UMass CTF 2021 - malware [crypto]

• Competition: UMass CTF 2021
• Challenge Name: malware
• Type: Crypto
• Points: 448 pts
• Description:

  We’ve identified some ransomeware on one of our employee’s systems, but it seems like it was made by a script kiddie. Think you can decrypt the files for us?

The challenge

malware.py is a Python “ransomware”. Code is super-short:

from Crypto.Cipher import AES
from Crypto.Util import Counter
import binascii
import os

key = os.urandom(16)
iv = int(binascii.hexlify(os.urandom(16)), 16)

for file_name in os.listdir():
    data = open(file_name, 'rb').read()

    cipher = AES.new(key, AES.MODE_CTR, counter = Counter.new(128, initial_value=iv))
    
    enc = open(file_name + '.enc', 'wb')
    enc.write(cipher.encrypt(data))

    iv += 1

Securinets CTF Quals 2021 - kill shot [pwn]

• Competition: Securinets CTF Quals 2021
• Challenge Name: kill shot
• Type: pwn
• Points: 1000 pts
• Description:

  Let’s learn some exploitation!

Securinets CTF Quals 2021 - success [pwn]

• Competition: Securinets CTF Quals 2021
• Challenge Name: success
• Type: pwn
• Points: 1000 pts
• Description:

  You have to study hard!

Securinets CTF Quals 2021 - MiTM [crypto]

• Competition: Securinets CTF Quals 2021
• Challenge Name: MiTM
• Type: Crypto
• Points: 559 pts
• Description:

  You managed to get in the middle and control the entire discussion between Alice, Bob and Carol. What are they saying ?

The file app.py contains an implementation of Diffie-Hellman (DHx class), with fingerprinting too. Assuming Alice, Bob and Carol have private keys a, b and c respectively, the following describes the key-exchange scheme:

1. Alice sends g^a (mod p) to Bob.
2. Bob raises by b, generating g^ab (mod p) and sends that to Carol.
3. Carol receives, raises by c and keeps that as the secret: g^abc (mod p).

If we denote this chain as A --> B --> C then similar chains happen to get everyone synced to the same secret:

1. A --> B --> C (which we just described)
2. B --> C --> A
3. C --> A --> B

NahamCon CTF 2021 - AgentTesterV2 [web]

• Competition: NahamCon CTF 2021
• Challenge Name: AgentTesterV2
• Type: Web
• Points: 500 pts
• Description:

  The new developer we hired did a bad job and we got pwned. We hired someone else to fix the issue.

  Author: @jorgectf#3896

  Source: https://ctf.nahamcon.com/files/354c72ad810a5c9e05c55bc3c6cb6e35/agenttesterV2.zip or mirror

Union SQLi via websocket to SSRF bot to my own site hosting a CSRF to make bot update its profile with a PXSS in the about field. The XSS exploits a Jinja2 SSTI on /debug and exfils the Flask config back to my own server. Forge admin cookie using SECRET_KEY and exploit SSTI directly to gain RCE.

Surprisingly my solution was unintended, see the author’s write-up for the intended solution (or this one by @bergi).