generated from sigpwny/ctf-chal-repo-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
62 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| FROM ubuntu:20.04 | ||
|
|
||
| RUN apt-get update && apt-get install -y socat python3 | ||
|
|
||
| RUN adduser chal | ||
|
|
||
| RUN mkdir -p /chal | ||
| WORKDIR /chal | ||
|
|
||
| COPY chal.py flag.txt ./ | ||
| RUN chmod 555 chal.py | ||
| USER chal | ||
|
|
||
| CMD socat -T60 TCP-LISTEN:1337,fork,reuseaddr EXEC:"python3 -u chal.py",stderr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| import hashlib | ||
| import os.path | ||
|
|
||
| if __name__ == '__main__': | ||
| print("Welcome to my neutron collider. Using state of the art technology, I will smash two strings into each other. I call this ability 'string theory'.") | ||
| print("Weird stuff happens when they collide... the energy of the collision is so high it creates another third string that my research team is calling a 'flag'. ") | ||
| print("BUT!!!! To save resources, your strings must be sigpwny (TM) branded!!!") | ||
|
|
||
| x = input("string 1 > ").encode('utf8','surrogateescape') | ||
| y = input("string 2 > ").encode('utf8','surrogateescape') | ||
|
|
||
| if not x.startswith(b'sigpwny{') or not y.startswith(b'sigpwny{'): | ||
| print("Hey! I'm on a tight budget here. I need to reinvest as much as possible into my collider. Make sure both strings are sigpwny (TM) branded.") | ||
|
|
||
| if hashlib.md5(x).hexdigest() == hashlib.md5(y).hexdigest(): | ||
| print(open('flag.txt').read() if os.path.isfile('flag.txt') else 'Error: no flag file found') | ||
| else: | ||
| print("Yeah those strings didn't collide. Maybe collide two different strings...") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: "TESTCHALLLLLLLLLLLLLLL" | ||
| author: Pete | ||
| category: Crypto | ||
| description: |- | ||
| My research team has toiled away to create a state-of-the-art neutron collider (Mark Demolisher V - MD5, for short). | ||
| Can you get two neutrons to collide? | ||
| `nc chal.fallctf.sigpwny.com 6001` | ||
| **author**: Pete | ||
| value: 500 | ||
| type: dynamic | ||
| tags: | ||
| - medium | ||
| extra: | ||
| initial: 500 | ||
| decay: 150 | ||
| minimum: 100 | ||
| flags: | ||
| - sigpwny{md5_is_broken_and_now_im_broke} | ||
| files: | ||
| - chal.py | ||
| hints: | ||
| - We need to execute a certain type of a md5 hash collision attack. | ||
| - Look for a tool to pull off a "md5 same prefix hash collision" attack. | ||
| - Use [HashClash](https://github.com/cr-marcstevens/hashclash) | ||
| state: hidden |
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| sigpwny{md5_is_broken_and_now_im_broke} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| #!/bin/bash | ||
| (cat collision1.bin; echo ""; cat collision2.bin; echo "";) | python3 chal.py |