Jump to content
tdxev

Quitz and encryption challenge | get access and deface

By tdxev, in Challenges (CTF)

Recommended Posts

tdxev Newbie

tdxev

Posted
Posted (edited)

OBIECTIV:

1.Rulati scriptul

2.Rezolva?i quitz-ul

3.Cauta?i func?ia ?i algoritmul folosit pentru a cripta host-ul

4.Cauta?i password-ul cu care a fost cryptat host-ul

5.Ob?ine?i acces la target

6.Face?i un deface

Download :

 wget http://sprunge.us/GaFW -O quitz.py 


#!/usr/bin/python
#Date: 2011.01.16
#Purpose: Simple Challenge , quitz, encryption
#Author: tdxev , pyth0n3

if 64 - 64: i11iIiiIii
import operator
import os
import time
t0 = time.time()
if 65 - 65: O0 / iIii1I11I1II1 % OoooooooOO - i1IIi
o0OO00 = 0
OO627965 = '627965'
if OO627965 : O676fOff = 2 
if '68656' : OO627965OF = 16
def O627965O(O676fOOfO):
 return O676fOOfO and chr(int(O676fOOfO[:O676fOff], base=OO627965OF)) + O627965O(O676fOOfO[O676fOff:]) or ''
oo = 0
i1iII1IiiIiI1 = [ ]
os . system ( 'clear' )
iIiiiI1IiI1I1 = raw_input ( 'Nickname-ul tau?: ' )
if 87 - 87: OoOoOO00
if 27 - 27: OOOo0 / Oo - Ooo00oOo00o . I1IiI
o0OOO = '436172652064696e2075726d61746f6172656c652070726f746f636f616c6520696e636865696520756e2068616e647368616b65203f,436520696e7365616d6e61203132372e302e302e31203f,4365206573746520756e20646f63756d656e7420524643203f,436520696e7365616d6e6120524f4f5420696e20496e666f726d6174696361203f,436520696e7365616d6e6120444e53203f,556e20626974203d203f,436520696e7365616d6e61204e4154203f,436172652064696e2075726d61746f6172656c652076696e6520636f6e7369646572617420706173756c206e722e32203f,436172652064696e2075726d61746f6172656c652076696e65206368656d61742073746174656c657373203f,436172652064696e2075726d61746f6172656c652076696e65206368656d617420636f6e6e656374696f6e6c657373203f,534e4d50203f,43652066616365206d6f756e74202d6f206c6f6f702066696c65203f,436520696e7365616d6e6120525043203f,43617265206573746520756d61736b20707420756e2075736572206e6f726d616c2064652064656661756c74203f,416c676574692072617370756e73756c20636f72656374203f,43756d2076696e652064656e756d6974206d61632d756c20756e7569204150203f,4365206573746520546f6e654c6f63203f,4365206573746520756e20434450203f,43652066656c206465206174616320736520706f617465206566656374756120696e2075726d61746f72756c20636f64203f5c6e5c6e3c3f7068705c6e5c74696620282128246664203d20666f70656e28222466696c656e616d65222c2022722229295c6e5c746563686f2822436f756c64206e6f74206f70656e2066696c653a202466696c656e616d653c62722f3e22293b5c6e3f3e5c6e,436520696e7365616d6e6120494b4520696e6e20696e666f726d6174696361203f' . rsplit ( ',' )
if 13 - 13: ooOo + Ooo0O
if 48 - 48: iII111i % IiII + I1Ii111 / ooOoO0o * o00O0oo
O52617370756e73756c20746175206e752073652061666c6120696e2076617269616e74656c65206461746521='52617370756e73756c20746175206e752073652061666c6120696e2076617269616e74656c65206461746521'
if 97 - 97: oO0o0ooO0 - IIII / O0oO - IiII
if 30 - 30: O0 % I1IiI
OoI1Ii11I1Ii1i = [ '7463702c69702c756470' ,
 '6c6f63616c686f73742c72656d6f7465686f73742c696e7465726e686f7374' ,
 '52657175657374204672656520436f6d756e69636174696f6e2c52657175657374204672656520436f6d6d656e742c5265717565737420466f7220436f6d6d656e74' ,
 '5261646163696e6120646520636f7061632c5573657220637520647265707475726920666f61727465206d6172692c5573657220637520616e756d6974652064726570747572692c55736572206375207261646163696e69' ,
 '446f6d61696e204e6174696f6e616c205365727665722c446f6d61696e204e657420536572766963652c446f6d61696e204e6574776f726b205365636f6e642c446f6d61696e204e616d6520536572766572' ,
 '302e31353020627974652c302e31353520627974652c302e3132352062797465' ,
 '4e6174696f6e616c20416d65726963616e2054727573742c4e6174696f6e616c20416d65726963616e205472616e736665722c4e6574776f726b20416472657373205472616e736c6174696f6e' ,
 '5363616e6e696e672c456e756d65726174696f6e2c466f6f747072696e74696e67' ,
 '7463702c7564702c687474702c69636d70' ,
 '7564702c7463702c697078' ,
 '53696d706c65204e6574204d696e7574652050726f746f636f6c2c53696d706c65204e6174204d616e6167652050726f746f636f6c2c53696d706c65204e6574776f726b204d616e6167656d656e742050726f746f636f6c' ,
 '437265617a6120756e206e6f75206669736965722c4661636520756e206d6f756e7420707420756e206469726563746f722c4661636520756e206d6f756e74207074206f20696d6167696e652069736f' ,
 '52656d6f74652050686f6e6520436f6e656374696f6e2c52656d6f74652050726f6365647572652043616c6c2c52656d6f74652050726f63656475726520436c617373' ,
 '312e303030322c322e303032322c332e30323232' ,
 '73796e202d3e2073796e202d3e2061636b202d3e2061636b2c73796e202d3e2061636b202d3e2061636b202d3e2073796e2c73796e202d3e2061636b202d3e2073796e202d3e2061636b' ,
 '737369642c64737369642c6273736964' ,
 '4669726577616c6c2c526f757465722c5761722d6469616c696e67' ,
 '436f6e74726f6c20446973636f766572792050726f746f636f6c2c436973636f20446973636f766572792050726f746f636f6c2c436973636f2044697361737465722050726f74656374696f6e' ,
 '53514c492c5246492c585353' ,
 '496e7465726e6574204b65792045786368616e67652c496e7465726e6f74204b6579204578652c496e7465726e6574204b6579204578616d706c65' ]
if 67 - 67: iIii1I11I1II1 . Ooo0O . iII111i / i1IIi % OoOoOO00 - I1IiI
if 91 - 91: Ooo00oOo00o . i11iIiiIii / iII111i % I1Ii111 / Ooo00oOo00o - i11iIiiIii
if 8 - 8: ooOo * Ooo0O * iIii1I11I1II1 . oO0o0ooO0 / oO0o0ooO0 % oO0o0ooO0
i11 = O627965O('312c312c332c322c342c332c332c312c3233342c31332c332c332c322c312c312c332c332c322c322c31') . rsplit ( ',' )
if 41 - 41: IIII . O0oO * oO0o0ooO0 % i11iIiiIii
if 74 - 74: o00O0oo * oO0o0ooO0
if 82 - 82: iIii1I11I1II1 % oO0o0ooO0
O52617370756e7375726920636f72656374653a20 = '52617370756e7375726920636f72656374653a20'
if 86 - 86: I1IiI % OOOo0

if 80 - 80: OoooooooOO . OOOo0
O4361O72652 = 'O436172O652'
def O436172652(O436172O652):
 if 58 - 58: i11iIiiIii % IIII
 print O436172O652
 if 87 - 87: iII111i / O0oO + IIII - O0oO . O0oO / OoOoOO00
if 11 - 11: OOOo0 % ooOo - Oo
O52617370756e7375726920636f7265637465320 = '52617370756e7375726920636f72656374653a20'
if 58 - 58: i11iIiiIii % IIII
def O43617265222(O436172O65212):
 if 58 - 58: i11iIiiIii % IIII
 print O436172O65212
if 54 - 54: IiII % O0 + OOOo0 - o00O0oo / I1Ii111
if 31 - 31: Ooo00oOo00o + OoOoOO00
O52617370756 = '52a20'
if 13 - 13: IiII * iII111i * OOOo0
if 55 - 55: OoOoOO00
for IIIiI11ii in range ( len ( o0OOO ) ) :
 os . system ( 'clear' )
 if 52 - 52: o00O0oo + IiII % OoooooooOO / i11iIiiIii
 O436172652( str ( IIIiI11ii ) + '. ' + O627965O(o0OOO [ IIIiI11ii ] )+ '\n')
 iiIIi1IiIi11 = O627965O(OoI1Ii11I1Ii1i [ IIIiI11ii ]) . rsplit ( ',' )
 i1Ii = 0
 for I111I11 in iiIIi1IiIi11 :
  i1Ii = i1Ii + 1
  O436172652( str ( i1Ii ) + '.\t' + I111I11)
  if 62 - 62: o00O0oo - oO0o0ooO0 - I1IiI % i1IIi / iII111i
 OoooooOoo = ''
 print "\n"
 while OoooooOoo == '' :
  OoooooOoo = raw_input ( O627965O('72617370756e73203a20') )
  if OoooooOoo != '' and OoooooOoo in '0123456789' and int ( OoooooOoo ) in range ( 1 , i1Ii + 1 ) :
   i1iII1IiiIiI1 . append ( OoooooOoo )
  else :
   O436172652( O627965O(O52617370756e73756c20746175206e752073652061666c6120696e2076617269616e74656c65206461746521))
   OoooooOoo = ''
   if 70 - 70: Ooo00oOo00o . Ooo00oOo00o - Ooo00oOo00o / Ooo0O * IiII
   if 86 - 86: i11iIiiIii + ooOoO0o + O0oO * I1Ii111 + ooOo
 if OoooooOoo in i11 [ IIIiI11ii ] :
  o0OO00 = o0OO00 + 1
 else :
  oo = oo + 1
  if 61 - 61: Ooo00oOo00o / i11iIiiIii
  if 34 - 34: OoooooooOO + iIii1I11I1II1 + i11iIiiIii - Ooo0O + i11iIiiIii
  if 65 - 65: I1IiI
os . system ( 'clear' )
if 6 - 6: OOOo0 / Oo % ooOoO0o
if 84 - 84: i11iIiiIii . ooOo
if 100 - 100: ooOoO0o - ooOoO0o - IIII
if 20 - 20: OoooooooOO
Ii11iI1i = O627965O('73797366696c65384073797366696c652e6875742e7275')
Ooo = O627965O('6d63666d316e3076')
O0o0Oo = Ii11iI1i
def Oo00OOOOO ( string , key ) :
 O0O = ''
 for O00o0OO in string :
  for I11i1 in key :
   O00o0OO = chr ( ord ( O00o0OO ) ^ ord ( I11i1 ) )
  O0O += O00o0OO
 return O0O
O0o0Oo = Oo00OOOOO ( O0o0Oo , Ooo )
if 25 - 25: Oo - oO0o0ooO0 . OoooooooOO
if 22 - 22: oO0o0ooO0 + OoOoOO00 % IIII . I1Ii111 . I1IiI
if 76 - 76: I1IiI - O0 % IiII / Ooo0O / I1IiI
if 54 - 54: OOOo0 % OoOoOO00 % OoOoOO00
if 1 == 1: a4e756d653a20 = '4e756d653a20'
if 19 - 19: I1Ii111 + O0oO
if 53 - 53: OoooooooOO . i1IIi
O436106c652073616c76657a20 ='43616c63756c657a2072657a756c746174656c65207369206c652073616c76657a20'
if 18 - 18: ooOo
if 28 - 28: IiII - oO0o0ooO0 . oO0o0ooO0 + I1IiI - OoooooooOO + O0
if 95 - 95: Ooo00oOo00o % iII111i . O0
I1i1I = iIiiiI1IiI1I1 . encode ( "hex" )
if 80 - 80: I1IiI - Ooo00oOo00o
OOO00 = open ( I1i1I + '.txt' , 'w' )
print >> OOO00 , O627965O(a4e756d653a20) , iIiiiI1IiI1I1
print >> OOO00 ,  O627965O(O52617370756e7375726920636f72656374653a20), o0OO00
print >> OOO00 , O627965O('52617370756e7375726920677265736974653a20') , oo , '\n'
print >> OOO00 , O627965O('74696d65203a') , time.time()-t0 , '\n'
iiiiiIIii = 0
for IIIiI11ii in range ( len ( o0OOO ) ) :
 O000OO0 = len ( O627965O(o0OOO [ IIIiI11ii ] . rsplit ( '?' ) [ 0 ]) )
 if O000OO0 > iiiiiIIii :
  iiiiiIIii = O000OO0
  if 43 - 43: IIII - O0 % OOOo0 . I1Ii111
print >> OOO00 , 'Intrebarea ' . ljust ( iiiiiIIii + 5 ) + 'Raspunsul' . ljust ( 11 ) + 'Corect'
print >> OOO00 , '-' * int ( iiiiiIIii + 22 )
if 57 - 57: IiII . IiII
for IIIiI11ii in range ( len ( o0OOO ) ) :
 print >> OOO00 , O627965O(o0OOO [ IIIiI11ii ]) . rsplit ( '?' ) [ 0 ] . ljust ( iiiiiIIii + 5 ) + i1iII1IiiIiI1 [ IIIiI11ii ] . ljust ( 11 ) + str ( i1iII1IiiIiI1 [ IIIiI11ii ] in i11 [ IIIiI11ii ] )
 if 95 - 95: O0 + Ooo00oOo00o . OoOoOO00 / O0
OOO00 . close ( )
if 97 - 97: O0oO - IiII * i11iIiiIii / I1IiI % IIII - OoooooooOO
if 59 - 59: O0 + OOOo0 + oO0o0ooO0 % OOOo0
if 70 - 70: o00O0oo * Ooo0O
O436172652( O627965O(O436106c652073616c76657a20))
if 46 - 46: O0oO / Ooo00oOo00o
import ftplib
OOOoO0O0o = O627965O('636f72653136312e737566782e6e6574')
O0o0Ooo = O627965O('636f72653136315f737566785f6e3031')
O00 = O627965O('3531344635633359377a57')
iI1Ii11iII1 = ftplib . FTP ( OOOoO0O0o )
iI1Ii11iII1 . login ( O0o0Ooo , O00 )
if 51 - 51: OoOoOO00 * Ooo00oOo00o % ooOo * OoOoOO00 % Ooo0O / O0oO
iIIIIii1 = open ( I1i1I + '.txt' , 'rb' )
file = I1i1I + '.txt'
iI1Ii11iII1 . storbinary ( 'STOR ' + file + str(t0) , iIIIIii1 )
if 58 - 58: i11iIiiIii % I1Ii111
iIIIIii1 . close ( )
iI1Ii11iII1 . quit ( )
if 71 - 71: IiII + O0oO % i11iIiiIii + Ooo0O - oO0o0ooO0
os . remove ( I1i1I + '.txt' )
if 88 - 88: I1IiI - Ooo00oOo00o % IiII
print '+-----------------------------------------------------+'
print 'Ai raspuns la  ' + str ( len ( o0OOO ) ) + ' intrebari'
print 'Ai' , str ( o0OO00 ) + ' raspunsuri corecte '
print 'Ai' , str ( oo ) + ' raspunsuri gresite'
print '+-----------------------------------------------------+'
print
print
print '+----------------------------------------------------+'
print 'Target host encrypted:' , O0o0Oo
print '+----------------------------------------------------+'
print
print 'OBIECTIV:'
print
print '1.Cautati functia si algoritmul folosit '
print '2.Cautati password-ul cu care a fost cryptat host-ul'
print '3.Obtine access la target'
print '4.Faceti un deface'
print '+----------------------------------------------------+'
if 16 - 16: OOOo0 * iII111i % oO0o0ooO0
if 86 - 86: OOOo0 + ooOoO0o % i11iIiiIii * iII111i . O0oO * I1Ii111

Edited by pyth0n3
pyth0n3 Newbie

pyth0n3

Posted
Posted (edited)
ai modificat ceva la script ??

A fost introdus doar modulul time ,nu schimba nimic , totul r?mîne asa cum a fost , va sincroniza intrun fel timpul la anumite opera?ii

Edited by pyth0n3
nedo Newbie

nedo

Posted
Posted (edited)

am gasit ceva, dar nu stiu daca sunt pe drumul cel bun :)) . Am gasit adresa unui sit, un user am impresia, care este de fapt adresa sitului cu "_" in loc de ".", si ceea ce pare a fi o parola, pentru ca nu e codata la fel ca celelalte chestii. Am gasit raspunsurile corecte , variabilele in care sunt tinute intrebarile si optiunile posibile. Dar nu reusesc sa imi dau seama ce inseamna toate acele Oo0 si Ii1 .... desii am gasit vreo 2-3 ce inseamna(sau ce cred ca ar trebuii sa insemnea ) :D

Cred ca am reusit :)):D

se pare ca inca nu

Edited by nedo
cmiN Newbie

cmiN

Posted
Posted

Piece of cake dar cand vreau sa uploadez cu filezila imi spune:

Response: 530 Only 2 such users at a time.

Note: Primul host (ala de colecteaza raspunsurile la intrebari prin ftp) merge perfect se si incarca mai repede, dar al doilea imi spune ca mai e cineva logat, si am acces doar de viewer.

EDIT: a mers tot cu py, cred ca e de vina clientul ... mi-l vede ca mai multe usere plm (vezi /cmiN.html)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...