# Security Fest 2019

## Crypto

### cactus

This is a weird challange :no_mouth: here's the chal script (with some modification):

```
import random
from flag import FLAG
class Oracle:
def __init__(self, secret, bits=512):
self.secret = secret
self.bits = bits
self.range = 2*self.bits
def sample(self, w):
r = random.randint(0, 2^self.range)
idx = range(self.bits)
random.shuffle(idx)
e = sum(1<<i for i in idx[:w])
return self.secret*r+e
assert (type(FLAG) is int)
o = Oracle(FLAG)
f = open('output.txt', 'w')
for i in range(100):
f.write(str(o.sample(10)) + '\n')
f.close()
```

The point is, r is calculated as `random.randint(0, 2^self.range)`

, while e is calculated as `sum(1<<i for i in idx[:w])`

, the scale of these two differ quite a lot, so we can simply bruteforce `r`

#### First Guess

Note that the scale of `e`

is 512 bits, and it only contains 10 non-zero bits, so it is quite possible that `output / r`

still contains the flag header `sctf`

. Simply bruteforce this and we can get a broken flag
`sctf�wh@0ps_th4t_w4s�t_sxp0nent1ati0n}`

#### Final Guess

The rest is quite the same:

- guess a small snippet of flag
- bruteforce
`r`

to find possible one - fix the broken flag

flag : `sctf{wh00ps_th4t_w4snt_3xp0nent1ati0n}`

## Misc

### Darkwebmessageboard

In html source:

`<!-- | Dark Web Message Board | DEVELOPED BY K1tsCr3w | Open source at Kits-AB | -->`

then I serached github and found this repo: https://github.com/kits-ab/the-dark-message-board

and there is a encrypted message in the `http://darkboard-01.pwn.beer:5001/boards/1`

:

`rW+fOddzrtdP7ufLj9KTQa9W8T9JhEj7a2AITFA4a2UbeEAtV/ocxB/t4ikLCMsThUXXWz+UFnyXzgLgD9RM+2toOvWRiJPBM2ASjobT+bLLi31F2M3jPfqYK1L9NCSMcmpVGs+OZZhzJmTbfHLdUcDzDwdZcjKcGbwEGlL6Z7+CbHD7RvoJk7Ft3wvFZ7PWIUHPneVAsAglOalJQCyWKtkksy9oUdDfCL9yvLDV4H4HoXGfQwUbLJL4Qx4hXHh3fHDoplTqYdkhi/5E4l6HO0Qh/jmkNLuwUyhcZVnFMet1vK07ePAuu7kkMe6iZ8FNtmluFlLnrlQXrE74Z2vHbQ==`

the production key is in the git log: https://github.com/kits-ab/the-dark-message-board/commit/d95b029a044491a954b909a280ebebcf6e357ef4#diff-ea209ce78604d811cf3f3771a0f89ea2

with this log message: `from some file that reminds me of the song 'here i am something like a hurricane'`

after searching `here i am something like a hurricane`

on google, I got this `here i am. Rock you like a hurricane`

.

so we need to brute force the password from `rockyou.txt`

.

we use this tool to crack the password.

Result: `Password is falloutboy for test.pem`

the plaintext of the encrypted message is `Bank url: http://bankofsweden-01.pwn.beer`

but 80 port of this website is closed.

so I use nmap to scan all ports of this site, then I found 5000 port is open.

http://bankofsweden-01.pwn.beer:5000

It is a bank website.

In register step, there is a parameter `is_active`

, if we set to `1`

, then we will become authenticated user.

After login, I found there is a LFI vulnerability in export function.

So I download the `app.py`

and got the flag: `SECFEST{h4ck3r5_60nn4_h4ck_4nd_b4nk3r5_60nn4_cr4ck}`

### Locksmith

This challange starts with 9 random number $v_1$ to $v_9$, it also provides us 9 kinds of operation, each of them will add 9 positive number to each of $v_i$, the goal is to make all $v_i$ to a given constant. The point is, we can send multiple request at one time, which can massively reduce the overhead of IO. The rest is just a simply linear algebra.