Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This will give you an exact timestamp and an approximate PID Next run following command locally, with a flag.txt file of length 49
You will get a number of different outputs Look for one that has the last letter of flag.txt xor'ed in the same place as the } xor'ed was on the shell Dexor Reassemble the flag GG;No re
Add
bam ez flag
Have a bit of an experiment The input is broken down into 4 chunks of 8 Imagine the output like a grid The first character is converted to binary and written to the grid like a diagonal line, with the lsb at the top. For the next character the line is shifted to the right one, and so on until all characters in the chunk have been written. This repeats for the next 3 chunks, except instead of 1, the numbers 2, 4 and 8 are written instead After the string is written 40 is added to all squares and it is converted to ascii. To solve, unconvert, subtract 40 and reverse the process gg, beat woak
http.request.method == GET on wireshark
Export Objects > HTTP > git-receive-pack
Create a new git repo
Place in the git repo
Open in hex editor and fix the file header to be just 'PACK' at the beginning (remove all the crap)
Now git unpack-objects < git-receive-pack
Navigate to objects folder, here there are 3 git objects:
a commit
a tree file
a blob file
Decompress the zlib blob file with: python -c "import zlib; print zlib.decompress(open('3f47cbcb3ad8e946d0aad59259bdb1bc9e63f2').read());" > flag.jpg
Open the file up in a hex editor and remove the first few bytes so the header is a jpeg header
Open it up for the flag
actf{git_good_git_wireshark-123323}
All we had to find was a'/a and apply it on b'wb to get a'b'wba to get our solution but reversing it to achieve fewest moves. i did a'waw' to find the differences between the 2 scrambles. luckily only corners were affected so i can take less time. i then analysed the movement of corners swaps of w and represented them in Old Pochmann notation: ANTXPDGJ afterwards i mapped out the corner swaps of a'wa also represented in Old Pochmann notation: AMPHFNLO then i got a sheet of paper and mapped out a'wa corner pieces onto the corner swaps of w to find the setup move (a = B U B U D' F' L2 F U2 L2 U' L2 D F2 U2 F2 U' B2)
. After filling the cube corners out i plugged it into the rubiks cube solver to get a. i applied it onto b'wb and then plug it into the rubiks cube solver again and reverse the solution to get the flag.
Use r2 to find address of flag function, 0x00401186
Find buffer length needed.
Found this https://repl.it/repls/BarrenIdealLoopfusion repl.it on this https://stackoverflow.com/questions/30713648/how-to-compute-ab-mod-m stack overflow, adjusted to this https://repl.it/repls/CompassionateForkedUnderstanding and used x function to manually calculate values
Report that, bam ez
So i averaged the first 10 nums and gave it a number as well as add 0.5 (to reverse what the source did) this gave me binary and i replaced it with values from source. i shoved it into a morse code decoder to get a pattern and then brute forced the flag by guessing what the letters could be
Found arguments were 3 numbers 0-9 and "chicken" Although not meant to I brute forced it with this python script:
String "ZFOKYO\nMC\O\nLFKM"
seen in memory About where the password is compared XOR it with the key 2a to get 'please give flag' with newlines removed.