diff --git a/csaw-red-quals-2018/chals-solves.json b/csaw-red-quals-2018/chals-solves.json new file mode 100644 index 0000000..39a1ea8 --- /dev/null +++ b/csaw-red-quals-2018/chals-solves.json @@ -0,0 +1,53 @@ +{ + "15": 154, + "18": 167, + "21": 126, + "24": 54, + "27": 25, + "30": 104, + "33": 23, + "36": 220, + "39": 90, + "42": 47, + "45": 133, + "48": 78, + "51": 6, + "54": 6, + "57": 35, + "60": 14, + "63": 32, + "66": 18, + "69": 57, + "72": 54, + "75": 26, + "78": 20, + "81": 23, + "84": 25, + "87": 2, + "90": 17, + "93": 182, + "96": 28, + "99": 76, + "102": 18, + "105": 221, + "108": 72, + "111": 80, + "114": 243, + "117": 88, + "120": 41, + "123": 195, + "126": 72, + "129": 41, + "132": 38, + "135": 224, + "138": 243, + "141": 230, + "144": 344, + "150": 32, + "156": 21, + "159": 11, + "168": 33, + "174": 24, + "177": 23, + "180": 5 +} diff --git a/csaw-red-quals-2018/chals.json b/csaw-red-quals-2018/chals.json new file mode 100644 index 0000000..97bc5bc --- /dev/null +++ b/csaw-red-quals-2018/chals.json @@ -0,0 +1,733 @@ +{ + "game": [ + { + "category": "Tutorial", + "description": "Copy, Paste, Enter.\n\n`echo 'synt{j3yp0z3_2_e3q}' | tr 'A-Za-z' 'N-ZA-Mn-za-m'`", + "files": [], + "hints": [], + "id": 144, + "name": "R U Alive", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 5 + }, + { + "category": "Tutorial", + "description": "BB8 is one of the few robots that Google can find. Do you know where they hide?", + "files": [], + "hints": [], + "id": 135, + "name": "BB8", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 10 + }, + { + "category": "Tutorial", + "description": "There is a flag somewhere on this page. Can you find it?", + "files": [], + "hints": [], + "id": 138, + "name": "In My Element", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 10 + }, + { + "category": "Tutorial", + "description": "Can you find the flag in one of these files? Ctrl-F may not be enough.", + "files": [ + "dabd02da67a0a08149c5bda6fc42d4fa/hello.zip" + ], + "hints": [], + "id": 141, + "name": "Irregular Expressions", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 10 + }, + { + "category": "Crypto", + "description": "Decrypt the message from these RSA values:\r\n\r\n`N = 6771554318063279431848312702694599935973610341134793457387179802502340410323800956250664791676927908216176954377514952594523181778019541527306915289382187`\r\n\r\n`d = 3711713166116654516231852804048066183987365980813665339727476998417559154417292248328844545850669766064400494699780124631469902379473449927403374793877457`\r\n\r\n`c = 2649742855208609235845145293813962935889320032224555958279459176413803529115896568523205268199338089322793362288745663650880219089218944837255286873757915`", + "files": [], + "hints": [], + "id": 21, + "name": "EasyRSA", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Crypto", + "description": "i yeet, you yeet, he/she/they yeet", + "files": [ + "5fc42bbca2f9da22074f708dd19167cf/ciphertext.txt" + ], + "hints": [], + "id": 30, + "name": "yeet", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Misc", + "description": "Sometimes you're in the wrong place at the wrong time.", + "files": [ + "be32d80ec9e0e2124e9f6747f2d9992b/misframed.zip" + ], + "hints": [], + "id": 36, + "name": "Misframed", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Pwning", + "description": "I love that they made sure to wish me a happy birthday... it was back in June though. \n\n `nc pwn.chal.csaw.io 10106`", + "files": [ + "10b348c4f31470268d6dd2600c19c72f/b0f" + ], + "hints": [], + "id": 69, + "name": "MakeAWish", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Pwning", + "description": "Why is everyone around me screaming about flow? \n\n `nc pwn.chal.csaw.io 10101`", + "files": [ + "ba9d9f52b6975db07e1f50b0988589ff/buff" + ], + "hints": [], + "id": 72, + "name": "AAAA", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Forensics", + "description": "Who's the fairest? \r\n\r\n `128.238.66.246`\r\n\r\nNOTE: You do NOT need nmap for this challenge", + "files": [], + "hints": [], + "id": 93, + "name": "MirrorMirror", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Forensics", + "description": "It looks like someone was moving stuff around on Sam's network... hmm...", + "files": [ + "e64230c1d722fc52ccb72e6c11696461/output.pcap" + ], + "hints": [], + "id": 105, + "name": "FeelThePower", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Web", + "description": "Can you log into the admin's account without knowing the password?\n\n `web.chal.csaw.io:10104`", + "files": [], + "hints": [], + "id": 123, + "name": "SQLIntro", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 50 + }, + { + "category": "Crypto", + "description": "Caesar Cipher is outdated, its time to millenialize it and make a Caesar Salad Cipher. Use the _lettuce_ structure in order to get the final substitution cipher required to decode the ciphertext Remember, substitutions are extra!\nAlphabet: `abcdefghijklmnopqrstuvwxyz{}_`\nCiphertext: shpn{o_hote_vy_jphpm_wokc_pircdqoej_kcpkj_cdw_rpejpf_oikeimem_ok}`\nLettuce Structure:\n1. `romaine`\n2. `dressing`\n3. `parmesan`\n4. `anchovies`\n5. `croutons`\n6. `parmesan`", + "files": [], + "hints": [], + "id": 18, + "name": "Caesar Salad Cipher", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 75 + }, + { + "category": "Crypto", + "description": "i yeeted, you yeeted, he/she/they have yeeten", + "files": [ + "58a4abb9d035957304676690888c1e06/ciphertext.txt" + ], + "hints": [], + "id": 24, + "name": "yeeeeeeet", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Crypto", + "description": "We got an awesome new take on the visionair cipher that iterates over a key in order to encrypt/decrypt flags. Basically we iterate over a key for a length _l_ and encrypt the plaintext using that chunk of the key. The ciphertext is made up of chunks of size _l_ of each individual cipher. The cipher text is `fmcj{aj_rzxn_mpxc_knwxabb}`. Use the flag format to your advantage in cracking the code.", + "files": [], + "hints": [], + "id": 27, + "name": "Interactive Vision Air", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Misc", + "description": "Do you believe in magic?\n\n `http://misc.chal.csaw.io:10102`", + "files": [], + "hints": [], + "id": 45, + "name": "Magic 1", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Reversing", + "description": "Are you the powerhouse of the cell?\n\nhttps://docs.google.com/spreadsheets/d/1j4hL84mBqzJAGWKiTh9_lmzoCEUOOdkwv0yldl9Ko6k/edit?usp=sharing", + "files": [], + "hints": [], + "id": 48, + "name": "Mitochondria", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Reversing", + "description": "I really need to get this OS extra credit \n\n `nc reversing.chal.csaw.io 10101`", + "files": [ + "a44cca119f8f39045fc2f16508bf8803/bomb" + ], + "hints": [], + "id": 57, + "name": "Just Another Bomb Lab (JABLAB)", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Reversing", + "description": "eazy peazy reverzing :) \n\n `nc reversing.chal.csaw.io 10102`", + "files": [ + "5c8962632c544424d35cd4422824fceb/babyrev" + ], + "hints": [], + "id": 63, + "name": "BabyRev", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Forensics", + "description": "What has Casey been doing on the internet lately?", + "files": [ + "d876d05293571fe5b31fd3009cec7401/data", + "4ca56c7bb9972f5dc08397d9ae2d328f/G011A.png" + ], + "hints": [], + "id": 96, + "name": "Can't Touch This", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Forensics", + "description": "What is this guy doing? Why can I see his traffic?", + "files": [ + "c825b78a37951084ea61330b8789a45b/output.pcapng" + ], + "hints": [], + "id": 111, + "name": "PacketPacket", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Forensics", + "description": "Somneone put this up in the lounge, but I can't see anything", + "files": [ + "e1e2fda56af42883de1a3009e51ff0eb/output.bmp" + ], + "hints": [], + "id": 114, + "name": "I'mInTheBand", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Forensics", + "description": "She just told me to look at the big picture, gave me this, and walked away...", + "files": [ + "534370e81665d5bfe48b3a45ecc6c50a/output.pcapng" + ], + "hints": [], + "id": 117, + "name": "TheBigPicture", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Web", + "description": "Oh boy SQLI sure is easy right?\nCan you change the query that the search performs to get the admin's password? \n\n `web.chal.csaw.io:10103`", + "files": [], + "hints": [], + "id": 126, + "name": "Easy_Search", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Web", + "description": "Someone brought up this game from back in high school, and I just HAVE to beat the new version.\r\n\r\n`web.chal.csaw.io:10106`\r\n\r\nNote: runs on Python3", + "files": [ + "c601f239f857a2e36d44b0c61fe7a573/clicker2.0.zip" + ], + "hints": [], + "id": 150, + "name": "Adrift", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 100 + }, + { + "category": "Crypto", + "description": "Oh no! Someone messed with the permutations of ingrediants and now I have no clue how to decipher the message! Try and recover the plaintext!\nAlphabet: `abcdefghijklmnopqrstuvwxyz{}_`\nCiphertext: npre{afijjuve_nufjk_uj_uvjrvuky_kci_fdhruvi_wdvk_oi_gfdgifpy_afijjia}`", + "files": [], + "hints": [], + "id": 15, + "name": "Caesar Salad Cipher Part 2", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 125 + }, + { + "category": "Misc", + "description": "Magic is more complicated than you think\n\n `http://misc.chal.csaw.io:10103`", + "files": [], + "hints": [], + "id": 39, + "name": "Magic 2", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 150 + }, + { + "category": "Pwning", + "description": "Get it GOT it Good! \n\n `nc pwn.chal.csaw.io 10105`", + "files": [ + "a4e00bab9e7bc5b2ed634d231dcbfdc8/got" + ], + "hints": [], + "id": 81, + "name": "GOT_IMMM", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 150 + }, + { + "category": "Pwning", + "description": "Have this delicious meal \r\n\r\n `nc pwn.chal.csaw.io 10104`", + "files": [ + "1064c2db0ee70516d4b72fe01f3e470f/dinner" + ], + "hints": [], + "id": 84, + "name": "dinner_time", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 150 + }, + { + "category": "Forensics", + "description": "Ohhhhhh say can you seeeeeeeeeeeee", + "files": [ + "720cc12c4eceebfc489935928f8f4ada/output.img" + ], + "hints": [], + "id": 99, + "name": "Imag-ining", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 150 + }, + { + "category": "Web", + "description": "The physics department is so lazy that they don't even grade their own homework anymore\r\n\r\n` web.chal.csaw.io:10108 `", + "files": [], + "hints": [], + "id": 168, + "name": "Online Assign 1", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 150 + }, + { + "category": "Crypto", + "description": "I remember when I got the news. It made me weak with joy.", + "files": [ + "ba37b7df518ebd66090eee860ae5aa32/destiny.enc", + "52e868c3f4fc4b42961814e62bc49ef3/gen.py" + ], + "hints": [], + "id": 33, + "name": "DEStiny", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Misc", + "description": "Can You Follow Instructions? \n\n `nc misc.chal.csaw.io 10101`", + "files": [], + "hints": [], + "id": 42, + "name": "LLVN", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Reversing", + "description": "go go go on an adventure !! \n\n `nc reversing.chal.csaw.io 10105`", + "files": [ + "45f6c8dbd4c57df06c32887365ad2f6c/road" + ], + "hints": [], + "id": 60, + "name": "road", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Pwning", + "description": "They had pie in the dining hall today. \n\n`nc pwn.chal.csaw.io 10103`", + "files": [ + "06f7e1c4043a2606b68f7bea38302d74/pibolar" + ], + "hints": [], + "id": 75, + "name": "pibolar", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Forensics", + "description": "There's something funny about this physics lab...", + "files": [ + "d11fa7aba040d352910f47dfdef09433/output.pdf" + ], + "hints": [], + "id": 108, + "name": "MultiLingual", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Web", + "description": "Now that you can XSS, try it again!\r\nThis time the flag is in the cookies of the admin. \r\n\r\n `web.chal.csaw.io:10102`", + "files": [], + "hints": [], + "id": 120, + "name": "CookieDevil", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Web", + "description": "Now you have to do your homework!\r\nWhen you submit a homework assignment, the submission will be validated on the server. What this means, is that your homework submission will be rendered in a webpage on the server! Some nasty things can happen here......\r\nThis challange requires you to send the flag to a public IP address (one that you control).\r\nThe flag is at /flag.txt, but it can only be accesed by the server itself! \r\n\r\n `web.chal.csaw.io:10105`", + "files": [], + "hints": [], + "id": 129, + "name": "Validation", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Web", + "description": "Hey it looks like the math department decided to use this crummy software too...\r\n\r\n` web.chal.csaw.io:10108 `", + "files": [], + "hints": [], + "id": 174, + "name": "Online Assign 2", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 200 + }, + { + "category": "Reversing", + "description": "Just keep going just keep going \r\n\r\n `nc reversing.chal.csaw.io 10106`", + "files": [ + "ba844a577847fcde0da8153f8e7dc68b/chary" + ], + "hints": [], + "id": 66, + "name": "chary", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 250 + }, + { + "category": "Pwning", + "description": "All my ideas keep jumping around \r\n\r\n`nc pwn.chal.csaw.io 10102`", + "files": [ + "f69d443ff53e14fd3b589bb48ef23b2c/adhd", + "067abde618e0b338559b94944213dd79/libc.so.6" + ], + "hints": [], + "id": 90, + "name": "ADHD", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 250 + }, + { + "category": "Web", + "description": "People say that I'm too negative. I say that sometimes you need negativity to grow.\r\n\r\n`web.chal.csaw.io:10106`\r\n\r\nNote: runs on Python3", + "files": [ + "8fb1d306d39989c7ecf1aaf0e145f613/clicker2.0.zip" + ], + "hints": [], + "id": 156, + "name": "Negativity", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 250 + }, + { + "category": "Pwning", + "description": "I found a bag of poprops, they're really off the chain \r\n\r\n`nc pwn.chal.csaw.io 10107`", + "files": [ + "b89fe9044c9338875103fdc20c09f7cb/poprops" + ], + "hints": [], + "id": 78, + "name": "Poprops", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 300 + }, + { + "category": "Forensics", + "description": "0 1 2 10", + "files": [ + "8ed772344c26472489c93a99ac7a7042/output.wav" + ], + "hints": [], + "id": 102, + "name": "UltraHyperMegaSonic", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 300 + }, + { + "category": "Web", + "description": "Now that you can SQLI, can you use that to leak out information from the database?\r\nThe flag is in a hidden table.\r\nHint: You will need to use information_schema \r\n\r\n `web.chal.csaw.io:10101`", + "files": [], + "hints": [], + "id": 132, + "name": "BlindAsABat", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 300 + }, + { + "category": "Reversing", + "description": "Somethings a little off here! I'm Anggrryyy \r\n\r\n `nc reversing.chal.csaw.io 10104`", + "files": [ + "eee84bbccffa7a0518f7034249780d70/flippityflop" + ], + "hints": [], + "id": 54, + "name": "flippityflop", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 350 + }, + { + "category": "Web", + "description": "Teachers aren't programmers, and it shows\r\n\r\n` web.chal.csaw.io:10108 `", + "files": [], + "hints": [], + "id": 177, + "name": "Online Assign 3", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 350 + }, + { + "category": "Reversing", + "description": "This kid reallllly wants me to join his crypto currency startup", + "files": [ + "ac6744c207e710f02a36bb79f7cc093f/ethersplay.abi", + "12943ae3393e235790630f3f86d38ec6/ethersplay.bytecode" + ], + "hints": [], + "id": 51, + "name": "ToTheMoon", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 400 + }, + { + "category": "Pwning", + "description": "So many voices but only one to choose from \r\n\r\n`nc pwn.chal.csaw.io 10108`", + "files": [ + "ddc12924582cde67645921b8340eafe4/schizophrenia" + ], + "hints": [], + "id": 87, + "name": "schizophrenia", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 400 + }, + { + "category": "Web", + "description": "I've been paying a lot more attention in psychology lately, and I've come to the conclusion that in the end we're all just the same anyway.\r\n\r\n`web.chal.csaw.io:10106`\r\n\r\nNote: runs on Python3", + "files": [ + "92f4b3bf4d5ede68815e161e4f1b92f8/clicker2.0.zip" + ], + "hints": [], + "id": 159, + "name": "OpenObjectivity", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 500 + }, + { + "category": "Reversing", + "description": "Every poor college student knows that there's a better way around paying for videogames\r\n\r\n` nc reversing.chal.csaw.io:10109 `\r\n\r\nUpdate Sep 24 12:02 AM EST: binary should run on more machines now (sha1 5ec20ddfb58a2948c6f3eb214ba44f0b453f347c)", + "files": [ + "3c9c1e927c8b01198e9ab0bd1cc9a94e/isengard2" + ], + "hints": [], + "id": 180, + "name": "Isengard 2", + "script": "/plugins/challenges/assets/standard-challenge-modal.js", + "tags": [], + "template": "/plugins/challenges/assets/standard-challenge-modal.njk", + "type": "standard", + "value": 500 + } + ] +} diff --git a/csaw-red-quals-2018/crypto/caesar-salad-cipher-75/README.md b/csaw-red-quals-2018/crypto/caesar-salad-cipher-75/README.md new file mode 100644 index 0000000..8bcd1be --- /dev/null +++ b/csaw-red-quals-2018/crypto/caesar-salad-cipher-75/README.md @@ -0,0 +1,24 @@ + +# CSAW RED Quals 2018 : Caesar Salad Cipher + +**Category:** Crypto +**Points:** 75 +**Solves:** 167 +**Description:** + +Caesar Cipher is outdated, its time to millenialize it and make a Caesar Salad Cipher. Use the _lettuce_ structure in order to get the final substitution cipher required to decode the ciphertext Remember, substitutions are extra! +Alphabet: `abcdefghijklmnopqrstuvwxyz{}_` +Ciphertext: shpn{o_hote_vy_jphpm_wokc_pircdqoej_kcpkj_cdw_rpejpf_oikeimem_ok}` +Lettuce Structure: +1. `romaine` +2. `dressing` +3. `parmesan` +4. `anchovies` +5. `croutons` +6. `parmesan` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/crypto/caesar-salad-cipher-part-2-125/README.md b/csaw-red-quals-2018/crypto/caesar-salad-cipher-part-2-125/README.md new file mode 100644 index 0000000..1922c5f --- /dev/null +++ b/csaw-red-quals-2018/crypto/caesar-salad-cipher-part-2-125/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Caesar Salad Cipher Part 2 + +**Category:** Crypto +**Points:** 125 +**Solves:** 154 +**Description:** + +Oh no! Someone messed with the permutations of ingrediants and now I have no clue how to decipher the message! Try and recover the plaintext! +Alphabet: `abcdefghijklmnopqrstuvwxyz{}_` +Ciphertext: npre{afijjuve_nufjk_uj_uvjrvuky_kci_fdhruvi_wdvk_oi_gfdgifpy_afijjia}` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/crypto/destiny-200/README.md b/csaw-red-quals-2018/crypto/destiny-200/README.md new file mode 100644 index 0000000..77b2a4a --- /dev/null +++ b/csaw-red-quals-2018/crypto/destiny-200/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : DEStiny + +**Category:** Crypto +**Points:** 200 +**Solves:** 23 +**Description:** + +I remember when I got the news. It made me weak with joy. + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/crypto/easyrsa-50/README.md b/csaw-red-quals-2018/crypto/easyrsa-50/README.md new file mode 100644 index 0000000..98f161f --- /dev/null +++ b/csaw-red-quals-2018/crypto/easyrsa-50/README.md @@ -0,0 +1,21 @@ + +# CSAW RED Quals 2018 : EasyRSA + +**Category:** Crypto +**Points:** 50 +**Solves:** 126 +**Description:** + +Decrypt the message from these RSA values: + +`N = 6771554318063279431848312702694599935973610341134793457387179802502340410323800956250664791676927908216176954377514952594523181778019541527306915289382187` + +`d = 3711713166116654516231852804048066183987365980813665339727476998417559154417292248328844545850669766064400494699780124631469902379473449927403374793877457` + +`c = 2649742855208609235845145293813962935889320032224555958279459176413803529115896568523205268199338089322793362288745663650880219089218944837255286873757915` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/crypto/interactive-vision-air-100/README.md b/csaw-red-quals-2018/crypto/interactive-vision-air-100/README.md new file mode 100644 index 0000000..b011a4d --- /dev/null +++ b/csaw-red-quals-2018/crypto/interactive-vision-air-100/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : Interactive Vision Air + +**Category:** Crypto +**Points:** 100 +**Solves:** 25 +**Description:** + +We got an awesome new take on the visionair cipher that iterates over a key in order to encrypt/decrypt flags. Basically we iterate over a key for a length _l_ and encrypt the plaintext using that chunk of the key. The ciphertext is made up of chunks of size _l_ of each individual cipher. The cipher text is `fmcj{aj_rzxn_mpxc_knwxabb}`. Use the flag format to your advantage in cracking the code. + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/crypto/yeeeeeeet-100/README.md b/csaw-red-quals-2018/crypto/yeeeeeeet-100/README.md new file mode 100644 index 0000000..5fd6c98 --- /dev/null +++ b/csaw-red-quals-2018/crypto/yeeeeeeet-100/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : yeeeeeeet + +**Category:** Crypto +**Points:** 100 +**Solves:** 54 +**Description:** + +i yeeted, you yeeted, he/she/they have yeeten + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/crypto/yeet-50/README.md b/csaw-red-quals-2018/crypto/yeet-50/README.md new file mode 100644 index 0000000..0172778 --- /dev/null +++ b/csaw-red-quals-2018/crypto/yeet-50/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : yeet + +**Category:** Crypto +**Points:** 50 +**Solves:** 104 +**Description:** + +i yeet, you yeet, he/she/they yeet + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/cant-touch-this-100/README.md b/csaw-red-quals-2018/forensics/cant-touch-this-100/README.md new file mode 100644 index 0000000..4f76ab2 --- /dev/null +++ b/csaw-red-quals-2018/forensics/cant-touch-this-100/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : Can't Touch This + +**Category:** Forensics +**Points:** 100 +**Solves:** 28 +**Description:** + +What has Casey been doing on the internet lately? + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/feel-the-power-50/README.md b/csaw-red-quals-2018/forensics/feel-the-power-50/README.md new file mode 100644 index 0000000..f30d1f6 --- /dev/null +++ b/csaw-red-quals-2018/forensics/feel-the-power-50/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : FeelThePower + +**Category:** Forensics +**Points:** 50 +**Solves:** 221 +**Description:** + +It looks like someone was moving stuff around on Sam's network... hmm... + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/im-in-the-band-100/README.md b/csaw-red-quals-2018/forensics/im-in-the-band-100/README.md new file mode 100644 index 0000000..e12cb77 --- /dev/null +++ b/csaw-red-quals-2018/forensics/im-in-the-band-100/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : I'mInTheBand + +**Category:** Forensics +**Points:** 100 +**Solves:** 243 +**Description:** + +Somneone put this up in the lounge, but I can't see anything + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/imag-ining-150/README.md b/csaw-red-quals-2018/forensics/imag-ining-150/README.md new file mode 100644 index 0000000..b892a74 --- /dev/null +++ b/csaw-red-quals-2018/forensics/imag-ining-150/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : Imag-ining + +**Category:** Forensics +**Points:** 150 +**Solves:** 76 +**Description:** + +Ohhhhhh say can you seeeeeeeeeeeee + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/mirror-mirror-50/README.md b/csaw-red-quals-2018/forensics/mirror-mirror-50/README.md new file mode 100644 index 0000000..3182b02 --- /dev/null +++ b/csaw-red-quals-2018/forensics/mirror-mirror-50/README.md @@ -0,0 +1,19 @@ + +# CSAW RED Quals 2018 : MirrorMirror + +**Category:** Forensics +**Points:** 50 +**Solves:** 182 +**Description:** + +Who's the fairest? + + `128.238.66.246` + +NOTE: You do NOT need nmap for this challenge + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/multi-lingual-200/README.md b/csaw-red-quals-2018/forensics/multi-lingual-200/README.md new file mode 100644 index 0000000..daba514 --- /dev/null +++ b/csaw-red-quals-2018/forensics/multi-lingual-200/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : MultiLingual + +**Category:** Forensics +**Points:** 200 +**Solves:** 72 +**Description:** + +There's something funny about this physics lab... + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/packet-packet-100/README.md b/csaw-red-quals-2018/forensics/packet-packet-100/README.md new file mode 100644 index 0000000..0e46c0a --- /dev/null +++ b/csaw-red-quals-2018/forensics/packet-packet-100/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : PacketPacket + +**Category:** Forensics +**Points:** 100 +**Solves:** 80 +**Description:** + +What is this guy doing? Why can I see his traffic? + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/the-big-picture-100/README.md b/csaw-red-quals-2018/forensics/the-big-picture-100/README.md new file mode 100644 index 0000000..d99286f --- /dev/null +++ b/csaw-red-quals-2018/forensics/the-big-picture-100/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : TheBigPicture + +**Category:** Forensics +**Points:** 100 +**Solves:** 88 +**Description:** + +She just told me to look at the big picture, gave me this, and walked away... + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/forensics/ultra-hyper-mega-sonic-300/README.md b/csaw-red-quals-2018/forensics/ultra-hyper-mega-sonic-300/README.md new file mode 100644 index 0000000..c87d47a --- /dev/null +++ b/csaw-red-quals-2018/forensics/ultra-hyper-mega-sonic-300/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : UltraHyperMegaSonic + +**Category:** Forensics +**Points:** 300 +**Solves:** 18 +**Description:** + +0 1 2 10 + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/gen.py b/csaw-red-quals-2018/gen.py new file mode 100644 index 0000000..a150994 --- /dev/null +++ b/csaw-red-quals-2018/gen.py @@ -0,0 +1,71 @@ +#!/usr/bin/env python +#-*- coding: utf-8 -*- + +import os +import errno +import re +import sys +import codecs +import json +import pymustache +import stringcase + +sys.stdout = codecs.getwriter("utf-8")(sys.stdout) +sys.stderr = codecs.getwriter("utf-8")(sys.stderr) + +def mkdir_p(path): + try: os.makedirs(path) + except OSError as ex: + if ex.errno == errno.EEXIST and os.path.isdir(path): pass + else: raise + +def transform(name): + name = re.sub('(.)([A-Z][a-z]+)', r'\1-\2', name) + return re.sub('([a-z0-9])([A-Z])', r'\1-\2', name).lower() + +if __name__ == "__main__": + tpl = """ +# CSAW RED Quals 2018 : {{name}} + +**Category:** {{category}} +**Points:** {{value}} +**Solves:** {{nsolve}} +**Description:** + +{{&description}} + +## Write-up + +## Other write-ups and resources + +""" + tpl_compiled = pymustache.compiled(tpl) + + lookup = {} + with codecs.open("chals-solves.json","r","utf-8") as f: + obj = json.load(f) + lookup = {int(k):int(v) for k,v in obj.iteritems()} + + with codecs.open("chals.json","r","utf-8") as f: + obj = json.load(f) + for task in obj["game"]: + task["nsolve"] = lookup[task["id"]] + basedir_p0 = task["category"].lower() + name = task["name"] + name = re.sub(r"\([^)]+\)","",name) + name = name.strip() + name = name.replace("'","") + name = name.replace(" ","-") + name = name.replace("_","-") + name = name.strip() + if "-" not in name: + ms = re.findall(r"[A-Z][a-z]",name) + if len(ms) > 1: + name = stringcase.spinalcase(name) + name = name.lower() + basedir_p1 = "%s-%d"%(name,int(task["value"])) + basedir = os.path.join(basedir_p0,basedir_p1) + fp = os.path.join(basedir,"README.md") + if os.path.isfile(fp): continue + mkdir_p(basedir) + with codecs.open(fp,"w","utf-8") as g: print>>g, tpl_compiled.render(task) diff --git a/csaw-red-quals-2018/misc/llvn-200/README.md b/csaw-red-quals-2018/misc/llvn-200/README.md new file mode 100644 index 0000000..7bb86d9 --- /dev/null +++ b/csaw-red-quals-2018/misc/llvn-200/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : LLVN + +**Category:** Misc +**Points:** 200 +**Solves:** 47 +**Description:** + +Can You Follow Instructions? + + `nc misc.chal.csaw.io 10101` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/misc/magic-1-100/README.md b/csaw-red-quals-2018/misc/magic-1-100/README.md new file mode 100644 index 0000000..85ad1ba --- /dev/null +++ b/csaw-red-quals-2018/misc/magic-1-100/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Magic 1 + +**Category:** Misc +**Points:** 100 +**Solves:** 133 +**Description:** + +Do you believe in magic? + + `http://misc.chal.csaw.io:10102` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/misc/magic-2-150/README.md b/csaw-red-quals-2018/misc/magic-2-150/README.md new file mode 100644 index 0000000..51f609c --- /dev/null +++ b/csaw-red-quals-2018/misc/magic-2-150/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Magic 2 + +**Category:** Misc +**Points:** 150 +**Solves:** 90 +**Description:** + +Magic is more complicated than you think + + `http://misc.chal.csaw.io:10103` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/misc/misframed-50/README.md b/csaw-red-quals-2018/misc/misframed-50/README.md new file mode 100644 index 0000000..9ab83ef --- /dev/null +++ b/csaw-red-quals-2018/misc/misframed-50/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : Misframed + +**Category:** Misc +**Points:** 50 +**Solves:** 220 +**Description:** + +Sometimes you're in the wrong place at the wrong time. + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/aaaa-50/README.md b/csaw-red-quals-2018/pwning/aaaa-50/README.md new file mode 100644 index 0000000..272b4ba --- /dev/null +++ b/csaw-red-quals-2018/pwning/aaaa-50/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : AAAA + +**Category:** Pwning +**Points:** 50 +**Solves:** 54 +**Description:** + +Why is everyone around me screaming about flow? + + `nc pwn.chal.csaw.io 10101` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/adhd-250/README.md b/csaw-red-quals-2018/pwning/adhd-250/README.md new file mode 100644 index 0000000..30d578a --- /dev/null +++ b/csaw-red-quals-2018/pwning/adhd-250/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : ADHD + +**Category:** Pwning +**Points:** 250 +**Solves:** 17 +**Description:** + +All my ideas keep jumping around + +`nc pwn.chal.csaw.io 10102` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/dinner-time-150/README.md b/csaw-red-quals-2018/pwning/dinner-time-150/README.md new file mode 100644 index 0000000..74bc93f --- /dev/null +++ b/csaw-red-quals-2018/pwning/dinner-time-150/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : dinner_time + +**Category:** Pwning +**Points:** 150 +**Solves:** 25 +**Description:** + +Have this delicious meal + + `nc pwn.chal.csaw.io 10104` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/got-immm-150/README.md b/csaw-red-quals-2018/pwning/got-immm-150/README.md new file mode 100644 index 0000000..dbfa37c --- /dev/null +++ b/csaw-red-quals-2018/pwning/got-immm-150/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : GOT_IMMM + +**Category:** Pwning +**Points:** 150 +**Solves:** 23 +**Description:** + +Get it GOT it Good! + + `nc pwn.chal.csaw.io 10105` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/make-a-wish-50/README.md b/csaw-red-quals-2018/pwning/make-a-wish-50/README.md new file mode 100644 index 0000000..171759f --- /dev/null +++ b/csaw-red-quals-2018/pwning/make-a-wish-50/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : MakeAWish + +**Category:** Pwning +**Points:** 50 +**Solves:** 57 +**Description:** + +I love that they made sure to wish me a happy birthday... it was back in June though. + + `nc pwn.chal.csaw.io 10106` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/pibolar-200/README.md b/csaw-red-quals-2018/pwning/pibolar-200/README.md new file mode 100644 index 0000000..5c791ad --- /dev/null +++ b/csaw-red-quals-2018/pwning/pibolar-200/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : pibolar + +**Category:** Pwning +**Points:** 200 +**Solves:** 26 +**Description:** + +They had pie in the dining hall today. + +`nc pwn.chal.csaw.io 10103` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/poprops-300/README.md b/csaw-red-quals-2018/pwning/poprops-300/README.md new file mode 100644 index 0000000..5d6bcdb --- /dev/null +++ b/csaw-red-quals-2018/pwning/poprops-300/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Poprops + +**Category:** Pwning +**Points:** 300 +**Solves:** 20 +**Description:** + +I found a bag of poprops, they're really off the chain + +`nc pwn.chal.csaw.io 10107` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/pwning/schizophrenia-400/README.md b/csaw-red-quals-2018/pwning/schizophrenia-400/README.md new file mode 100644 index 0000000..3b2516c --- /dev/null +++ b/csaw-red-quals-2018/pwning/schizophrenia-400/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : schizophrenia + +**Category:** Pwning +**Points:** 400 +**Solves:** 2 +**Description:** + +So many voices but only one to choose from + +`nc pwn.chal.csaw.io 10108` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/baby-rev-100/README.md b/csaw-red-quals-2018/reversing/baby-rev-100/README.md new file mode 100644 index 0000000..4adc289 --- /dev/null +++ b/csaw-red-quals-2018/reversing/baby-rev-100/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : BabyRev + +**Category:** Reversing +**Points:** 100 +**Solves:** 32 +**Description:** + +eazy peazy reverzing :) + + `nc reversing.chal.csaw.io 10102` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/chary-250/README.md b/csaw-red-quals-2018/reversing/chary-250/README.md new file mode 100644 index 0000000..a7fae71 --- /dev/null +++ b/csaw-red-quals-2018/reversing/chary-250/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : chary + +**Category:** Reversing +**Points:** 250 +**Solves:** 18 +**Description:** + +Just keep going just keep going + + `nc reversing.chal.csaw.io 10106` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/flippityflop-350/README.md b/csaw-red-quals-2018/reversing/flippityflop-350/README.md new file mode 100644 index 0000000..fca470e --- /dev/null +++ b/csaw-red-quals-2018/reversing/flippityflop-350/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : flippityflop + +**Category:** Reversing +**Points:** 350 +**Solves:** 6 +**Description:** + +Somethings a little off here! I'm Anggrryyy + + `nc reversing.chal.csaw.io 10104` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/isengard-2-500/README.md b/csaw-red-quals-2018/reversing/isengard-2-500/README.md new file mode 100644 index 0000000..428c305 --- /dev/null +++ b/csaw-red-quals-2018/reversing/isengard-2-500/README.md @@ -0,0 +1,19 @@ + +# CSAW RED Quals 2018 : Isengard 2 + +**Category:** Reversing +**Points:** 500 +**Solves:** 5 +**Description:** + +Every poor college student knows that there's a better way around paying for videogames + +` nc reversing.chal.csaw.io:10109 ` + +Update Sep 24 12:02 AM EST: binary should run on more machines now (sha1 5ec20ddfb58a2948c6f3eb214ba44f0b453f347c) + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/just-another-bomb-lab-100/README.md b/csaw-red-quals-2018/reversing/just-another-bomb-lab-100/README.md new file mode 100644 index 0000000..922400b --- /dev/null +++ b/csaw-red-quals-2018/reversing/just-another-bomb-lab-100/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Just Another Bomb Lab (JABLAB) + +**Category:** Reversing +**Points:** 100 +**Solves:** 35 +**Description:** + +I really need to get this OS extra credit + + `nc reversing.chal.csaw.io 10101` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/mitochondria-100/README.md b/csaw-red-quals-2018/reversing/mitochondria-100/README.md new file mode 100644 index 0000000..fe288ee --- /dev/null +++ b/csaw-red-quals-2018/reversing/mitochondria-100/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Mitochondria + +**Category:** Reversing +**Points:** 100 +**Solves:** 78 +**Description:** + +Are you the powerhouse of the cell? + +https://docs.google.com/spreadsheets/d/1j4hL84mBqzJAGWKiTh9_lmzoCEUOOdkwv0yldl9Ko6k/edit?usp=sharing + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/road-200/README.md b/csaw-red-quals-2018/reversing/road-200/README.md new file mode 100644 index 0000000..0a82ff4 --- /dev/null +++ b/csaw-red-quals-2018/reversing/road-200/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : road + +**Category:** Reversing +**Points:** 200 +**Solves:** 14 +**Description:** + +go go go on an adventure !! + + `nc reversing.chal.csaw.io 10105` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/reversing/to-the-moon-400/README.md b/csaw-red-quals-2018/reversing/to-the-moon-400/README.md new file mode 100644 index 0000000..65b3060 --- /dev/null +++ b/csaw-red-quals-2018/reversing/to-the-moon-400/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : ToTheMoon + +**Category:** Reversing +**Points:** 400 +**Solves:** 6 +**Description:** + +This kid reallllly wants me to join his crypto currency startup + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/solves.json b/csaw-red-quals-2018/solves.json new file mode 100644 index 0000000..df48e06 --- /dev/null +++ b/csaw-red-quals-2018/solves.json @@ -0,0 +1,324 @@ +{ + "solves": [ + { + "category": "Tutorial", + "chal": "R U Alive", + "chalid": 144, + "team": 1890, + "time": 1537992009, + "value": 5 + }, + { + "category": "Tutorial", + "chal": "In My Element", + "chalid": 138, + "team": 1890, + "time": 1538014509, + "value": 10 + }, + { + "category": "Tutorial", + "chal": "Irregular Expressions", + "chalid": 141, + "team": 1890, + "time": 1538014567, + "value": 10 + }, + { + "category": "Crypto", + "chal": "EasyRSA", + "chalid": 21, + "team": 1890, + "time": 1538015094, + "value": 50 + }, + { + "category": "Crypto", + "chal": "yeet", + "chalid": 30, + "team": 1890, + "time": 1538015381, + "value": 50 + }, + { + "category": "Crypto", + "chal": "Caesar Salad Cipher", + "chalid": 18, + "team": 1890, + "time": 1538015458, + "value": 75 + }, + { + "category": "Web", + "chal": "SQLIntro", + "chalid": 123, + "team": 1890, + "time": 1538016973, + "value": 50 + }, + { + "category": "Reversing", + "chal": "Mitochondria", + "chalid": 48, + "team": 1890, + "time": 1538018498, + "value": 100 + }, + { + "category": "Forensics", + "chal": "MirrorMirror", + "chalid": 93, + "team": 1890, + "time": 1538033879, + "value": 50 + }, + { + "category": "Forensics", + "chal": "FeelThePower", + "chalid": 105, + "team": 1890, + "time": 1538034282, + "value": 50 + }, + { + "category": "Web", + "chal": "Easy_Search", + "chalid": 126, + "team": 1890, + "time": 1538034861, + "value": 100 + }, + { + "category": "Misc", + "chal": "Misframed", + "chalid": 36, + "team": 1890, + "time": 1538035144, + "value": 50 + }, + { + "category": "Crypto", + "chal": "Caesar Salad Cipher Part 2", + "chalid": 15, + "team": 1890, + "time": 1538036072, + "value": 125 + }, + { + "category": "Pwning", + "chal": "MakeAWish", + "chalid": 69, + "team": 1890, + "time": 1538070135, + "value": 50 + }, + { + "category": "Misc", + "chal": "Magic 1", + "chalid": 45, + "team": 1890, + "time": 1538073345, + "value": 100 + }, + { + "category": "Reversing", + "chal": "Just Another Bomb Lab (JABLAB)", + "chalid": 57, + "team": 1890, + "time": 1538075370, + "value": 100 + }, + { + "category": "Reversing", + "chal": "BabyRev", + "chalid": 63, + "team": 1890, + "time": 1538080104, + "value": 100 + }, + { + "category": "Web", + "chal": "Online Assign 2", + "chalid": 174, + "team": 1890, + "time": 1538080327, + "value": 200 + }, + { + "category": "Pwning", + "chal": "AAAA", + "chalid": 72, + "team": 1890, + "time": 1538113997, + "value": 50 + }, + { + "category": "Tutorial", + "chal": "BB8", + "chalid": 135, + "team": 1890, + "time": 1538124727, + "value": 10 + }, + { + "category": "Misc", + "chal": "Magic 2", + "chalid": 39, + "team": 1890, + "time": 1538157973, + "value": 150 + }, + { + "category": "Web", + "chal": "Online Assign 3", + "chalid": 177, + "team": 1890, + "time": 1538162129, + "value": 350 + }, + { + "category": "Web", + "chal": "Online Assign 1", + "chalid": 168, + "team": 1890, + "time": 1538162934, + "value": 150 + }, + { + "category": "Forensics", + "chal": "I'mInTheBand", + "chalid": 114, + "team": 1890, + "time": 1538163577, + "value": 100 + }, + { + "category": "Forensics", + "chal": "TheBigPicture", + "chalid": 117, + "team": 1890, + "time": 1538163730, + "value": 100 + }, + { + "category": "Web", + "chal": "Validation", + "chalid": 129, + "team": 1890, + "time": 1538165787, + "value": 200 + }, + { + "category": "Web", + "chal": "CookieDevil", + "chalid": 120, + "team": 1890, + "time": 1538166667, + "value": 200 + }, + { + "category": "Pwning", + "chal": "GOT_IMMM", + "chalid": 81, + "team": 1890, + "time": 1538190032, + "value": 150 + }, + { + "category": "Misc", + "chal": "LLVN", + "chalid": 42, + "team": 1890, + "time": 1538191498, + "value": 200 + }, + { + "category": "Web", + "chal": "BlindAsABat", + "chalid": 132, + "team": 1890, + "time": 1538233092, + "value": 300 + }, + { + "category": "Pwning", + "chal": "dinner_time", + "chalid": 84, + "team": 1890, + "time": 1538237234, + "value": 150 + }, + { + "category": "Pwning", + "chal": "pibolar", + "chalid": 75, + "team": 1890, + "time": 1538239453, + "value": 200 + }, + { + "category": "Web", + "chal": "Adrift", + "chalid": 150, + "team": 1890, + "time": 1538240303, + "value": 100 + }, + { + "category": "Crypto", + "chal": "DEStiny", + "chalid": 33, + "team": 1890, + "time": 1538242494, + "value": 200 + }, + { + "category": "Crypto", + "chal": "yeeeeeeet", + "chalid": 24, + "team": 1890, + "time": 1538243367, + "value": 100 + }, + { + "category": "Reversing", + "chal": "chary", + "chalid": 66, + "team": 1890, + "time": 1538244851, + "value": 250 + }, + { + "category": "Reversing", + "chal": "road", + "chalid": 60, + "team": 1890, + "time": 1538248376, + "value": 200 + }, + { + "category": "Forensics", + "chal": "MultiLingual", + "chalid": 108, + "team": 1890, + "time": 1538250173, + "value": 200 + }, + { + "category": "Forensics", + "chal": "PacketPacket", + "chalid": 111, + "team": 1890, + "time": 1538334225, + "value": 100 + }, + { + "category": "Forensics", + "chal": "Imag-ining", + "chalid": 99, + "team": 1890, + "time": 1538335797, + "value": 150 + } + ] +} diff --git a/csaw-red-quals-2018/tutorial/bb8-10/README.md b/csaw-red-quals-2018/tutorial/bb8-10/README.md new file mode 100644 index 0000000..861cd33 --- /dev/null +++ b/csaw-red-quals-2018/tutorial/bb8-10/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : BB8 + +**Category:** Tutorial +**Points:** 10 +**Solves:** 224 +**Description:** + +BB8 is one of the few robots that Google can find. Do you know where they hide? + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/tutorial/in-my-element-10/README.md b/csaw-red-quals-2018/tutorial/in-my-element-10/README.md new file mode 100644 index 0000000..0d566a6 --- /dev/null +++ b/csaw-red-quals-2018/tutorial/in-my-element-10/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : In My Element + +**Category:** Tutorial +**Points:** 10 +**Solves:** 243 +**Description:** + +There is a flag somewhere on this page. Can you find it? + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/tutorial/irregular-expressions-10/README.md b/csaw-red-quals-2018/tutorial/irregular-expressions-10/README.md new file mode 100644 index 0000000..6046229 --- /dev/null +++ b/csaw-red-quals-2018/tutorial/irregular-expressions-10/README.md @@ -0,0 +1,15 @@ + +# CSAW RED Quals 2018 : Irregular Expressions + +**Category:** Tutorial +**Points:** 10 +**Solves:** 230 +**Description:** + +Can you find the flag in one of these files? Ctrl-F may not be enough. + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/tutorial/r-u-alive-5/README.md b/csaw-red-quals-2018/tutorial/r-u-alive-5/README.md new file mode 100644 index 0000000..a5ad948 --- /dev/null +++ b/csaw-red-quals-2018/tutorial/r-u-alive-5/README.md @@ -0,0 +1,16 @@ +# CSAW RED Quals 2018 : R U Alive + +**Category:** Tutorial +**Points:** 5 +**Solves:** 344 +**Description:** + +Copy, Paste, Enter. + +`echo 'synt{j3yp0z3_2_e3q}' | tr 'A-Za-z' 'N-ZA-Mn-za-m'` + +## Write-up + +`synt{j3yp0z3_2_e3q}` => ROT13 => `flag{w3lc0m3_2_r3d}` + +## Other write-ups and resources diff --git a/csaw-red-quals-2018/web/adrift-100/README.md b/csaw-red-quals-2018/web/adrift-100/README.md new file mode 100644 index 0000000..1e58d30 --- /dev/null +++ b/csaw-red-quals-2018/web/adrift-100/README.md @@ -0,0 +1,19 @@ + +# CSAW RED Quals 2018 : Adrift + +**Category:** Web +**Points:** 100 +**Solves:** 32 +**Description:** + +Someone brought up this game from back in high school, and I just HAVE to beat the new version. + +`web.chal.csaw.io:10106` + +Note: runs on Python3 + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/blind-as-a-bat-300/README.md b/csaw-red-quals-2018/web/blind-as-a-bat-300/README.md new file mode 100644 index 0000000..de5be9f --- /dev/null +++ b/csaw-red-quals-2018/web/blind-as-a-bat-300/README.md @@ -0,0 +1,19 @@ + +# CSAW RED Quals 2018 : BlindAsABat + +**Category:** Web +**Points:** 300 +**Solves:** 38 +**Description:** + +Now that you can SQLI, can you use that to leak out information from the database? +The flag is in a hidden table. +Hint: You will need to use information_schema + + `web.chal.csaw.io:10101` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/cookie-devil-200/README.md b/csaw-red-quals-2018/web/cookie-devil-200/README.md new file mode 100644 index 0000000..a7d54a0 --- /dev/null +++ b/csaw-red-quals-2018/web/cookie-devil-200/README.md @@ -0,0 +1,18 @@ + +# CSAW RED Quals 2018 : CookieDevil + +**Category:** Web +**Points:** 200 +**Solves:** 41 +**Description:** + +Now that you can XSS, try it again! +This time the flag is in the cookies of the admin. + + `web.chal.csaw.io:10102` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/easy-search-100/README.md b/csaw-red-quals-2018/web/easy-search-100/README.md new file mode 100644 index 0000000..c598b2c --- /dev/null +++ b/csaw-red-quals-2018/web/easy-search-100/README.md @@ -0,0 +1,18 @@ + +# CSAW RED Quals 2018 : Easy_Search + +**Category:** Web +**Points:** 100 +**Solves:** 72 +**Description:** + +Oh boy SQLI sure is easy right? +Can you change the query that the search performs to get the admin's password? + + `web.chal.csaw.io:10103` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/negativity-250/README.md b/csaw-red-quals-2018/web/negativity-250/README.md new file mode 100644 index 0000000..056bb88 --- /dev/null +++ b/csaw-red-quals-2018/web/negativity-250/README.md @@ -0,0 +1,19 @@ + +# CSAW RED Quals 2018 : Negativity + +**Category:** Web +**Points:** 250 +**Solves:** 21 +**Description:** + +People say that I'm too negative. I say that sometimes you need negativity to grow. + +`web.chal.csaw.io:10106` + +Note: runs on Python3 + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/online-assign-1-150/README.md b/csaw-red-quals-2018/web/online-assign-1-150/README.md new file mode 100644 index 0000000..188f090 --- /dev/null +++ b/csaw-red-quals-2018/web/online-assign-1-150/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Online Assign 1 + +**Category:** Web +**Points:** 150 +**Solves:** 33 +**Description:** + +The physics department is so lazy that they don't even grade their own homework anymore + +` web.chal.csaw.io:10108 ` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/online-assign-2-200/README.md b/csaw-red-quals-2018/web/online-assign-2-200/README.md new file mode 100644 index 0000000..cfb1905 --- /dev/null +++ b/csaw-red-quals-2018/web/online-assign-2-200/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Online Assign 2 + +**Category:** Web +**Points:** 200 +**Solves:** 24 +**Description:** + +Hey it looks like the math department decided to use this crummy software too... + +` web.chal.csaw.io:10108 ` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/online-assign-3-350/README.md b/csaw-red-quals-2018/web/online-assign-3-350/README.md new file mode 100644 index 0000000..76b2f87 --- /dev/null +++ b/csaw-red-quals-2018/web/online-assign-3-350/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : Online Assign 3 + +**Category:** Web +**Points:** 350 +**Solves:** 23 +**Description:** + +Teachers aren't programmers, and it shows + +` web.chal.csaw.io:10108 ` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/open-objectivity-500/README.md b/csaw-red-quals-2018/web/open-objectivity-500/README.md new file mode 100644 index 0000000..dcc3e8c --- /dev/null +++ b/csaw-red-quals-2018/web/open-objectivity-500/README.md @@ -0,0 +1,19 @@ + +# CSAW RED Quals 2018 : OpenObjectivity + +**Category:** Web +**Points:** 500 +**Solves:** 11 +**Description:** + +I've been paying a lot more attention in psychology lately, and I've come to the conclusion that in the end we're all just the same anyway. + +`web.chal.csaw.io:10106` + +Note: runs on Python3 + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/sqlintro-50/README.md b/csaw-red-quals-2018/web/sqlintro-50/README.md new file mode 100644 index 0000000..0460d22 --- /dev/null +++ b/csaw-red-quals-2018/web/sqlintro-50/README.md @@ -0,0 +1,17 @@ + +# CSAW RED Quals 2018 : SQLIntro + +**Category:** Web +**Points:** 50 +**Solves:** 195 +**Description:** + +Can you log into the admin's account without knowing the password? + + `web.chal.csaw.io:10104` + +## Write-up + +## Other write-ups and resources + + diff --git a/csaw-red-quals-2018/web/validation-200/README.md b/csaw-red-quals-2018/web/validation-200/README.md new file mode 100644 index 0000000..f5d8072 --- /dev/null +++ b/csaw-red-quals-2018/web/validation-200/README.md @@ -0,0 +1,20 @@ + +# CSAW RED Quals 2018 : Validation + +**Category:** Web +**Points:** 200 +**Solves:** 41 +**Description:** + +Now you have to do your homework! +When you submit a homework assignment, the submission will be validated on the server. What this means, is that your homework submission will be rendered in a webpage on the server! Some nasty things can happen here...... +This challange requires you to send the flag to a public IP address (one that you control). +The flag is at /flag.txt, but it can only be accesed by the server itself! + + `web.chal.csaw.io:10105` + +## Write-up + +## Other write-ups and resources + +