https://github.com/minaminao/my-ctf-challenges/tree/main/ctfs/alpacahack-seccon-13-finals-booth

Long Flag(Beginner,Crypto): [152 solves]


Author: minaminao

出力からフラグを復元してください🐍

import os
from Crypto.Util.number import bytes_to_long

print(bytes_to_long(os.getenv("FLAG").encode()))

出力:
35774448546064092714087589436978998345509619953776036875880600864948129648958547184607421789929097085

🍪(Beginner,Web): [139 solves]

Author: minaminao

ある条件を満たすとフラグが得られるようです

import Fastify from "fastify";
import fastifyCookie from "@fastify/cookie";

const fastify = Fastify();
fastify.register(fastifyCookie);

fastify.get("/", async (req, reply) => {
  reply.setCookie('admin', 'false', { path: '/', httpOnly: true });
  if (req.cookies.admin === "true")
    reply.header("X-Flag", process.env.FLAG);
  return "can you get the flag?";
});

fastify.listen({ port: process.env.PORT, host: "0.0.0.0" });

*完全なソースコードは以下からダウンロード可能です。

cookie.tar.gz

Beginner's Flag Printer(Beginner,Rev): [121 solves]

Author: minaminao

フラグを出力するアセンブリです🤖

.LC0:
        .string "Alpaca{%x}\\n"
main:
        push    rbp
        mov     rbp, rsp
        sub     rsp, 16
        mov     DWORD PTR [rbp-4], 539232261
        mov     eax, DWORD PTR [rbp-4]
        mov     esi, eax
        mov     edi, OFFSET FLAT:.LC0
        mov     eax, 0
        call    printf
        mov     eax, 0
        leave
        ret

parseInt(Beginner,Misc): [89 solves]

Author: minaminao

a < b && parseInt(a) > parseInt(b) となるような a, b を見つけてください🐟

const rl = require("node:readline").createInterface({
    input: process.stdin,
    output: process.stdout,
});

rl.question("Input a,b: ", input => {
    const [a, b] = input.toString().trim().split(",").map(Number);
    if (a < b && parseInt(a) > parseInt(b))
        console.log(process.env.FLAG);
    else
        console.log(":(");
    rl.close();
});

*完全なソースコードは以下からダウンロード可能です。

parse-int.tar.gz

Can U Keep A Secret?(Beginner,Pwn): [31 solves]

Author: minaminao

Or ...?

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <unistd.h>

int main() {
    srand(time(NULL));
    unsigned int secret = rand(), input;
    printf("secret: %u\\n", secret);

    // can u keep a secret??/
    secret *= rand();
    secret *= 0x5EC12E7;
    scanf("%u", &input);
    if(input == secret)
        printf("Alpaca{REDACTED}\\n");
    return 0;
}

*完全なソースコードは以下からダウンロード可能です。

can-u-keep-a-secret.tar.gz

play with memory(Pwn): [75 solves]