすると、フラグになった。

with open('Bin.txt', 'r') as f:
    codes = f.read().split(' ')

b64 = ''
for code in codes:
    b64 += chr(int(code, 2))

flag = b64.decode('base64')
print flag

DO{C0nVeR510n_m4Dn355}

Queen's gambit (Steganography 100)

$ exiftool Freddie_Mercury.png 
ExifTool Version Number         : 10.80
File Name                       : Freddie_Mercury.png
Directory                       : .
File Size                       : 457 kB
File Modification Date/Time     : 2021:10:09 11:02:37+09:00
File Access Date/Time           : 2021:10:09 11:04:51+09:00
File Inode Change Date/Time     : 2021:10:09 11:02:37+09:00
File Permissions                : rwxrwxrwx
File Type                       : PNG
File Type Extension             : png
MIME Type                       : image/png
Image Width                     : 562
Image Height                    : 787
Bit Depth                       : 8
Color Type                      : RGB
Compression                     : Deflate/Inflate
Filter                          : Adaptive
Interlace                       : Noninterlaced
Author                          : RE97VzNfYVIzX3RoM19DaDRtUDEwblN9
Image Size                      : 562x787
Megapixels                      : 0.442

Authorにbase64文字列らしきものがあるので、デコードする。

$ echo RE97VzNfYVIzX3RoM19DaDRtUDEwblN9 | base64 -d
DO{W3_aR3_th3_Ch4mP10nS}

DO{W3_aR3_th3_Ch4mP10nS}

The Detective(Steganography 75)

$ strings Pika.jpeg | grep DO{
DO{H1d1nG_iN_Pl41n_SiGhT}

DO{H1d1nG_iN_Pl41n_SiGhT}

Not exactly Nestene's Autons (125)

Stegsolveで開き、Red plane 0を見たら、フラグが現れた。

DO{B1t5_0n_4_p14N3}

Phreak File (Steganography 100)

$ file phreak_file.bmp 
phreak_file.bmp: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
$ mv phreak_file.bmp phreak_file.wav

Audacityで開くと、DTMFトーンが入っていることがわかる。

https://unframework.github.io/dtmf-detect/で番号を取得する。

2 222 222 33 7777 7777 6 9999 333 444 555 33 7777

ガラケーのキーパッド入力として文字に起こす。

ACCESSMZFILES

DO{ACCESSMZFILES}

All around the word (Cryptography 75)

国旗が並んでいるので、該当する国名を調べてみる。

1: Grenada
2: Eswatini
3: Oman
4: Grenada
5: Rwanda
6: Antigua and Barbuda
7: Palau
8: HOLY SEE
9: Yemen

この国名の頭文字を並べればよい。

DO{GEOGRAPHY}

Constant Primes (Cryptography 75)

RSA暗号。秘密鍵がわかっているので、そのまま復号する。

#!/usr/bin/python3
from Crypto.PublicKey import RSA

with open('id_rsa', 'r') as f:
    priv_data = f.read()

c = 0x2085f3d3573cd709fad84bed9fe8dde419fb7c8e96aa95ec4651a3bc07b5552f321e03404943744d931a4a51a817cf190880a5efbf94aa828c45da5b31dcdefc

privkey = RSA.importKey(priv_data)
n = privkey.n
d = privkey.d

m = pow(c, d, n)
flag = m.to_bytes(m.bit_length() // 8 + 1, 'little').decode()
print(flag)

DO{RSA_1s_n0t_that_hard}

Rook to E4 (Cryptography 150)

各行でチェスの駒の位置を表しているようだ。https://lichess.org/analysis/standardで1行目を入力する。

駒で"D"の文字を表している。同じように2行目以降を入力して文字を見ていく。

DO{CHESSISCOOL}

Carousel (Cryptography 50)

シーザー暗号。https://www.geocachingtoolbox.com/index.php?lang=en&page=caesarCipherで復号する。するとROT47で復号できた。

DO{r07473_m3}

Simply Cipher (Cryptography 60)

Vigenere暗号。https://www.guballa.de/vigenere-solverで復号する。

Today's flag is going to be CIPHER_AGAIN!

DO{CIPHER_AGAIN!}