One Article Review
| Source |  SkullSecurity |
|---|---|
| Identifiant | 8300178 |
| Date de publication | 2022-06-17 20:19:21 (vue: 2023-01-11 16:56:04) |
| Titre | BSidesSF 2022 Writeups: Game-y Challenges (Turtle, Guessme) |
| Texte | Hey folks, This is my (Ron's / iagox86's) author writeups for the BSides San Francisco 2022 CTF. You can get the full source code for everything on github. Most have either a Dockerfile or instructions on how to run locally. Enjoy! Here are the four BSidesSF CTF blogs: shurdles1/2/3, loadit1/2/3, polyglot, and not-for-taking mod_ctfauth, refreshing turtle, guessme loca, reallyprettymundane Turtle While discussing how we could appeal to current trends, I had the idea of making a challenge based on Wordle, called Turdle. My husband talked me out of "Turd", so we ended up with Turtle. I could swear growing up that we had a "game" called E-Z-Logic in elementary school, on the Apple ]['s we had. It was a graphical version of the logo programming language. You could move the little turtle around, and had to navigate mazes. I tried and failed to find a reference to it, so it may never have existed. Anyway, combining this mythical game and Wordle, I came up with an impossible Wordle clone: you move the turtle around, and have to match the directions/distances. The original "vulnerability" was supposed to be that you could submit future solutions, and I looked at using a broken RNG or something for future dates. But honestly, solving the current day was difficult enough that I really only had to do that. Ohwell. :) The vulnerability was in the 2-digit dates used to calculate the path. If you rewind by exactly 100 years, the solution is the same. So you just have to get the solution for 1922, and there ya go! Solution is here. Honestly, this challenge was like 5% writing a challenge, and 95% making it look pretty. I thought it was pretty cool, though. :) Guessme I had the idea that I wanted to make a challenge based on Base64 ambiguity. I've tweeted about it a couple times in the past year, because I thought it was interesting! The idea of [guessme[(https://github.com/BSidesSF/ctf-2022-release/tree/main/guessme) is that you're given a list of "clues" (which mean nothing), and you have one chance to guess the solution, which is checked using an encrypted base64-encoded token that the user also gets. If you guess wrong, you're sent the answer and it "blacklists" the encrypted token so you can't guess again. The problem is that base64 is ambiguous! Each base64 character represents six bits of binary data, so four base64 characters are 24 bits or three bytes. But five base64 characters represent 30 bits, or 3.5 bytes. Since you obviously can't have half of a byte, the last 4 bits are disregarded. If you change those bits, you can create a new encoding without changing the original data! My solution naively increments the final character until it works. Not the cleanest solution, but it works eventually! uity. I've tweeted about it a couple times in the past year, because I thought it was interesting! The idea of guessme is that you're given a list of |
| Envoyé | Oui |
| Condensat | 100 1922 2022 about again also ambiguity ambiguous and answer anyway appeal apple are around author base64 based because binary bits blacklists blogs: broken bsides bsidessf but byte bytes calculate called came can challenge challenges chance change changing character characters checked cleanest clone: clues code com/bsidessf/ctf combining cool could couple create ctf ctfauth current data dates day difficult digit directions/distances discussing disregarded dockerfile each either elementary encoded encoding encrypted ended enjoy enough eventually everything exactly existed failed final find five folks for four francisco full future game get gets github given graphical growing guess guessme had half have here hey honestly how https://github husband iagox86 idea impossible increments instructions interesting just language last like list little loadit1/2/3 loca locally logic logo look looked make making match may mazes mean mod most move mythical naively navigate never new not nothing obviously ohwell one only original out past path polyglot pretty problem programming really reallyprettymundane reference refreshing release/tree/main/guessme represent represents rewind rng ron run same san school sent shurdles1/2/3 since six solution solutions solving something source submit supposed swear taking talked that the there this those though thought three times token trends tried turd turdle turtle tweeted uity until used user using version vulnerability wanted was which while with without wordle works writeups writeups: writing wrong year years you |
| Tags | Vulnerability |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.