Minz/ctf
1
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Importing LoremCorp challenges

Browse Source
This commit is contained in:
Jan Groß
2018-07-08 19:07:37 -04:00
parent aba24b087a
commit 2c718972c7
37 changed files with 40783 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
looking_good/auth.o Executable file
View File

Binary file not shown.

16
looking_good/getFlag.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
#Get everything from the data segment
DATA_SEGMENT=$(readelf -p '.data' auth.o)
#Get the adress of the factory user variable and strip leading 0s
USERNAME_ADDRESS=$(readelf -s auth.o | grep "DEFAULT_FACTORY_USER" | awk '{print $2}' | sed 's/^0*//')
#Get the username value from the data segment, remove th adress column
USERNAME=$(echo "$DATA_SEGMENT" | grep $USERNAME_ADDRESS | awk '{print $3}')
echo "Username: $USERNAME"
#Repeat for the password
PASSWORD_ADDRESS=$(readelf -s auth.o | grep "DEFAULT_FACTORY_PW" | awk '{print $2}' | sed 's/^0*//')
PASSWORD=$(echo "$DATA_SEGMENT" | grep $PASSWORD_ADDRESS | awk '{print $3}')
echo "Password: $PASSWORD"
echo "Login and find the flag at loremcorp.ctf.minzkraut.com:8787/login.php"

76
looking_good/public_html/login.php Normal file
View File

@@ -0,0 +1,76 @@
<!DOCTYPE html>
<html>
<head>
<meta challenge_chk_login />
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>SECURE REMOTE CAMERA LOGIN</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" type="text/css" media="screen" href="main.css" />
</head>
<body>
<style>
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
padding-top: 5%;
padding-left: 15%;
padding-right: 15%;
background-color: wheat;
}
.container {
box-shadow: 3px 3px 2px gray;
width: 50%;
margin: 0 auto;
height: 250px;
position: relative;
text-align: center;
padding: 5%;
background-color: rgb(167, 167, 155);
}
.container.heading {
height: 20px;
padding-top: 5px;
}
button {
padding: 10px 20px;
font-size: 18px;
margin-top: 15px;
color:whitesmoke;
background-color:rgba(0, 0, 0, 0.85);
border-radius: 2px;
border: none;
box-shadow: 3px 3px 2px gray;
}
form {
z-index: 999;
position: relative;
}
form label {
font-weight: bold;
font-size: 18px;
}
.lock {
z-index: -0;
font-size: 20em;
position: absolute;
top: 50%;
transform: translate(-50%, -50%);
left: 50%;
text-shadow: 0px 0px 5px rgba(0, 0, 0, 0.35);
font-family: 'Times New Roman', Times, serif;
color: rgba(0, 0, 0, 0.15);
}
</style>
<div class="container heading"><h1>Remote Camera Login</h1></div>
<div class="container">
<form action="/view.php" method="POST">
<label>Username<br>
<input name="username" type="text"></label><br>
<label>Password<br>
<input name="password" type="password"></label><br>
<button type="submit">Login</button>
</form>
<span class="lock">🔒</span>
</div>
</body>
</html>

1877
looking_good/public_html/sketchfab-viewer-1.2.1.js Normal file
View File

File diff suppressed because it is too large Load Diff

236
looking_good/public_html/view.php Normal file
View File

@@ -0,0 +1,236 @@
<!--
There's no flag in the source code ;)
-->
<?php
if ($_POST['username'] != "factory_admin" || $_POST['password'] != 'CHANGE_THIS_BEFORE_SHIPPING!') {
echo "Invalid Credentials!";
die();
}
setcookie("show_viewer_hint", 0, time()+3600, "/", "sketchfab.com", false);
?>
<!DOCTYPE HTML>
<html>
<head>
<meta challenge_chk_view />
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Camera Feed</title>
<!-- Insert this script -->
<script type="text/javascript" src="/sketchfab-viewer-1.2.1.js"></script>
</head>
<body>
<style>
body {
background-color: black;
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
color: white;
}
.topbox {
position: absolute;
top:0px;
left: 50%;
height: 50px;
background-color: black;
width: 810px;
z-index:2;
transform: translateX(-50%);
}
.bottombox {
position: absolute;
top: 550px;
left: 50%;
height: 60px;
background-color: black;
width: 810px;
z-index:2px;
transform: translateX(-50%);
}
.loading-box {
position: absolute;
top: 300px;
text-align: center;
left: 50%;
height: 60px;
background-color: black;
width: 810px;
z-index:-2px;
transform: translateX(-50%);
}
.bottombox>p {
color:white;
}
#api-frame {
left:50%;
transform: translateX(-50%);
z-index: -1;
position: absolute;
top:0px;
}
</style>
<div class="topbox">Logged in as "factory_admin"</div>
<div class="bottombox"><p>Control camera movement by dragging the screen!<br>Control zoom using your mousewheel!</p></div>
<!-- Insert an empty iframe -->
<iframe style="display:none; border:none; width:800px; height:600px;" src="" id="api-frame" allow="autoplay;"></iframe>
<div class="loading-box" id="loadingbox">Loading camera feed...</div>
<!-- Initialize the viewer -->
<script type="text/javascript">
var iframe = document.getElementById( 'api-frame' );
var urlid = '31a3cdd73b4344f1a836c4cf364a22ae';
var client = new Sketchfab( iframe );
client.init( urlid, {
preload: 1,
camera: 0,
ui_hint: 0,
success: function onSuccess( api ){
api.start();
api.addEventListener( 'viewerready', function() {
// API is ready to use
// Insert your code here
console.log( 'Viewer is ready' );
document.getElementById("api-frame").style.display = "block";
document.getElementById("loadingbox").style.display = "none";
} );
},
error: function onError() {
console.log( 'Viewer error' );
}
} );
</script>
</body>
</html>

93
looking_good/test.cpp Normal file
View File

@@ -0,0 +1,93 @@
#include <iostream>
#include <cmath>
#include <string>
char SDBA_01[] = ".rela.init_array";
char SDBA_02[] = ".comment";
char SDBA_03[] = ".note.GNU-stack";
char SDBA_04[] = ".rela.eh_frame";
char SDBA_05[] = ".group";
char SDBA_06[] = "test.cpp";
char DEFAULT_FACTORY_USER[] = "factory_admin";
char SDBA_07[] = "_ZStL8__ioinit";
char SDBA_08[] = "_Z41__static_initialization_and_destruction_0ii";
char SDBA_09[] = "_GLOBAL__sub_I_DEFAULT_FACTORY_USER";
char SDBA_00[] = "_ZZL18__gthread_active_pvE20__gthread_active_ptr";
char SDBA_012[] = "_ZNSt11char_traitsIcE7compareEPKcS2_m";
char AJKSD_656[] = "79a8h78ahd3828h==";
char STRV1[] = "Refresh";
char STRV2[] = "Access Denied!";
char STRv3[] = "Access Granted.";
char CONN_URL[] = "HTTPS://{dv1}.{dv2}/_def_srcurl_";
char UPD_VCHK[] = "v12.1.0 b4";
void reverse(const std::string& a);
char DEFAULT_FACTORY_PW[] = "CHANGE_THIS_BEFORE_SHIPPING!";
int octalToDecimal(int octalNumber);
using namespace std;
int main()
{
std::cout << "DEBUG:";
reverse("12345678");
std::cout << octalToDecimal(832121378) << std::endl;
reverse("Admin2018");
return 0;
}
// Function to convert octal number to decimal
int octalToDecimal(int octalNumber)
{
int decimalNumber = 0, i = 0, rem;
while (octalNumber != 0)
{
rem = octalNumber % 10;
octalNumber /= 10;
decimalNumber += rem * pow(8, i);
++i;
}
return decimalNumber;
}
char STR_EVAL[] = "rot16";
char SIP[] = "127.0.0.1";
bool A_XOR(int ev2, int ev3) {
if (STR_EVAL[1] == ev2 && STR_EVAL[2] == ev3) {
return SIP;
}
return STR_EVAL;
}
int re_def(int compa, int compb){
return A_XOR(compa, compb);
}
void reverse(string& str)
{
size_t numOfChars = str.size();
if(numOfChars == 1)
cout << str << endl;
else
{
cout << str[numOfChars - 1];
reverse(str.substr(0, numOfChars - 1));
}
}
bool checkAuth(const string& user, const string& pass) {
if(user == DEFAULT_FACTORY_USER) {
if(pass == DEFAULT_FACTORY_PW) {
//FACTORY LOGIN
return true;
}
return false;
}
//COMMON AUTH
reverse(user); reverse(pass);
if( 456852 == octalToDecimal(159357) && pass != user) {
if(1 == re_def(1, 0) && pass != user) {
return true;
}
}
}

BIN
looking_good/test.o Normal file
View File

Binary file not shown.