Jump to content
tdxev

Quitz and encryption challenge | get access and deface

By tdxev, in Challenges (CTF)

Recommended Posts

tdxev Newbie

tdxev

Posted
Posted (edited)

OBIECTIV:

1.Rulati scriptul

2.Rezolva?i quitz-ul

3.Cauta?i func?ia ?i algoritmul folosit pentru a cripta host-ul

4.Cauta?i password-ul cu care a fost cryptat host-ul

5.Ob?ine?i acces la target

6.Face?i un deface

Download :

 wget http://sprunge.us/GaFW -O quitz.py 


#!/usr/bin/python
#Date: 2011.01.16
#Purpose: Simple Challenge , quitz, encryption
#Author: tdxev , pyth0n3

if 64 - 64: i11iIiiIii
import operator
import os
import time
t0 = time.time()
if 65 - 65: O0 / iIii1I11I1II1 % OoooooooOO - i1IIi
o0OO00 = 0
OO627965 = '627965'
if OO627965 : O676fOff = 2 
if '68656' : OO627965OF = 16
def O627965O(O676fOOfO):
 return O676fOOfO and chr(int(O676fOOfO[:O676fOff], base=OO627965OF)) + O627965O(O676fOOfO[O676fOff:]) or ''
oo = 0
i1iII1IiiIiI1 = [ ]
os . system ( 'clear' )
iIiiiI1IiI1I1 = raw_input ( 'Nickname-ul tau?: ' )
if 87 - 87: OoOoOO00
if 27 - 27: OOOo0 / Oo - Ooo00oOo00o . I1IiI
o0OOO = '436172652064696e2075726d61746f6172656c652070726f746f636f616c6520696e636865696520756e2068616e647368616b65203f,436520696e7365616d6e61203132372e302e302e31203f,4365206573746520756e20646f63756d656e7420524643203f,436520696e7365616d6e6120524f4f5420696e20496e666f726d6174696361203f,436520696e7365616d6e6120444e53203f,556e20626974203d203f,436520696e7365616d6e61204e4154203f,436172652064696e2075726d61746f6172656c652076696e6520636f6e7369646572617420706173756c206e722e32203f,436172652064696e2075726d61746f6172656c652076696e65206368656d61742073746174656c657373203f,436172652064696e2075726d61746f6172656c652076696e65206368656d617420636f6e6e656374696f6e6c657373203f,534e4d50203f,43652066616365206d6f756e74202d6f206c6f6f702066696c65203f,436520696e7365616d6e6120525043203f,43617265206573746520756d61736b20707420756e2075736572206e6f726d616c2064652064656661756c74203f,416c676574692072617370756e73756c20636f72656374203f,43756d2076696e652064656e756d6974206d61632d756c20756e7569204150203f,4365206573746520546f6e654c6f63203f,4365206573746520756e20434450203f,43652066656c206465206174616320736520706f617465206566656374756120696e2075726d61746f72756c20636f64203f5c6e5c6e3c3f7068705c6e5c74696620282128246664203d20666f70656e28222466696c656e616d65222c2022722229295c6e5c746563686f2822436f756c64206e6f74206f70656e2066696c653a202466696c656e616d653c62722f3e22293b5c6e3f3e5c6e,436520696e7365616d6e6120494b4520696e6e20696e666f726d6174696361203f' . rsplit ( ',' )
if 13 - 13: ooOo + Ooo0O
if 48 - 48: iII111i % IiII + I1Ii111 / ooOoO0o * o00O0oo
O52617370756e73756c20746175206e752073652061666c6120696e2076617269616e74656c65206461746521='52617370756e73756c20746175206e752073652061666c6120696e2076617269616e74656c65206461746521'
if 97 - 97: oO0o0ooO0 - IIII / O0oO - IiII
if 30 - 30: O0 % I1IiI
OoI1Ii11I1Ii1i = [ '7463702c69702c756470' ,
 '6c6f63616c686f73742c72656d6f7465686f73742c696e7465726e686f7374' ,
 '52657175657374204672656520436f6d756e69636174696f6e2c52657175657374204672656520436f6d6d656e742c5265717565737420466f7220436f6d6d656e74' ,
 '5261646163696e6120646520636f7061632c5573657220637520647265707475726920666f61727465206d6172692c5573657220637520616e756d6974652064726570747572692c55736572206375207261646163696e69' ,
 '446f6d61696e204e6174696f6e616c205365727665722c446f6d61696e204e657420536572766963652c446f6d61696e204e6574776f726b205365636f6e642c446f6d61696e204e616d6520536572766572' ,
 '302e31353020627974652c302e31353520627974652c302e3132352062797465' ,
 '4e6174696f6e616c20416d65726963616e2054727573742c4e6174696f6e616c20416d65726963616e205472616e736665722c4e6574776f726b20416472657373205472616e736c6174696f6e' ,
 '5363616e6e696e672c456e756d65726174696f6e2c466f6f747072696e74696e67' ,
 '7463702c7564702c687474702c69636d70' ,
 '7564702c7463702c697078' ,
 '53696d706c65204e6574204d696e7574652050726f746f636f6c2c53696d706c65204e6174204d616e6167652050726f746f636f6c2c53696d706c65204e6574776f726b204d616e6167656d656e742050726f746f636f6c' ,
 '437265617a6120756e206e6f75206669736965722c4661636520756e206d6f756e7420707420756e206469726563746f722c4661636520756e206d6f756e74207074206f20696d6167696e652069736f' ,
 '52656d6f74652050686f6e6520436f6e656374696f6e2c52656d6f74652050726f6365647572652043616c6c2c52656d6f74652050726f63656475726520436c617373' ,
 '312e303030322c322e303032322c332e30323232' ,
 '73796e202d3e2073796e202d3e2061636b202d3e2061636b2c73796e202d3e2061636b202d3e2061636b202d3e2073796e2c73796e202d3e2061636b202d3e2073796e202d3e2061636b' ,
 '737369642c64737369642c6273736964' ,
 '4669726577616c6c2c526f757465722c5761722d6469616c696e67' ,
 '436f6e74726f6c20446973636f766572792050726f746f636f6c2c436973636f20446973636f766572792050726f746f636f6c2c436973636f2044697361737465722050726f74656374696f6e' ,
 '53514c492c5246492c585353' ,
 '496e7465726e6574204b65792045786368616e67652c496e7465726e6f74204b6579204578652c496e7465726e6574204b6579204578616d706c65' ]
if 67 - 67: iIii1I11I1II1 . Ooo0O . iII111i / i1IIi % OoOoOO00 - I1IiI
if 91 - 91: Ooo00oOo00o . i11iIiiIii / iII111i % I1Ii111 / Ooo00oOo00o - i11iIiiIii
if 8 - 8: ooOo * Ooo0O * iIii1I11I1II1 . oO0o0ooO0 / oO0o0ooO0 % oO0o0ooO0
i11 = O627965O('312c312c332c322c342c332c332c312c3233342c31332c332c332c322c312c312c332c332c322c322c31') . rsplit ( ',' )
if 41 - 41: IIII . O0oO * oO0o0ooO0 % i11iIiiIii
if 74 - 74: o00O0oo * oO0o0ooO0
if 82 - 82: iIii1I11I1II1 % oO0o0ooO0
O52617370756e7375726920636f72656374653a20 = '52617370756e7375726920636f72656374653a20'
if 86 - 86: I1IiI % OOOo0

if 80 - 80: OoooooooOO . OOOo0
O4361O72652 = 'O436172O652'
def O436172652(O436172O652):
 if 58 - 58: i11iIiiIii % IIII
 print O436172O652
 if 87 - 87: iII111i / O0oO + IIII - O0oO . O0oO / OoOoOO00
if 11 - 11: OOOo0 % ooOo - Oo
O52617370756e7375726920636f7265637465320 = '52617370756e7375726920636f72656374653a20'
if 58 - 58: i11iIiiIii % IIII
def O43617265222(O436172O65212):
 if 58 - 58: i11iIiiIii % IIII
 print O436172O65212
if 54 - 54: IiII % O0 + OOOo0 - o00O0oo / I1Ii111
if 31 - 31: Ooo00oOo00o + OoOoOO00
O52617370756 = '52a20'
if 13 - 13: IiII * iII111i * OOOo0
if 55 - 55: OoOoOO00
for IIIiI11ii in range ( len ( o0OOO ) ) :
 os . system ( 'clear' )
 if 52 - 52: o00O0oo + IiII % OoooooooOO / i11iIiiIii
 O436172652( str ( IIIiI11ii ) + '. ' + O627965O(o0OOO [ IIIiI11ii ] )+ '\n')
 iiIIi1IiIi11 = O627965O(OoI1Ii11I1Ii1i [ IIIiI11ii ]) . rsplit ( ',' )
 i1Ii = 0
 for I111I11 in iiIIi1IiIi11 :
  i1Ii = i1Ii + 1
  O436172652( str ( i1Ii ) + '.\t' + I111I11)
  if 62 - 62: o00O0oo - oO0o0ooO0 - I1IiI % i1IIi / iII111i
 OoooooOoo = ''
 print "\n"
 while OoooooOoo == '' :
  OoooooOoo = raw_input ( O627965O('72617370756e73203a20') )
  if OoooooOoo != '' and OoooooOoo in '0123456789' and int ( OoooooOoo ) in range ( 1 , i1Ii + 1 ) :
   i1iII1IiiIiI1 . append ( OoooooOoo )
  else :
   O436172652( O627965O(O52617370756e73756c20746175206e752073652061666c6120696e2076617269616e74656c65206461746521))
   OoooooOoo = ''
   if 70 - 70: Ooo00oOo00o . Ooo00oOo00o - Ooo00oOo00o / Ooo0O * IiII
   if 86 - 86: i11iIiiIii + ooOoO0o + O0oO * I1Ii111 + ooOo
 if OoooooOoo in i11 [ IIIiI11ii ] :
  o0OO00 = o0OO00 + 1
 else :
  oo = oo + 1
  if 61 - 61: Ooo00oOo00o / i11iIiiIii
  if 34 - 34: OoooooooOO + iIii1I11I1II1 + i11iIiiIii - Ooo0O + i11iIiiIii
  if 65 - 65: I1IiI
os . system ( 'clear' )
if 6 - 6: OOOo0 / Oo % ooOoO0o
if 84 - 84: i11iIiiIii . ooOo
if 100 - 100: ooOoO0o - ooOoO0o - IIII
if 20 - 20: OoooooooOO
Ii11iI1i = O627965O('73797366696c65384073797366696c652e6875742e7275')
Ooo = O627965O('6d63666d316e3076')
O0o0Oo = Ii11iI1i
def Oo00OOOOO ( string , key ) :
 O0O = ''
 for O00o0OO in string :
  for I11i1 in key :
   O00o0OO = chr ( ord ( O00o0OO ) ^ ord ( I11i1 ) )
  O0O += O00o0OO
 return O0O
O0o0Oo = Oo00OOOOO ( O0o0Oo , Ooo )
if 25 - 25: Oo - oO0o0ooO0 . OoooooooOO
if 22 - 22: oO0o0ooO0 + OoOoOO00 % IIII . I1Ii111 . I1IiI
if 76 - 76: I1IiI - O0 % IiII / Ooo0O / I1IiI
if 54 - 54: OOOo0 % OoOoOO00 % OoOoOO00
if 1 == 1: a4e756d653a20 = '4e756d653a20'
if 19 - 19: I1Ii111 + O0oO
if 53 - 53: OoooooooOO . i1IIi
O436106c652073616c76657a20 ='43616c63756c657a2072657a756c746174656c65207369206c652073616c76657a20'
if 18 - 18: ooOo
if 28 - 28: IiII - oO0o0ooO0 . oO0o0ooO0 + I1IiI - OoooooooOO + O0
if 95 - 95: Ooo00oOo00o % iII111i . O0
I1i1I = iIiiiI1IiI1I1 . encode ( "hex" )
if 80 - 80: I1IiI - Ooo00oOo00o
OOO00 = open ( I1i1I + '.txt' , 'w' )
print >> OOO00 , O627965O(a4e756d653a20) , iIiiiI1IiI1I1
print >> OOO00 ,  O627965O(O52617370756e7375726920636f72656374653a20), o0OO00
print >> OOO00 , O627965O('52617370756e7375726920677265736974653a20') , oo , '\n'
print >> OOO00 , O627965O('74696d65203a') , time.time()-t0 , '\n'
iiiiiIIii = 0
for IIIiI11ii in range ( len ( o0OOO ) ) :
 O000OO0 = len ( O627965O(o0OOO [ IIIiI11ii ] . rsplit ( '?' ) [ 0 ]) )
 if O000OO0 > iiiiiIIii :
  iiiiiIIii = O000OO0
  if 43 - 43: IIII - O0 % OOOo0 . I1Ii111
print >> OOO00 , 'Intrebarea ' . ljust ( iiiiiIIii + 5 ) + 'Raspunsul' . ljust ( 11 ) + 'Corect'
print >> OOO00 , '-' * int ( iiiiiIIii + 22 )
if 57 - 57: IiII . IiII
for IIIiI11ii in range ( len ( o0OOO ) ) :
 print >> OOO00 , O627965O(o0OOO [ IIIiI11ii ]) . rsplit ( '?' ) [ 0 ] . ljust ( iiiiiIIii + 5 ) + i1iII1IiiIiI1 [ IIIiI11ii ] . ljust ( 11 ) + str ( i1iII1IiiIiI1 [ IIIiI11ii ] in i11 [ IIIiI11ii ] )
 if 95 - 95: O0 + Ooo00oOo00o . OoOoOO00 / O0
OOO00 . close ( )
if 97 - 97: O0oO - IiII * i11iIiiIii / I1IiI % IIII - OoooooooOO
if 59 - 59: O0 + OOOo0 + oO0o0ooO0 % OOOo0
if 70 - 70: o00O0oo * Ooo0O
O436172652( O627965O(O436106c652073616c76657a20))
if 46 - 46: O0oO / Ooo00oOo00o
import ftplib
OOOoO0O0o = O627965O('636f72653136312e737566782e6e6574')
O0o0Ooo = O627965O('636f72653136315f737566785f6e3031')
O00 = O627965O('3531344635633359377a57')
iI1Ii11iII1 = ftplib . FTP ( OOOoO0O0o )
iI1Ii11iII1 . login ( O0o0Ooo , O00 )
if 51 - 51: OoOoOO00 * Ooo00oOo00o % ooOo * OoOoOO00 % Ooo0O / O0oO
iIIIIii1 = open ( I1i1I + '.txt' , 'rb' )
file = I1i1I + '.txt'
iI1Ii11iII1 . storbinary ( 'STOR ' + file + str(t0) , iIIIIii1 )
if 58 - 58: i11iIiiIii % I1Ii111
iIIIIii1 . close ( )
iI1Ii11iII1 . quit ( )
if 71 - 71: IiII + O0oO % i11iIiiIii + Ooo0O - oO0o0ooO0
os . remove ( I1i1I + '.txt' )
if 88 - 88: I1IiI - Ooo00oOo00o % IiII
print '+-----------------------------------------------------+'
print 'Ai raspuns la  ' + str ( len ( o0OOO ) ) + ' intrebari'
print 'Ai' , str ( o0OO00 ) + ' raspunsuri corecte '
print 'Ai' , str ( oo ) + ' raspunsuri gresite'
print '+-----------------------------------------------------+'
print
print
print '+----------------------------------------------------+'
print 'Target host encrypted:' , O0o0Oo
print '+----------------------------------------------------+'
print
print 'OBIECTIV:'
print
print '1.Cautati functia si algoritmul folosit '
print '2.Cautati password-ul cu care a fost cryptat host-ul'
print '3.Obtine access la target'
print '4.Faceti un deface'
print '+----------------------------------------------------+'
if 16 - 16: OOOo0 * iII111i % oO0o0ooO0
if 86 - 86: OOOo0 + ooOoO0o % i11iIiiIii * iII111i . O0oO * I1Ii111

Edited by pyth0n3
Link to comment
Share on other sites
nedo Newbie

nedo

Posted
Posted (edited)

am gasit ceva, dar nu stiu daca sunt pe drumul cel bun :)) . Am gasit adresa unui sit, un user am impresia, care este de fapt adresa sitului cu "_" in loc de ".", si ceea ce pare a fi o parola, pentru ca nu e codata la fel ca celelalte chestii. Am gasit raspunsurile corecte , variabilele in care sunt tinute intrebarile si optiunile posibile. Dar nu reusesc sa imi dau seama ce inseamna toate acele Oo0 si Ii1 .... desii am gasit vreo 2-3 ce inseamna(sau ce cred ca ar trebuii sa insemnea ) :D

Cred ca am reusit :)):D

se pare ca inca nu

Edited by nedo
Link to comment
Share on other sites
cmiN Newbie

cmiN

Posted
Posted

Piece of cake dar cand vreau sa uploadez cu filezila imi spune:

Response: 530 Only 2 such users at a time.

Note: Primul host (ala de colecteaza raspunsurile la intrebari prin ftp) merge perfect se si incarca mai repede, dar al doilea imi spune ca mai e cineva logat, si am acces doar de viewer.

EDIT: a mers tot cu py, cred ca e de vina clientul ... mi-l vede ca mai multe usere plm (vezi /cmiN.html)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...