728x90
반응형

NeverLAN CTF 2019 


write up by M4ndU





Trivia


SQL Trivia 1

20

The oldest SQL Injection Vulnerability. The flag is the vulnerability ID.


flag : CVE-2000-1233




SQL Trivia 2

20

In MSSQL Injection Whats the query to see what version it is?


flag : SELECT @@version




Sea Quail

20

A domain-specific language used in programming and designed for managing data held in a relational database management system, or for stream processing in a relational data stream management system.


flag : SQL




64 Characters

20

A group of similar binary-to-text encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation.


flag : base64




With Some Milk

20

A small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.


flag : cookie



Beep Boop

20

A standard used by websites to communicate with web crawlers and other web robots. The standard specifies how to inform the web robot about which areas of the website should not be processed or scanned


flag : robots.txt




Recon


Unexpected intruder

50

occurring in Chicago, Illinois, United States, on the evening of November 22. There was an interruption like nothing we had ever seen before.

What was the name of the Intruder?


flag : maxheadroom




Crypto


Alphabet Soup

125

MKXU IDKMI DM BDASKMI NLU XCPJNDICFQ! K VDMGUC KW PDT GKG NLKB HP LFMG DC TBUG PDTC CUBDTCXUB. K'Q BTCU MDV PDT VFMN F WAFI BD LUCU KN KB WAFI GDKMINLKBHPLFMGKBQDCUWTMNLFMFMDMAKMUNDDA



처음에 카이사르로 돌려봤는데 나오질 않아서 치환암호인것 같았다.


https://quipqiup.com/ 자동으로 치환암호를 풀어주는 이 사이트에 clue 없이 돌린다음에 WAFI=FLAG 라는 clue를 넣어주어 완벽한 해독문을 얻을 수 있었다.


flag : DOINGTHISBYHANDISMOREFUNTHANANONLINETOOL





scripting/coding


WebCipher

300

To verify that only computers can access the website, you must reverse the Caesar cipher There are a list of possible words that the cipher may be here

https://challenges.neverlanctf.com:1160


이게 왜 여기있고, 왜 300점이나 되는지 모르겠는 이상한 문제




페이지에 접속하면 문자열 하나와 입력폼 하나가 있다.


문자열을 카이사르로 돌리면 accelerator 가 나오는데 이를 입력해주면 플래그가 나온다.





사람이 푸는게 아니라 코드를 짜서 풀어야 하는 문제인건가...?




Binary


Binary 2

200

Our lead Software Engineer recently left and deleted all the source code and changed the login information for our employee payroll application. Without the login information none of our employees will be paid. Can you help us by finding the login information?

***Flag is all caps




.net이다. dotpeek으로 까보면 된다.






바로 flag를 확인할 수 있다. 하나하나 디코딩하기는 귀찮으니 나와있는 id와 pw을 입력해 flag를 출력하게 하면 된다.





flag : flag{ST0RING_STAT1C_PA55WORDS_1N_FIL3S_1S_N0T_S3CUR3}





Web


Cookie Monster

20

It's a classic https://challenges.neverlanctf.com:1110



페이지에 들어가면 He's my favorite Red guy 라고 하는데 쿠키몬스터에서 red guy의 이름은 Elmo다. 쿠키값에 그의 이름을 적는 쿠키가 있다. Elmo 를 적어주고 새로고침하면 플래그가 나온다.


flag : flag{YummyC00k13s}




Things are not always what they seem

50

if you can't find it you're not looking hard enough

https://challenges.neverlanctf.com:1165/hello.html


페이지 소스보면 있다. 정확히는 글씨가 하얀색으로 되어 있어서 페이지에서는 안보이는 것이다. 드래그하거나 컨트롤+a 를 하면 볼 수 있다.


flag : flag{Whale_w0u1d_y0u_l00k3y_th3r3}




SQL Fun 1

75

REPORT: 'My Customer forgot his Password. His Fname is Jimmy. Can you get his password for me? It should be in the users table'

https://challenges.neverlanctf.com:1150


SELECT * FROM users WHERE Fname = 'Jimmy'


flag : flag{SQL_F0r_Th3_W1n}




SQL Fun 2

75

REPORT: A Client forgot his Password... again. Could you get it for me? He has a users account and his Lname is Miller if that helps at all. Oh! and Ken was saying something about a new table called passwd; said it was better to separate things

https://challenges.neverlanctf.com:1155


SELECT * FROM users;


idUsernameFnameLnameEmail
1JohnJohnHancockWhyDoYouWantMy@email.com
2JimWillJimmyWillmanSQL@example.com
3CaptinJacksparrowpirates@carribean.com
4N30ZaneDurkininfo@neverlanctf.com
5DisUserTomMillerMiller@example.com


Lname이 Miller인 계정의 아이디는 5다.



SELECT * FROM passwd;


iduser_idPassword
11Tm9wZS4uLiBXcm9uZyB1c2Vy
25ZmxhZ3tXMWxsX1kwdV9KMDFOX00zP30=
32Tm9wZS4uLiBXcm9uZyB1c2Vy
43Tm9wZS4uLiBXcm9uZyB1c2Vy
54Tm9wZS4uLiBXcm9uZyB1c2Vy


user_id의 password를 base64 디코딩하면 플래그가 나온다.


flag : flag{W1ll_Y0u_J01N_M3?}




Console

75

You control the browser

https://challenges.neverlanctf.com:1120



조건이 성립했을 때 일어나는 명령어를 크롬 콘솔창에 입력했다 :


$.ajax({

                        type: 'GET',

                        url: '1/key.php',

                        success: function (file_html) {

                            // success

                           foo.innerHTML=(file_html)

                        }

})


그러면 응답 메세지 중에 플래그가 있다.


flag : flag{console_controls_js}

728x90
반응형

'CTF Write Up' 카테고리의 다른 글

TAMU CTF 2019 wirte up  (0) 2019.03.04
제 1회 TRUST CTF write up  (0) 2019.02.18
NeverLAN CTF 2019 write up  (0) 2019.02.04
2019 NEWSECU CTF Write-Up  (0) 2019.02.04
YISF 2018 예선 write-up  (0) 2018.08.15
KYSIS CTF 2018 Write-Up  (0) 2018.08.07

+ Recent posts