Sunday 20 September 2015

[Write-up] CSAW CTF 2015 - Recon Alexander Taylor 100

18:24 Posted by Matnacian , , , No comments 

We start with:


>>> http://fuzyll.com/csaw2015/start
CSAW 2015 FUZYLL RECON PART 1 OF ?: Oh, good, you can use HTTP! The next part is at /csaw2015/<the acronym for my university's hacking club>.


OK, let's google "fuzyll".


I don't see anything helpful, so I keep googling.



With "alexander taylor fuzyll", I found his LinkedIn.


https://www.linkedin.com/in/fuzyll


You can see in Education, his university is University of South Florida.



With "University of South Florida hacking club", easily you can find this link:
Whitehatters Computer Security Club - http://www.wcsc.usf.edu/






>>> http://fuzyll.com/csaw2015/wcsc


CSAW 2015 FUZYLL RECON PART 2 OF ?: TmljZSB3b3JrISBUaGUgbmV4dCBwYXJ0IGlzIGF0IC9jc2F3MjAxNS88bXkgc3VwZXIgc21hc2ggYnJvdGhlcnMgbWFpbj4uCg==




Decode base64 this string:


Nice work! The next part is at /csaw2015/<my super smash brothers main>.








With "fuzyll super smash brothers", you can find "yoshi" is the answer.



https://www.youtube.com/watch?v=MbRKFWyPQkQ







>>> http://fuzyll.com/csaw2015/yoshi











Very cute, right?

Save this image and:
$ strings yoshi.txt
CSAW 2015 FUZYLL RECON PART 3 OF ?: Isn't Yoshi the best?! The next egg in your hunt can be found at /csaw2015/<the cryptosystem I had to break in my first defcon qualifier>.








This part really makes me crazy.
"the cryptosystem first defcon qualifier"? Is it a crypto challenge in DEFCON?
What is his first defcon qualifier?

Back to his LinkedIn, 











I think "DEFCON 19 qualification" is the answer.



I googled something likes "DEFCON 19 qualification challenges", "DEFCON 19 write up", but got nothing.

Stuck! Stuck! Stuck!



Time to go 2 bed Zz.



---



After waking up, I continue googling, I continue getting nothing.
To tired! So I want to try my luck.
Let's check some possible cryptosystems.




>>> http://fuzyll.com/csaw2015/rsa



>>> http://fuzyll.com/csaw2015/caesar



>>> http://fuzyll.com/csaw2015/substitution



>>> http://fuzyll.com/csaw2015/substitutioncipher



>>> http://fuzyll.com/csaw2015/substitutioncryto



>>> http://fuzyll.com/csaw2015/substitutioncryptography



...



...



...



>>> http://fuzyll.com/csaw2015/enigma



Boooooooooooooooom!








CSAW 2015 FUZYLL RECON PART 4 OF 5: Okay, okay. This isn't Engima, but the next location was "encrypted" with the JavaScript below: Pla$ja|p$wpkt$kj$}kqv$uqawp$mw>$+gwes6451+pla}[waa[ia[vkhhmj

var s = "THIS IS THE INPUT"
var c = ""
for (i = 0; i < s.length; i++) {
    c += String.fromCharCode((s[i]).charCodeAt(0) ^ 0x4);
}
console.log(c);




Just xor!


So you can run the script again to get plain text.

Press F12 and open Console (Chrome, Firefox...)




var s = "Pla$ja|p$wpkt$kj$}kqv$uqawp$mw>$+gwes6451+pla}[waa[ia[vkhhmj"
var c = ""
for (i = 0; i < s.length; i++) {
    c += String.fromCharCode((s[i]).charCodeAt(0) ^ 0x4);
}



console.log(c); 













The next stop on your quest is: /csaw2015/they_see_me_rollin







>>> http://fuzyll.com//csaw2015/they_see_me_rollin




CSAW 2015 FUZYLL RECON PART 5 OF 5: Congratulations! Here's your flag{I_S3ARCH3D_HI6H_4ND_L0W_4ND_4LL_I_F0UND_W4S_TH1S_L0USY_FL4G}!







--- matnacian ---



--- ctf for beginners ---










































0
comments:
        
















Post a Comment