Secret Conversation

Secret Conversation We captured a conversation between Alice and Bob, But unfortunately, it’s encrypted. Luckily we found the encryption script (They were both using the same script on the same server) and managed to decrypt the first message Alice sent, it was: “Hello, how are you?”. Can you decrypt the other three? “We captured a…

Read The Flag

Read The Flag Solution Under the challenge address there are few words from the author But in closer look I’ve realized that I’ve been redirected from the original address. I’ve investigated the redirection path, which looks like below. https://ch2.sbug.se/ => https://ch2.sbug.se/get?getMedia=README => https://ch2.sbug.se/read The /get?getMedia=README response setups below cookie: < set-cookie: content=”H3llo\012This is my resume.\012I am EXPERT in cyber security\012″; Path=/…

Mr.B Supremacy

Mr.B Supremacy 100 points “We found out that Mr.B met with a journalist to help him publish what he knew, we don’t know when or where exactly, but our guess is they met in a hotel, see if Mr.B shared anything about this meeting in social media. All we know about him besides his alias…

Get Me

Get Me 100 points Challenge starts at login page Quick look into the source reveals the credentials. After logging in I’ve been redirected to Julia’s homepage. Then, I’ve found custom.js script, which seemed to be a bit obfuscated.   Investigation revealed that this script prepares the http request with below properties: GETmethod used. phpaddress. inputurl…

Find Parts

Find Parts 100 points Solution There’s find_parts.png file in archive. It should has a flag somewhere. Also worth mentioning is it’s broken. I’ve found 4 flag parts in below ways: First part was hidden in the header of the file. Instead of expected IHDR in png file there was SBCTF (I’ve corrected it with hexedit…

Usual or Unusual

Usual or Unusual 200 points “A company developed an authentication system and gave it to us for testing, I told the developers the way they authenticate a user is dangerous and unusual, But they disagreed and told me if i find the secret flag, They would reconsider. Help me find it.” Solution The challenge is…

Objects

Objects 200 points The site returns a page that says “Hi” and nothing else. We can open /robots.txt to find some endpoints. /robots.txt Let’s look at some of these: /l0g.hacker /index.php~ This file is showing the source of index.php. We need to call the page with the correct flag_id to see the flag. We can also see some other existing…

Mr.b Ultimatum

Mr.b Ultimatum 150 points Description: “Someone claims that they knew a programmer named Mr.B, who liked to share his projects with other programmers in order for them to use and even build upon them, find out if you can get more information out of this. All we know about him besides his alias is a…

It All Starts From The Beginning

It All Starts From The Beginning 200 points Can you find the beginning!? File: fina, Main.java Fina ~T\7EWE1W;A5ZTdJ0Vag[ZREaHQEK~ Main.java import java.io.FileWriter; import java.io.IOException; import java.util.Arrays; import java.util.Random;   public class Main { static String passer=”a”; static int run=0; public static void main(String[] args)throws IOException  { System.out.println(“you shouldn’t start from here :)”); } public static void juzbYn(String[] args)throws…

Asymetricjob

Asymetricjob 200 points 1024.txt PePAW8C9Lm7yxsyA2MShozuHpDrRZJssZECWAYULMEMq7pfcX4cUyKpWvW8ZVQis+KtxT7pa1LEcq4UvYW8Gm44nTUwPOOzqw86MXonJ8Mwgx9gXlZHNReG/X2+bynejQo36b1axIt9RujXCxXzEsOzO/gpSVE24bgvwwvU+C28= Keys.asymmetric MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCO5+gAGMWkPvEtXWLRaqxSm3PeNtMMDfbGQs15Gms7trqxGnK+pjZslc4oVyw6cu5RHrt4YpfGY1VeXG8ZeIiY5BagA7eMP8Rv5ixblyhA51MMDNd/+gNcDZH4MvtM1KsDYYeeD9SXKrBI10znG7nxV4fAB39Y4PW8UzMv8GFVEQIDAQAB MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAI7n6AAYxaQ+8S1dYtFqrFKbc9420wwN9sZCzXkaazu2urEacr6mNmyVzihXLDpy7lEeu3hil8ZjVV5cbxl4iJjkFqADt4w/xG/mLFuXKEDnUwwM13/6A1wNkfgy+0zUqwNhh54P1JcqsEjXTOcbufFXh8AHf1jg9bxTMy/wYVURAgMBAAECgYAS9Ab9HEv6QK7UCXK1u6QnQJ7ZdgP/sUpteSavTSWzwcR5ALz/NCQ7upKhHw6qoduhvqW2jbz7fukvnqrNggL7sClLoP3F2y2w+tIkPcev+ymud+wt7y6hRGwHXdKqzHW9h+f4e/1zg59WDVf8OSz6h8+McGkGMqFaQDp0aiZmUQJBAO6dNrd3oSZi3Qj9mVlUAUJuissYoehnGAk0rwmTKLAmLTOcki0fVc7OH1nu2TZ4mLpun58mVUiVZS3o9LRtc08CQQCZUXrm5GoR2suD6LCSiUUY4s66bBxKfur7IxgZNP5Z/Q+9XanehxauJfiUKZU5dCF0oNX0BtLzOH6u3uNUnBmfAkEAtKH25fR93d1BjqjMCb96JJwiHZVMG+7PV0i2qPzp9E8yMLv6PIZYIvIO8bnKXV314EwWMhiGvye5LIQJmvywKQJAYJqUhBN8Og/QmCbvywUvQoT2mUQxd0cNLHxqXMelVHI9jqYLuKkJw2Utgb3Jxs/DnMcSyJXcKWB5ghnyx4csJQJAOC7RK4hytMeZ0Up/hWTIIpEdSeJtip/ZMbIRRVpnt6CrcQcvHWggO68RxjXnVqFz9IAZDsxeEIWTtv+6G2xOAQ== Solution I’m writing this writeup a bit later than other writeups. Actually, the reason is that I solved this challenge with use of https://www.devglan.com/online-tools/rsa-encryption-decryption I guess it’s totally acceptable solution, but I wanted to know how to solve it with Python. And that’s the reason why I…