NanoSec x Wargames.MY CTF Write Up

Briefly, this is a simple write up for what was happening during the CTF games. Been participated in the event to just have an enjoy weekend time even though busy with family and celebrating my birthday anniversary.

 

Cryptography : warming up 1

Question: jztl{y0y_f0_3nfl}

Answer: wmgy{l0l_s0_3asy}

Explaination: Use ROT13 to answer.

 

Cryptography : warming up 2

Question: ZHRuZntxYnphXzRfczFhYXMzX2kxYV9vNHlrM3l9

Answer: wmgy{just_4_l1ttl3_b1t_h4rd3r}

Explaination: Decode using normal Base64 and use ROT19 afterwards.

 

Cryptography : warming up 3

Question: https://gudang.wargames.my/9457d98ad0244eb114133832bf486e8755ef29bbb53aa33a4852d81b/lol.7z (Reference #1)

 

Answer: wmgy{was_1t_fun_t0_d0_l00p_rolls?}

Explaination: The huge text was encoded with base64 n (not sure) times. Use the script as per below:

 

Steganography : PEKIDA

Question: https://gudang.wargames.my/b711bad6b9d99dab1bde621eb4b4cfc64f7ef217fabfce31ed5a83f2/PEKIDA (Reference #1)

Answer: wgmy{m4ju_lu_s1n1_4nj1n9}

Explaination: Maybe obviously the title assist us to use IDA Pro (Reference #4) tool. PEK (pakai) IDA (IDA). ~= Pakai IDA lah. Change “Max number of nodes” under “Graph” tab option as many as possible, let say 100000. Right click and choose “Fit Windows”.

Note: Salutation to the question author.

 

Web : ScrewIt!

Question: https://screwit.wargames.my/ (not sure if the link will be deleted)

Answer: wgmy{did_u_brut3f0rc3-it?}

Explaination: Use LFI to get the content of /usr/lib/php/20121212/screwim.so (refer to php.ini) and flag.php files. Download and compile PHP 5.5 source codes. Configure php.ini to use downloaded screwim.so file as PHP extension. Use script as per below to decrypt.

The output as per below:

Furthermore, use LFI URL as per below to get the server file content and decode using Base64 afterwards:

 

Thanks to CTF Overlords.

References:

  1. Artefacts
  2. http://nanosec2018.wargames.my/
  3. https://www.nanosec.asia/
  4. IDA PRO

Leave a Reply

Your email address will not be published. Required fields are marked *