• Donald Ashdown

CyBRICS CTF

https://cybrics.net/

CyBRICS is a computer security competition (CTF) organized in a cross-university effort by BRICS countries academia.

In 2020 the event is organized by ITMO University and run by SPbCTF meetups crew (members of CTF teams LC↯BC, SiBears, PeterPEN, Yozik).


I did not have allot of time for Cybrics CTF like I was hoping to, nor was I able to work with a team or any individuals so I casually worked through the entry level challenges in each category. Overall I really felt like the challenges were highly intuitive and well designed.

 


Mic Check


This was a simple challenge to show you the flag format, and introduce the rules.

Viewing the rules shows us an ecrypted flag which did not auto decode on Cyberchef. But when I manually passed it through ROT13 decrypt I found the flag.


 


Broken Invitation


I are provided RSA key values in the PDF, and are tasked with identifying the point of weakness and exploiting and decrypting the message.



In this instance the public exponent is extremely small so much that it is vulnerable to a low exponent or Hastad's attack.

There are many CTF RSA tools and for this one I used rsasolver.py.


 1/ Primes known (p, q, e, c)
 2/ Factorization (n, e, c)
 3/ Low exponent (e = 3, n1, n2, n3, c1, c2, c3)
> 3
n1: 924506488821656685683910901697171383575761384058997452768161613244316449994435541406042874502024337501621283644549497446327156438552952982774526792356194523541927862677535193330297876054850415513120023262998063090052673978470859715791539316871
n2: 88950937117255391223977435698486265468789676087383749025900580476857958577458361251855358598960638495873663408330100969812759959637583297211068274793121379054729169786199319454344007481804946263873110263761707375758247409
n3: 46120424124283407631877739918717497745499448442081604908717069311339764302716539899549382470988469546914660420190473379187397425725302899111432304753418508501904277711772373006543099077921097373552317823052570252978144835744949941108416471431004677
c1: 388825822870813587493154615238012547494666151428446904627095554917874019374474234421038941934804209410745453928513883448152675699305596595130706561989245940306390625802518940063853046813376063232724848204735684760377804361178651844505881089386
c2: 4132099145786478580573701281040504422332184017792293421890701268012883566853254627860193724809808999005233349057847375798626123207766954266507411969802654226242300965967704040276250440511648395550180630597000941240639594
c3: 43690392479478733802175619151519523453201200942800536494806512990350504964044289998495399805335942227586694852363272883331080188161308470522306485983861114557449204887644890409995598852299488628159224012730372865280540944897915435604154376354144428

-> m(dec): 949557364767986162692541204888383714648410089749288993554212847615599100096583727459

Decode Message = cybrics{h3y_guY5_c0m3_t0_my_p4rtY!}
 


DockEsc


When you connect into the server with the provided ssh credentials you are dropped into a docker container that is executing sleep infinity func. The image in the challenge page provides a clue with is --detach-keys = ctrl-p,p,i,c,t,u. There is also no verbosity for anything typed in the terminal. How ever, as soon as you enter a wrong character you are notified on the screen. I eventually guessed the key phrase as ctrl-ppictureisworthathousandwords. This escaped the container and I got the flag.


cybrics{y0u_h4V3_k1LL3D_the_INFINITY}
 


Keyshooter

This was a silly challenge that required us to slow down a video and see what a user was typing.

I download the initial files and learned we have an openssl encoded file and a video.

I can clearly see the type of encryption being used as well as the password.

I simply mirror the user in the video and get the flag.

 

Krevedka

This is a cool challenge that involves threat hunting through some pcap files.


The challenge description talks about the victim user caleches. So we know our starting point will be for this user in particular. We run a search string and view many packets, eventually coming across this one which is indicative of an SQL injection attack.


Armed this information we can check the user agent attributed to this attack and research all the packets for this user. Which eventually brings us to our final destination, with the user micropetalous.

 


XCORP


This is a wireshark challenge that involves analyzing a pcap to find an application and credentials. I thought this was a really fun challenge and quite enjoyed it.


The first thing I did was search for smb traffic. This was because the provided hint talked about employee applications. I filtered for all SMB traffic and noticed a file net10.exe being requested. I then exported all smb objects.



The smb objects were duplicates of one another.



Downloading them worked fine but running the files gave me issues to do with compatibility. So I removed the "%" sign from the start of cnet10 and was able to run the file.



The application successfully opened and I was prompted with a login page requesting a username. Well up to this point I had no user name so I went back to the pcap.



A little more poking around showed me the packet for a login post which the users account in plain text. This username was our key to getting the flag.



Entering the username provided me with the flag.


 





9 views0 comments