-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
198 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| +++ | ||
| title = 'DontCheat PlayFair' | ||
| date = '2024-10-12' | ||
| authors = ["Rohita"] | ||
| +++ | ||
|
|
||
| # Don't cheat, play fair | ||
|
|
||
| The title gives away that it's a playfair cipher, '`play fair`' should hint that the key is the word fair. | ||
|
|
||
| You can use a tool to decrypt it, giving the clue `dragon chicken is my favourite` | ||
|
|
||
| This was the only round of the treasure hunt which required you to visit a physical place in insti. | ||
|
|
||
| Hopefully dragon chicken set you off to go to zaitoon. | ||
|
|
||
| The poem, was once again, encrypted in playfair with the keyword 'fair' | ||
|
|
||
| Gives you a poem with the first letters of every line spelling | ||
|
|
||
| A | ||
| C | ||
| R | ||
| O | ||
| S | ||
| T | ||
| I | ||
| C | ||
|
|
||
| Acrostic poems give you a message when you **join the first letters** of each line. | ||
|
|
||
| This is unrelated to zaitoon, but hopefully set you off in the general direction of joining first letters of menu items for the password | ||
|
|
||
| The section with dragon chicken on the menu would give you `dccdcchccpgg` | ||
|
|
||
| Wrap in cyber3301. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| +++ | ||
| paginate_by = 15 | ||
| paginate_path = "writeups/Cyber3301" | ||
| title = "Cyber3301" | ||
| sort_by = "date" | ||
| page_template = "blog-page.html" | ||
| redirect_to = "writeups/Cyber3301/writeup" | ||
| +++ | ||
|
|
||
|
|
||
| The writeups for the Cyber3301 challenge conducted by Cybersecurity Club, IITM. | ||
|
|
||
| # Challenges | ||
|
|
||
| - [Don't cheat, Play Fair](@/writeups/Cyber3301/DontCheatPlayFair.md) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| +++ | ||
| title = 'Game' | ||
| date = '2024-10-12' | ||
| authors = ["Isfarul"] | ||
| +++ | ||
|
|
||
| # Writeup - Game | ||
|
|
||
| Q1. `We're looking for highly intelligent individuals`: | ||
|
|
||
| Karatsuba's gives a hint about multiplication as it's a multiplication algo | ||
|
|
||
| Also, hints given mentioned the way `cicada 3301` had used the dimensions of their first image | ||
|
|
||
| hence they had to find the very first image on our website, our logo, and take the product of dimensions | ||
|
|
||
| Q2: | ||
|
|
||
| Use the product from the previous level for this | ||
|
|
||
| Then find the "date of birth" of the club mentioned in the website. | ||
|
|
||
| then search up `cicada 3301 wingspan` to find the fact that original Cicada poster had a unique species | ||
|
|
||
| Q3: | ||
|
|
||
| Hint from the last question leads to `the book` | ||
|
|
||
| Our github reveals a post that was recently removed that had the description of the post about the "book" | ||
|
|
||
| This leads to ny repo which has the text editor clearly mentioned that is `helix`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| +++ | ||
| title = 'Math Break' | ||
| date = '2024-10-12' | ||
| authors = ["Yukash"] | ||
| +++ | ||
|
|
||
| # Math Break | ||
|
|
||
| ## Part 1 Description: | ||
| ``` | ||
| Math break !! | ||
| 1 , 3 , 5 , 7 , ... ? | ||
| What number will be next? | ||
| (Don't trust the numbers on internet. Trust the numbers which we have) | ||
| ``` | ||
|
|
||
| This part is a viral math meme. Even if you don't have any idea about the meme, a quick google search will give you the picture of what number would be next. | ||
|
|
||
|  | ||
|
|
||
| From the image, we can see that the number can be arbitrary (as shown in the image using polynomial interpolation). But the description says "Trust the number which we have". The only number that we have is 3301 , and we conclude that the missing number is 3301. | ||
|
|
||
| ``` | ||
| Get the Map to the place which the numbers corresponds | ||
| ``` | ||
|
|
||
| This statement implies us to get the graph/plot of the function the numbers correspond to | ||
|
|
||
| Now using these 5 values, just as how the image has a polynomial function constructed, we also construct a polynomial function. Set up the linear equations and solve them using an online solver | ||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
| ## Part 2 Description: | ||
| ``` | ||
| View with from a place where you can just see the 150s of x and y. | ||
| Hear the valleys and the mountains. Hear the roots of the trees. | ||
| What do they say? Don't care about the octave. | ||
| Once you feel them perfectly, you'll get the answer... | ||
| ``` | ||
|
|
||
| Once we plot the function, we have valleys(minima) , mountains(maxima) and roots. If you use [desmos](https://www.desmos.com/calculator), you might know that desmos has a functionality to hear the graphs. | ||
| If we search about how the musical notes are correlated, we can find that the notes made by the desmos graphs are | ||
| 1. dependent on the points we choose(which is by default, the maxima , minima and the roots of the polynomial) | ||
| 1. dependent on where you look the graph from. | ||
|
|
||
|  | ||
|
|
||
| So, if we notice, the first line asks us to view it from 150s of x and y. So we set the visible region from -150 <= x <= 150 and -150 <= y <= 150. | ||
|
|
||
| Now we have the proper setup to hear the notes. We can use any notes detector app to get the musical notes at each point. With enough patience, we can see that the notes correspond to A#4 , F4 , A#4 ,C#4 ,A#1 , F4 , A#4 | ||
| ``` | ||
| Don't care about the octave | ||
| ``` | ||
| explicitly asks us not to worry about the octave and just take the notes. | ||
|
|
||
| So, from desmos we get the following musical notes put together as A#FA#C#A#FA# . | ||
| Use the decoder given (decoder.exe) to decode this and get the flag. | ||
|
|
||
| ``` | ||
| $ ./decoder.exe | ||
| Enter the string to be decoded(without spaces): | ||
| A#FA#C#A#FA# | ||
| Decoding.. | ||
| Decoded message: cyber3301{osint_ez} | ||
| Hope this is correct | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| +++ | ||
| title = 'Mr Worldwide' | ||
| date = '2024-10-12' | ||
| authors = ["Krishna"] | ||
| +++ | ||
|
|
||
| # Mr Worldwide | ||
|
|
||
| Let's start by searching for the newly founded company `Globetrail2024` on Instagram. | ||
|
|
||
| It didn't take long to find their account, and among the posts, one in particular stood out. The post mentioned a contest winner and included a QR code that looked interesting. Scanning the code seemed like a good next step, and sure enough, it led to the profile of the contest winner. At this point, it was clear that the display picture on the winner's account matched the image from the post. | ||
|
|
||
| There were two ways to move forward from here: either browse through the posts with the same hashtag or directly search for the winner's account. The display picture seemed to provide a clue, and after some searching, the account of `Anirudh Vedant` was found, confirming the identity of the contest winner. | ||
|
|
||
| Next came the task of identifying the cities linked to the contest. For the first post, which featured a coffee shop, increasing the brightness of the image revealed hidden coordinates, which led to a coffee shop in `New York (NY)`. The second city was easier to uncover, quick reverse image search showed that the photo was from `Paris (P)`. The same technique worked for the third image, which pointed to `Tokyo (T)`. | ||
|
|
||
| With all the pieces falling into place, the challenge became clearer! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| +++ | ||
| title = "Writeup for Cyber3301" | ||
| date = 2024-10-12 | ||
| +++ | ||
|
|
||
| # Challenges | ||
| - [Don't cheat, Play Fair](@/writeups/Cyber3301/DontCheatPlayFair.md) | ||
| - [Mr. Worldwide](@/writeups/Cyber3301/mrworldwide.md) | ||
| - [Piet](@/writeups/Cyber3301/writeup_piet.md) | ||
| - [Game](@/writeups/Cyber3301/game.md) | ||
| - [Math Break](@/writeups/Cyber3301/mathBreak.md) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| +++ | ||
| title = 'Piet' | ||
| date = '2024-10-12' | ||
| authors = ["Disha"] | ||
| +++ | ||
|
|
||
| # Writeup - Piet Program | ||
|
|
||
| We've been given a png file which is basically a piet program image. | ||
| We just need to upload it here - https://www.bertnase.de/npiet/npiet-execute.php | ||
|
|
||
| After executing,we retrieve the following information | ||
|
|
||
| When working on binary exploitation, remember that memory management is critical. Always sanitize inputs to avoid exposing unnecessary vulnerabilities. Overflowing the stack might bypass certain protections, but make sure you manage heap allocation effectively to prevent issues with ASLR. If you’re chaining together ROP gadgets, confirm they execute in the right order; improper control flow could lead to unpredictable results. A good exploit can be subtle;mjust like hiding important details in plain sight, such as a password hidden in a heap spray. Anyways, enough of that gibberish. The password you are looking for isssssssssssssssssss here: https://katb.in/vowuhevizoh | ||
|
|
||
|
|
||
| Opening the katbin link gives the flag - cyber3301{put_lite} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters