[oss] Unbreakable 1 - October 2020

[Daniel Dinca]

Hello,
I am Daniel Dinca and I participated in the Unbreakable 1 CTF. Here is a very brief summary of my solutions:
1. russian-doll: this contained an archive that in turn contained another archive and so on until you reach the final archive that contained a file with the flag. Some of the archives were protected with passwords that I cracked using fcrackzip, 7zipcrack2. tsunami-researcher: open the .wav with a tool that can do some processing, did some settings and obtained the flag.3. alien-console: the program xor's the input with the flag. If the flag is correct then you get 0's at output. Just brute force the flag. (incremental brute force because we have confirmation when a certain part of the flag is correct - because of the output)4. the-code: the webserver contained a file that had the flag. I could find the file with dirb - and then just access it and get the flag.5. notafuzz: memory leak of the flag through a format string attack. This was because the buffer that we entered was given as a parameter to printf.6. better-cat: strings on the ELF -> get the password -> get the flag.7. imagine-that: we could give the index for beginning and end for the print. After many tries, I noticed that if I give negative indexes I can print a PNG image. So, I obtained the PNG image which was a QR code, then I got the password from that QR code and in the end, got the flag.
My final position was 14/380.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cursuri.cs.pub.ro/pipermail/oss/attachments/20210124/9422d9fe/attachment.html>