DEF CON CTF Qualifier 2025 Write-Up

Basics/🐱‍💻🌐

Description

$ export INPUT="____ ___ _______"  # some string goes here
$ "${@#IV}"  ''p''"${@,,}"rintf  %s  "$(  Ax='  '"'"'E'"'"'"V"A"L" "$( ${@,}  P"R"I'"'"''"'"'\NTF %S  '"'"'23- C- TUC | MUS5DM | tupni$ OHCE ;ENOD ;LLUN/VED/> MUS5DM | tupni$ OHCE ;I$ PEELS OD ;)0001 1 QES($ NI I ROF'"'"'  ${*##.}|${@%;}  RE${@}V${*%%O1}  ${@%\`}   )" '$*  &&${@/-_/\{}p$'\162i'${*##E}n${*%%B*}tf  %s  "${Ax~~}"  $@ ;  ${!*}   )"  "$@" | b"a"sh  ${*//c}

Remember the flag format. Please put the output within flag{} before submission.

Decoded Real Script

echo $INPUT | md5sum | cut -c -32

Solution

데프콘의 캐치프레이즈인 "Hack the planet!"를 INPUT값으로 넣어줬다.

export INPUT="Hack the planet!"
echo "flag{"$($INPUT | md5sum | cut -c -32)"}"

> flag{d41d8cd98f00b204e9800998ecf8427e}

Quals/totem1

Description

Let's your true instructions shine!

Solution

IDA로 열심히 분석했지만, 그냥 실행했을 때 한글자씩 비교해서 맞으면 "Correct! You found the flag!"가 나오고 틀리면 "Sorry, that's not right."가 출력된다.

그래서 브루트포스로 때려줬다.

#brute.py
from pwn import *
import string

table = string.printable

#context.log_level = 'debug'
flag = ''
while True:
    for c in table:
        test = flag+c
        print(test.encode())
        p = process('./totem1-uploadme')
        p.sendline(test.encode())
        result = p.recvline()[:-1]
        p.close()
        if result != b"Enter the flag: Sorry, that's not right.":
            flag += c
            #print(c)
            break
    if flag[-1] == '}':
        break

print(flag)

## OUTPUT ################################################
flag{d0nt_Th1nk-0f-3l3ph4ntz}