~laumann

https://laumann.xyz/

Trackers

~laumann/picoctf

Last active 3 months ago

#4 rsa-pop-quiz 3 months ago

Comment by ~laumann on ~laumann/picoctf

WE SOLVED IT!!

REPORTED RESOLVED FIXED

#4 rsa-pop-quiz 3 months ago

Comment by ~laumann on ~laumann/picoctf

First challenge: Compute d in the following

q : 92092076805892533739724722602668675840671093008520241548191914215399824020372076186460768206814914423802230398410980218741906960527104568970225804374404612617736579286959865287226538692911376507934256844456333236362669879347073756238894784951597211105734179388300051579994253565459304743059533646753003894559
p : 97846775312392801037224396977012615848433199640105786119757047098757998273009741128821931277074555731813289423891389911801250326299324018557072727051765547115514791337578758859803890173153277252326496062476389498019821358465433398338364421624871010292162533041884897182597065662521825095949253625730631876637
e : 65537
##### PRODUCE THE FOLLOWING ####
d

which we do with

d = pow(e, -1, (p-1)*(q-1))
d = 1405046269503207469140791548403639533127416416214210694972085079171787580463776820425965898174272870486015739516125786182821637006600742140682552321645503743280670839819078749092730110549881891271317396450158021688253989767145578723458252769465545504142139663476747479225923933192421405464414574786272963741656223941750084051228611576708609346787101088759062724389874160693008783334605903142528824559223515203978707969795087506678894006628296743079886244349469131831225757926844843554897638786146036869572653204735650843186722732736888918789379054050122205253165705085538743651258400390580971043144644984654914856729

#6 asm3 4 months ago

Reverse Engineering added by ~laumann on ~laumann/picoctf

#6 asm3 4 months ago

Ticket created by ~laumann on ~laumann/picoctf

What does asm3(0xd73346ed,0xd48672ae,0xd3c8b139) return?

asm3:
	<+0>:	push   ebp
	<+1>:	mov    ebp,esp
	<+3>:	xor    eax,eax
	<+5>:	mov    ah,BYTE PTR [ebp+0xa]
	<+8>:	shl    ax,0x10
	<+12>:	sub    al,BYTE PTR [ebp+0xc]
	<+15>:	add    ah,BYTE PTR [ebp+0xd]
	<+18>:	xor    ax,WORD PTR [ebp+0x10]
	<+22>:	nop
	<+23>:	pop    ebp
	<+24>:	ret    

#5 Client-side-again 4 months ago

Comment by ~laumann on ~laumann/picoctf

Solved pretty quick. The site contains an obfuscated MD5 implementation that checks the password (which is the flag):

var _0x5a46=['0a029}','_again_5','this','Password\x20Verified','Incorrect\x20password','getElementById','value','substring','picoCTF{','not_this'];(function(_0x4bd822,_0x2bd6f7){var _0xb4bdb3=function(_0x1d68f6){while(--_0x1d68f6){_0x4bd822['push'](_0x4bd822['shift']());}};_0xb4bdb3(++_0x2bd6f7);}(_0x5a46,0x1b3));var _0x4b5b=function(_0x2d8f05,_0x4b81bb){_0x2d8f05=_0x2d8f05-0x0;var _0x4d74cb=_0x5a46[_0x2d8f05];return _0x4d74cb;};function verify(){checkpass=document[_0x4b5b('0x0')]('pass')[_0x4b5b('0x1')];split=0x4;if(checkpass[_0x4b5b('0x2')](0x0,split*0x2)==_0x4b5b('0x3')){if(checkpass[_0x4b5b('0x2')](0x7,0x9)=='{n'){if(checkpass[_0x4b5b('0x2')](split*0x2,split*0x2*0x2)==_0x4b5b('0x4')){if(checkpass[_0x4b5b('0x2')](0x3,0x6)=='oCT'){if(checkpass[_0x4b5b('0x2')](split*0x3*0x2,split*0x4*0x2)==_0x4b5b('0x5')){if(checkpass['substring'](0x6,0xb)=='F{not'){if(checkpass[_0x4b5b('0x2')](split*0x2*0x2,split*0x3*0x2)==_0x4b5b('0x6')){if(checkpass[_0x4b5b('0x2')](0xc,0x10)==_0x4b5b('0x7')){alert(_0x4b5b('0x8'));}}}}}}}}else{alert(_0x4b5b('0x9'));}}

REPORTED RESOLVED FIXED

#5 Client-side-again 4 months ago

Web Exploitation added by ~laumann on ~laumann/picoctf

#5 Client-side-again 4 months ago

Ticket created by ~laumann on ~laumann/picoctf

Can you break into this super secure portal? https://jupiter.challenges.picoctf.org/problem/6353/ or http://jupiter.challenges.picoctf.org:6353

Hint:

  • What is obfuscation?

#3 asm2 4 months ago

Comment by ~laumann on ~laumann/picoctf

#3 asm2 4 months ago

Comment by ~laumann on ~laumann/picoctf

Solution is posted in here

The short version is that the assembly above basically corresponds to

a = 0x2d
b = 0x4
while b <= 0x5fa1:
    a += 1
    b += 0xd1
return a

REPORTED RESOLVED FIXED

#4 rsa-pop-quiz 4 months ago

Comment by ~laumann on ~laumann/picoctf

I almost solved this one. I have a text file with answers to questions, but it's not done.