반응형

blockchain

sanity check

remix.ethereum.org/

 

Remix - Ethereum IDE

 

remix.ethereum.org

 

 

code copy&paste

compile

connect metamask rinkeby wallet, load contract address and call welcome func. done.


secure enclave

0x9B0780E30442df1A00C6de19237a43d4404C5237

 

It can store text and return text

I thought constroctor of this contract store the flag in this contract.

When you call set_secret to store some string, transaction occurs.

 

I could find a transaction at etherscan

 


crackme.sol

0xDb2F21c03Efb692b65feE7c4B5D7614531DC45BE

 

"arg3 is a overflow" is a hint in line 6.

uint MaxValue + 1 = 0

so, i can pass line 7 and 11 condition.

 

uint is short for uint256, so maximum value is 2**256-1

arg3 = 115792089237316195423570985008687907853269984665640564039457584007913129639935

arg1 = 20 ^ 0x70 = 100

decrypt(arg2) = "offshift ftw"

 

ah just brute force a-z :)

arg2 = evvixyvj vjm

 

"100","evvixyvj vjm","115792089237316195423570985008687907853269984665640564039457584007913129639935"

 

compile error

To find correct uint array size, brute force all value.

 

if size is over 26 :

if size is equal 26:

got a flag.

 


crypto casino

0x186d5d064545f6211dD1B5286aB2Bc755dfF2F59

Edit code to get ouput value correctly.

To get a flag, need guessing and correct two times.

seed = b37c910f4e0df0efafb35a55489604369808b6de642ff1dbab5062680afaddcd

 

the block.number is the number of the mined block containing the transaction.

 

deploy a contract that returning result of uint(keccak256(abi.encodePacked(seed, block.number+3))) ^ 0x539

get block.number and hash

hash <= block.number <= 7956519 + 3

Then pend transaction that call bet(60284626633715439770582715312106605696128214001910194886489589200393495573074) before #7956522 block mined.


hmm out of gas

 

increase gas price and gas limit.

done.


RICH CLUB

0xC7bEc01281648D3A7F9BB86B811A2de5B1E0cc61

hmm

 

for line 21, swap eth to uniswap app.uniswap.org/#/swap

 

Uniswap Interface

 

app.uniswap.org

600 -> 601

hmm

grant_membership() function에 pubkey를 넘겨주면 encoded flag를 넘겨준다고 한다.
그럼 그걸 decrypt 하면 된다고 하는데

그럼 solidity 코드는 어떻게 수정해서 써먹어야되는거야 :(

crypto

factorize

 

p와 q의 상위 512비트는 base로 동일함.

따라서 sqrt(n)의 상위 512비트와 동일.

hmm

엥 그냥 factorize 돌리면 됐었던 문제였넹

optimizer

별거 없다. simple.

주어진 배열 정렬할 때 이동 횟수 구해서 입력해주면 된다.


pyjail

 

hmm

 


0x414141

go to www.offshift.io/

 

You are being redirected...

 

www.offshift.io

go to github

github.com/offshift-dev

 

offshift-dev - Overview

Cryptographically private offshore storage & DeFi protocol on Ethereum - offshift-dev

github.com

There are two commits in january 2021

 

 

interesting

 

 

click

 

download pyc file.

 

 

decompile pyc using uncompyle6

 

 

decrypt

 

a link!

 

download a smashing.pdf via mega link.

 

 

hmm is it xor?

 

 

correct!

 

 

bitcoin paper..?

 

compare with smashing.pdf and original bitcoin paper pdf.

smashing.pdf is a little bigger.

 

a zip file is here :)

 

 

is locked.

 

dictionary attack

dictionary file i used : rockyou.txt

 

 

i got it

 


file reader

it filters "/flag.txt"

but we can get all .txt files using glob.glob("*.txt").

 


Shjail

 

eval eval py{r..u}hon\\ -m\\ S{h..j}mpleHTTPServer\\;

 

hmm

perl flag.[a-z][a-z][a-z]

web

graphed 2.0

 

there is a input form

 

There is a code send graphql query.

 

gist.github.com/craigbeck/b90915d49fda19d5b2b17ead14dcd6da

 

Introspection query for GraphQL

Introspection query for GraphQL. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

 

i found a fake flag :(

 

no flag in users

 

no flag in coolnotes

hmm

아 역시 getNote를 사용하는 것이었다.
하나 남은게 getNote였는데, q에 뭐가 들어가는지 몰라서 포기했는데..
쿼리문을 넣어버리는 거였넹.

maze

 

 

./robots.txt

./robots.txt

./sup3r_secr37_@p1

good.

 

 

hmm

 

아 username이 pop_eax가 아니라 XFT였다.

 


hackme

?cmd=help

?cmd=123456

hmm

nl /*
nl *

>cat
* /f*
반응형

'CTF Write Up' 카테고리의 다른 글

TrollCAT CTF write up  (0) 2021.02.07
justCTF 2020 write up  (0) 2021.02.01
ShadowCTF write up  (0) 2021.01.27
starCTF 2021 write-up  (0) 2021.01.18
The Cyber Grabs CTF 0x02 write up  (0) 2021.01.17

+ Recent posts