wtfctf 2021
I was only free for the first few hours of the CTF so I only did the challenges that were available at the start. These were just some of the easier challenges…
H3ll0R3v
Hello bois!
Author: Xyroscar
We’re given a file:
Filename: Hello
MD5 Hash: c18a01a95e1bb126e0322c97c8b865e3
Size: 1024 bytes
file doesn’t recognise the filetype. Hexdumped the file and there were some python strings. Filesize + python strings + file implied to me that it was probably a .pyc. Googling the first eight bytes in the file confirms this. Running uncompyle6 decompiles it back to the original python script which I’ve included below.
def main(input):
j = -4
for c in input:
if j == 1:
if c != 'Z':
exit(43)
else:
if j == -7:
if c != 'w':
exit(133)
else:
if j == -5:
if c != 'f':
exit(42069)
else:
if j == -4:
if c != 'C':
exit(11037)
else:
if j == 7:
if c != 'R':
exit(9001)
else:
if j == -2:
if c != 'F':
exit(11037)
if j == -1 and c != '{':
exit(11037)
if j == 4 and c != '3':
exit(11037)
elif j == 0 and c != '3':
exit(11037)
else:
if j == -3:
if c != 'T':
exit(82)
if j == 2:
if c != '_':
exit(11037)
if j == -6:
if c != 't':
exit(133)
if j == 6:
if c != 'E':
exit(133)
elif j == 9 and c != '3':
exit(7223)
else:
if j == 3:
if c != 'R':
exit(133)
if j == 5:
if c != 'V':
exit(133)
if j == 8:
if c != '5':
exit(6738)
elif j == 10:
if c != '}':
exit(1111)
j += 1
else:
print('Hello World')
There’s seemingly mistakes in it, such as
if j == -3:
if c != 'T':
exit(82)
if j == 2:
if c != '_':
exit(11037)
The code would never check if c != '_' when j == 2, but it’s probably intentional since not all values of j are checked either.
I just built a dictionary of all values of j that are implied, and then print them out in order.
d = { # various expected values, for values of j
1: 'Z',
-7: 'w',
-5: 'f',
-4: 'C',
7: 'R',
-2: 'F',
-1: '{',
4: '3',
0: '3',
-3: 'T',
2: '_',
-6: 't',
6: 'E',
9: '3',
3: 'R',
5: 'V',
8: '5',
10: '}'
}
if __name__ == '__main__':
res = ''.join([d[i] for i in range(-7, 11)])
print(res)
Flag: wtfCTF{3Z_R3VER53}
MoM5m4g1c
Son:I want my chocolate mom! Mother: Fill the water bottle son! :)
Author: OrkinKing
We’re given a tiny C file
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
int main(int argc, char **argv)
{
int water;
char bottle[125];
water = 0;
printf("Fill the water bottle kid!");
gets(bottle);
if(water != 0) {
system("cat gift.txt");
} else {
printf("You are crazy lazy!:)\n");
}
}
Filling a water bottle sounds like filling a buffer. There’s not much else there, so I just tried to give a buffer of size 126, and that didn’t do it so I doubled the buffer size and then got the flag.
Flag: wtfCTF{N1c3!n0w_U_c4N_34t_uR_Ch0c0L4t3}
K3YL0gg3r
You can’t! ;)
Author: Pal
I saw a bunch of esc and :g/foo/bar/, and ZZ at the end. This was plenty to be pretty confident it was a bunch of VIM commands. At the end you get d3RmQ1RGe1ZpbV9lRGl0MHJfaSRfNHdlUzBtRX0=, just convert from base64.
Flag: wtfCTF{Vim_eDit0r_i$_4weS0mE}