Security Fest 2019



This is a weird challange :no_mouth: here's the chal script (with some modification):

import random
from flag import FLAG

class Oracle:

    def __init__(self, secret, bits=512):
        self.secret = secret
        self.bits = bits
        self.range = 2*self.bits

    def sample(self, w):
        r = random.randint(0, 2^self.range)
        idx = range(self.bits)
        e = sum(1<<i for i in idx[:w])
        return self.secret*r+e

assert (type(FLAG) is int)
o = Oracle(FLAG)
f = open('output.txt', 'w')
for i in range(100):
    f.write(str(o.sample(10)) + '\n')

The point is, r is calculated as random.randint(0, 2^self.range), while e is calculated as sum(1<<i for i in idx[:w]), the scale of these two differ quite a lot, so we can simply bruteforce r

First Guess

Note that the scale of e is 512 bits, and it only contains 10 non-zero bits, so it is quite possible that output / r still contains the flag header sctf. Simply bruteforce this and we can get a broken flag sctf�wh@0ps_th4t_w4s�t_sxp0nent1ati0n}

Final Guess

The rest is quite the same:

  1. guess a small snippet of flag
  2. bruteforce r to find possible one
  3. fix the broken flag

flag : sctf{wh00ps_th4t_w4snt_3xp0nent1ati0n}



In html source:

<!-- | Dark Web Message Board | DEVELOPED BY K1tsCr3w | Open source at Kits-AB | -->

then I serached github and found this repo:

and there is a encrypted message in the


the production key is in the git log:

with this log message: from some file that reminds me of the song 'here i am something like a hurricane'

after searching here i am something like a hurricane on google, I got this here i am. Rock you like a hurricane.

so we need to brute force the password from rockyou.txt.

we use this tool to crack the password.

Result: Password is falloutboy for test.pem

the plaintext of the encrypted message is Bank url:

but 80 port of this website is closed.

so I use nmap to scan all ports of this site, then I found 5000 port is open.

It is a bank website.

In register step, there is a parameter is_active, if we set to 1, then we will become authenticated user.

After login, I found there is a LFI vulnerability in export function.

So I download the and got the flag: SECFEST{h4ck3r5_60nn4_h4ck_4nd_b4nk3r5_60nn4_cr4ck}


This challange starts with 9 random number $v_1$ to $v_9$, it also provides us 9 kinds of operation, each of them will add 9 positive number to each of $v_i$, the goal is to make all $v_i$ to a given constant. The point is, we can send multiple request at one time, which can massively reduce the overhead of IO. The rest is just a simply linear algebra.