From 3b09a5002a2f45b22c1ccedaabe9b7ee18f93595 Mon Sep 17 00:00:00 2001 From: CBCicada Date: Mon, 11 Mar 2024 15:08:26 -0500 Subject: [PATCH] Test all the syncs --- chals/crypto/test_chal/Dockerfile | 14 +++++++++++++ chals/crypto/test_chal/chal.py | 18 +++++++++++++++++ chals/crypto/test_chal/challenge.yml | 27 ++++++++++++++++++++++++++ chals/crypto/test_chal/collision1.bin | Bin 0 -> 128 bytes chals/crypto/test_chal/collision2.bin | Bin 0 -> 128 bytes chals/crypto/test_chal/flag.txt | 1 + chals/crypto/test_chal/solution.sh | 2 ++ 7 files changed, 62 insertions(+) create mode 100644 chals/crypto/test_chal/Dockerfile create mode 100644 chals/crypto/test_chal/chal.py create mode 100644 chals/crypto/test_chal/challenge.yml create mode 100644 chals/crypto/test_chal/collision1.bin create mode 100644 chals/crypto/test_chal/collision2.bin create mode 100644 chals/crypto/test_chal/flag.txt create mode 100644 chals/crypto/test_chal/solution.sh diff --git a/chals/crypto/test_chal/Dockerfile b/chals/crypto/test_chal/Dockerfile new file mode 100644 index 0000000..4e00805 --- /dev/null +++ b/chals/crypto/test_chal/Dockerfile @@ -0,0 +1,14 @@ +FROM ubuntu:20.04 + +RUN apt-get update && apt-get install -y socat python3 + +RUN adduser chal + +RUN mkdir -p /chal +WORKDIR /chal + +COPY chal.py flag.txt ./ +RUN chmod 555 chal.py +USER chal + +CMD socat -T60 TCP-LISTEN:1337,fork,reuseaddr EXEC:"python3 -u chal.py",stderr diff --git a/chals/crypto/test_chal/chal.py b/chals/crypto/test_chal/chal.py new file mode 100644 index 0000000..8e5f491 --- /dev/null +++ b/chals/crypto/test_chal/chal.py @@ -0,0 +1,18 @@ +import hashlib +import os.path + +if __name__ == '__main__': + print("Welcome to my neutron collider. Using state of the art technology, I will smash two strings into each other. I call this ability 'string theory'.") + print("Weird stuff happens when they collide... the energy of the collision is so high it creates another third string that my research team is calling a 'flag'. ") + print("BUT!!!! To save resources, your strings must be sigpwny (TM) branded!!!") + + x = input("string 1 > ").encode('utf8','surrogateescape') + y = input("string 2 > ").encode('utf8','surrogateescape') + + if not x.startswith(b'sigpwny{') or not y.startswith(b'sigpwny{'): + print("Hey! I'm on a tight budget here. I need to reinvest as much as possible into my collider. Make sure both strings are sigpwny (TM) branded.") + + if hashlib.md5(x).hexdigest() == hashlib.md5(y).hexdigest(): + print(open('flag.txt').read() if os.path.isfile('flag.txt') else 'Error: no flag file found') + else: + print("Yeah those strings didn't collide. Maybe collide two different strings...") \ No newline at end of file diff --git a/chals/crypto/test_chal/challenge.yml b/chals/crypto/test_chal/challenge.yml new file mode 100644 index 0000000..15d2dff --- /dev/null +++ b/chals/crypto/test_chal/challenge.yml @@ -0,0 +1,27 @@ +name: "TESTCHALLLLLLLLLLLLLLL" +author: Pete +category: Crypto +description: |- + My research team has toiled away to create a state-of-the-art neutron collider (Mark Demolisher V - MD5, for short). + Can you get two neutrons to collide? + + `nc chal.fallctf.sigpwny.com 6001` + + **author**: Pete +value: 500 +type: dynamic +tags: + - medium +extra: + initial: 500 + decay: 150 + minimum: 100 +flags: + - sigpwny{md5_is_broken_and_now_im_broke} +files: + - chal.py +hints: + - We need to execute a certain type of a md5 hash collision attack. + - Look for a tool to pull off a "md5 same prefix hash collision" attack. + - Use [HashClash](https://github.com/cr-marcstevens/hashclash) +state: hidden diff --git a/chals/crypto/test_chal/collision1.bin b/chals/crypto/test_chal/collision1.bin new file mode 100644 index 0000000000000000000000000000000000000000..f052647e1443e90ba6f8e3fe1547c19735dd22fc GIT binary patch literal 128 zcmV-`0Du2;X=iYEZh3p*E`I=bd3=UPgYyz#UQ6X%(5X$?tLTB6V&@UbPuO7y=C&H* zy->mnOYukS49#bZ*m_%O0ffw~!@-_$wuJWEgNoa6fWZ#?9L`iRryMy~4xN@a9W(CG iy?S+tI4ApfKi%@X=>&Lb=Fy;=^`T4JwUW^y9Dw?RyhDlr literal 0 HcmV?d00001 diff --git a/chals/crypto/test_chal/collision2.bin b/chals/crypto/test_chal/collision2.bin new file mode 100644 index 0000000000000000000000000000000000000000..6454041271620606fcb1c080addeadd53bad0ad4 GIT binary patch literal 128 zcmV-`0Du2;X=iYEZh3p*FMj}cd3=UPgYyz#UQ6X%(5X$?tLTB6V&@UbPuO7y=C&H* zy->mnOYukS49#bZ*m_%O0ffw~!@-_$wuJWEf{NR5fWZ#?9L`iRryMy~4xN@a9W(CG iy?S+tI4ApfKi%@X=>&Lb=Fy;=^`T4JwUW^y9Dw?R{6mTW literal 0 HcmV?d00001 diff --git a/chals/crypto/test_chal/flag.txt b/chals/crypto/test_chal/flag.txt new file mode 100644 index 0000000..800f6d0 --- /dev/null +++ b/chals/crypto/test_chal/flag.txt @@ -0,0 +1 @@ +sigpwny{md5_is_broken_and_now_im_broke} \ No newline at end of file diff --git a/chals/crypto/test_chal/solution.sh b/chals/crypto/test_chal/solution.sh new file mode 100644 index 0000000..ccd7ebb --- /dev/null +++ b/chals/crypto/test_chal/solution.sh @@ -0,0 +1,2 @@ +#!/bin/bash +(cat collision1.bin; echo ""; cat collision2.bin; echo "";) | python3 chal.py \ No newline at end of file