Jump to content
Tuts 4 You

LabyREnth Capture the Flag (CTF) Challenge - 2017


crystalboy

Recommended Posts

On 6/17/2017 at 5:56 PM, crystalboy said:

@Etor Madiv

  Reveal hidden contents

You should just be faster. You can send it or just copy and paste it on the website but you must be fast! :)

 

Thanks! Solved it! This probably was my favorite challenge do date! 

Link to comment
Share on other sites

Can anyone give a hint at doc2. I think I know what to do and I get the following key

Spoiler

PAN{63g8db85T83F}

but it is wrong :rolleyes:.

Can anyone tell if it is just me not getting the ascii art correct or if I have misunderstood the task.

Thanks!

Link to comment
Share on other sites

Thanks crystalboy! Finally, got the right key :P 

Does anyone know how to programatically extract the key for the xor'ing? the key that is overwritten on document open?

I tried oletools and oledump to no avail but maybe there is another way...

Link to comment
Share on other sites

Any hints of mobile 2? I figured out what file is looking for, pretty sure how many chars it is looking for in that file; 29, but not sure what it is doing after that. I tried strace to see if the response is different if a character matches, but that doesnt seem to be the case... kinda stuck. I have been trying to use gdb-multiarch and radare2, but cant really debug the program. I also tried NOPing out the ptrace... 

Thanks! 

Edited by ctfallday
Link to comment
Share on other sites

On 7/6/2017 at 11:28 AM, ctfallday said:

Any hints of mobile 2? I figured out what file is looking for, pretty sure how many chars it is looking for in that file; 29, but not sure what it is doing after that. I tried strace to see if the response is different if a character matches, but that doesnt seem to be the case... kinda stuck. I have been trying to use gdb-multiarch and radare2, but cant really debug the program. I also tried NOPing out the ptrace... 

Thanks! 

It's in there. You got the first part done, you're just overlooking the rest somewhere. I did it in QEMU-MIPS with gdb.

Link to comment
Share on other sites

3 hours ago, Rurik said:

It's in there. You got the first part done, you're just overlooking the rest somewhere. I did it in QEMU-MIPS with gdb.

Thanks Rurik... i had tried doing that, but the stack and all pointers come up as blank of gdb for some reason. for some reason, i have having issues with reading process memory no matter which debugger i am using. sudo or not. 

Edited by ctfallday
Link to comment
Share on other sites

Any hints on docs4?

Got the first macro, i have edited to set the resolution.. etc as per the calculation value, got the xor encrypted content from pos 83012 but stuck at the the xor decryption as it gives invalid .doc file based on my language settings.

 

Regards,

akkaldama

Link to comment
Share on other sites

Any hints for binary 3?

Spoiler

I've got to the part where it needs some 64 bytes in the host's clipboard, but I can't work out what it wants.

 

Link to comment
Share on other sites

On 2017/7/16 at 4:01 PM, akkaldama said:

Any hints on docs4?

Got the first macro, i have edited to set the resolution.. etc as per the calculation value, got the xor encrypted content from pos 83012 but stuck at the the xor decryption as it gives invalid .doc file based on my language settings.

 

Regards,

akkaldama

Wrong offset!

There are system calls other than resolution. Try all combinations of parameters.

  • Like 1
Link to comment
Share on other sites

On 2017/7/18 at 3:21 AM, kirby said:

Any hints for binary 3?

  Reveal hidden contents

I've got to the part where it needs some 64 bytes in the host's clipboard, but I can't work out what it wants.

 

Spoiler

There are some byte wise conversion along with redundant (repeated) computations. Then the comparison after the whole loop.

It is related to the text produced earlier.

 

Link to comment
Share on other sites

This is a nice writeup for the binary challenges which goes more into detail than necessary in my opinion but still really good: https://fevral.github.io/

and congrats to everyone who solved the challenges!

Edited by Castor
Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...