Over the past two weeks, I have spent some time diving back into CTF challenges. My skills have decayed over so long of not doing this (or the challenges could have gotten harder, but let’s get real, it’s skill decay), a timely reminder of the need to commit to deliberate practice.

Nevertheless, two of the challenges solved will be presented below.

coffee_break

This challenge is presented as a crypto challenge, with a Python encryption oracle, and an encrypted flag. You can download the original challenge here. On inspection, we note that the encrypt function is ultimately a trivial character substitution cipher: with this keyspace, it’s simply faster to brute force each character rather than wrangling a decryptor.

We then feed this intermediate decrypted value to AES decrypt, giving us the flag:

Thanks to the SECCON CTF team for organising this – I had the presence of mind to grab a few binaries for the road, and will hopefully have the opportunity to test myself against them as time goes on.

cobol_otp

This challenge was presented as a COBOL file and accompanying output, which you can download here and here. The goal was to work out what input was fed to the Cobol program to get the output.

From initial inspection, the actual encryption is just XOR, but the key is unknown. We start by using the flag format to derive the first five letters of the key (xor out to “flag{“). We can extend the key with zeros to work out likely key lengths, then tweak one character of the key at a time, based on likely words in the flag.

The solution is fairly simple, which you can download here.

Thankyou to the hack.lu team for organising this event. I’m a little frustrated by my inability to solve the no-risc-no-future challenge, stymied at the last minute by non-working shellcode (when I could have just used pwntools shellcraft shellcode) – I’ll chalk this up as a lesson learned.