def ch126(fp):
ringzer0.output('parsing dictionary')
wordset, wordmap = set(), {}
with open(fp, 'r') as f:
for line in f:
word = line.strip()
wordset.add(word)
mapped = ''.join(sorted(word))
wordmap[mapped] = word
ringzer0.output('done parsing dictionary')
ch, s = 126, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, words = sections['title'], sections['words']
ringzer0.output('solving')
result = []
for word in words.split(','):
if word in wordset:
result.append(word)
continue
mapped = ''.join(sorted(word))
if mapped in wordmap:
word = wordmap[mapped]
result.append(word)
result = ','.join(result)
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch126(fp):
ringzer0.output('parsing dictionary')
wordset, wordmap = set(), {}
with open(fp, 'r') as f:
for line in f:
word = line.strip()
wordset.add(word)
mapped = ''.join(sorted(word))
wordmap[mapped] = word
ringzer0.output('done parsing dictionary')
ch, s = 126, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, words = sections['title'], sections['words']
ringzer0.output('solving')
result = []
for word in words.split(','):
if word in wordset:
result.append(word)
continue
mapped = ''.join(sorted(word))
if mapped in wordmap:
word = wordmap[mapped]
result.append(word)
result = ','.join(result)
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch159():
ch, s = 159, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, sha1 = sections['title'], sections['hash']
ringzer0.output('solving')
result = check_output(['php', 'coding.ch159.lookup.php', sha1]).strip()
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch119():
ch, s = 119, ringzer0.login()
sections = ringzer0.read_challenge(s, ch, clean=False)
title, msg = sections['title'], sections['message']
ringzer0.output('solving')
result = parse_ascii(msg)
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch159():
ch, s = 159, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, sha1 = sections['title'], sections['hash']
ringzer0.output('solving')
result = check_output(['php', 'coding.ch159.lookup.php', sha1]).strip()
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch121():
ch, s = 121, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, shellcode = sections['title'], sections['shellcode']
ringzer0.output('solving')
sc = shellcode.replace('\\x', '').decode('hex')
hx = sc[0x54:0x54 + 0x0c].encode('hex')
result = ''.join(chr(int(x, 16) ^ 0xff) for x in re.findall('..', hx))
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch125():
ch, s = 125, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, shellcode = sections['title'], sections['shellcode']
ringzer0.output('solving')
sc = shellcode.replace('\\x', '').decode('hex')
hx = sc[0x57:0x57+0x0c].encode('hex')
result = ''.join(chr(int(x,16) ^ 0xff) for x in re.findall('..', hx))
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch56():
ch, s = 56, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, xhash = sections['title'], sections['hash']
ringzer0.output('solving')
charset = '0123456789'
result = search_hash(charset, 4, 4, hashlib.sha1, xhash)
if result is None:
ringzer0.error('could not lookup hash ' + xhash)
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch17():
ch, s = 17, ringzer0.login()
r = ringzer0.open_challenge(s, ch)
wrapper = ringzer0.get_wrapper(r.text)
img = wrapper.xpath('.//img')[0]
src = img.attrib['src'].replace('data:image/png;base64,', '')
data = base64.b64decode(src)
with ringzer0.tmpfile() as (fd, fn):
ringzer0.write_bin_file(fd, data)
ringzer0.output('solving')
result = solve_ch17(fn)
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch32():
ch, s = 32, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, msg = sections['title'], sections['message']
ringzer0.output('solving')
calc = ' %s ' % msg.split('=')[0]
mx = re.findall(' ([01]+) ', calc)
for b in mx:
calc = calc.replace(b, str(int(b, 2)))
result = str(eval(calc))
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch17():
ch, s = 17, ringzer0.login()
r = ringzer0.open_challenge(s, ch)
wrapper = ringzer0.get_wrapper(r.text)
img = wrapper.xpath('.//img')[0]
src = img.attrib['src'].replace('data:image/png;base64,', '')
data = base64.b64decode(src)
with ringzer0.tmpfile() as (fd, fn):
ringzer0.write_bin_file(fd, data)
ringzer0.output('solving')
result = solve_ch17(fn)
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch13():
ch, s = 13, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, msg = sections['title'], sections['message']
ringzer0.output('solving')
mx = re.search(r'using ([a-z0-9]+) algorithm', title)
algorithm = mx.group(1)
h = hashlib.new(algorithm)
h.update(msg)
result = h.hexdigest()
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch32():
ch, s = 32, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, msg = sections['title'], sections['message']
ringzer0.output('solving')
calc = ' %s ' % msg.split('=')[0]
mx = re.findall(' ([01]+) ', calc)
for b in mx:
calc = calc.replace(b, str(int(b, 2)))
result = str(eval(calc))
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch14():
ch, s = 14, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, msg = sections['title'], sections['message']
ringzer0.output('solving')
mx = re.search(r'using ([a-z0-9]+) algorithm', title)
algorithm = mx.group(1)
h = hashlib.new(algorithm)
data = ''.join(chr(int(msg[i:i+8], 2)) for i in xrange(0, len(msg), 8))
h.update(data)
result = h.hexdigest()
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch57():
ch, s = 57, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, xhash, xsalt = sections['title'], sections['hash'], sections['salt']
ringzer0.output('solving')
charset = '0123456789'
transformation = lambda x: x + xsalt
result = search_hash(charset, 4, 4, hashlib.sha1, xhash, transformation)
if result is None:
ringzer0.error('could not lookup hash ' + xhash)
result = result[:result.rindex(xsalt)]
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch57():
ch, s = 57, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, xhash, xsalt = sections['title'], sections['hash'], sections['salt']
ringzer0.output('solving')
charset = '0123456789'
transformation = lambda x: x + xsalt
result = search_hash(charset, 4, 4, hashlib.sha1, xhash, transformation)
if result is None:
ringzer0.error('could not lookup hash ' + xhash)
result = result[:result.rindex(xsalt)]
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch16():
ch, s = 16, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, hidden_xor_key, crypted_message = sections['title'], sections['xor key'], sections['crypted message']
ringzer0.output('solving')
xor_key_len = 10
message = base64.b64decode(crypted_message)
result = ''
for i in range(0,len(hidden_xor_key) - xor_key_len + 1):
xor_key = hidden_xor_key[i:i+xor_key_len]
xored = xor_str(message, xor_key)
alpha = re.match('^[\w-]+$', xored)
if alpha:
result = xored
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch15():
ch, s = 15, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, msg, chksum = sections['title'], sections['elf message'], sections['checksum']
ringzer0.output('solving')
elf = msg
while re.match(r'^[a-zA-Z0-9+/]*={0,3}$', elf):
elf = base64.b64decode(elf)
elf = elf[::-1]
elf_md5 = hashlib.md5(elf).hexdigest()
if chksum != elf_md5:
ringzer0.error('checksum mismatch ({0} vs {1})'.format(chksum, elf_md5))
result = ''
with ringzer0.tmpfile() as (fd, fn):
ringzer0.write_bin_file(fd, elf)
r2 = r2pipe.open(fn)
asm_lines = r2.cmd('aa; s sym.main; pif~&mov,rbp').splitlines()
asm_rg = re.compile(r'^mov [^,]*\[rbp\s?-\s?([0-9a-fx]+)\],\s?([^\s]+)$')
asm_vals, top = {}, 0
for asm_line in asm_lines:
rx = re.match(asm_rg, asm_line)
if not rx:
continue
pos, val = rx.group(1), rx.group(2)
if val.startswith('r'):
continue
if val.startswith('0x'): val = val[2:]
if len(val) % 2 == 1: val = '0' + val
pos, val = int(pos, 16), val.decode('hex')
asm_vals[pos] = val
top = max(top, pos)
stack = bytearray('\0' * top)
for k in sorted(asm_vals, reverse=True):
v = asm_vals[k]
stack[top - k:len(v)] = v[::-1]
result = stack[:stack.index('\00')]
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
def ch16():
ch, s = 16, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, hidden_xor_key, crypted_message = sections['title'], sections[
'xor key'], sections['crypted message']
ringzer0.output('solving')
xor_key_len = 10
message = base64.b64decode(crypted_message)
result = ''
for i in range(0, len(hidden_xor_key) - xor_key_len + 1):
xor_key = hidden_xor_key[i:i + xor_key_len]
xored = xor_str(message, xor_key)
alpha = re.match('^[\w-]+$', xored)
if alpha:
result = xored
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)
