Merge remote-tracking branch 'remotes/origin/flags'

02febf41 · Grzegorz Pietrusza · d052c8fa · 80155626 · 02febf41 · 02febf41
Commit 02febf41 authored Apr 01, 2016 by Grzegorz Pietrusza
19 changed files
--- a/flags/PHP_1/Hkuas7VKk7/flag.txt
+++ b/flags/PHP_1/Hkuas7VKk7/flag.txt
+Już blisko ...
+<?php
+//AGH_{FLAGA}
--- a/flags/PHP_1/Hkuas7VKk7/site.txt
+++ b/flags/PHP_1/Hkuas7VKk7/site.txt
+1
--- a/flags/PHP_1/Hkuas7VKk7/site1.txt
+++ b/flags/PHP_1/Hkuas7VKk7/site1.txt
+1
--- a/flags/PHP_1/Hkuas7VKk7/site2.txt
+++ b/flags/PHP_1/Hkuas7VKk7/site2.txt
+2
--- a/flags/PHP_1/Hkuas7VKk7/site3.txt
+++ b/flags/PHP_1/Hkuas7VKk7/site3.txt
+3
--- a/flags/PHP_1/Hkuas7VKk7/site4.txt
+++ b/flags/PHP_1/Hkuas7VKk7/site4.txt
+4
--- a/flags/PHP_1/README.md
+++ b/flags/PHP_1/README.md
+php.ini:
+allow_url_include should be enabled
--- a/flags/PHP_1/index.php
+++ b/flags/PHP_1/index.php
+<?php
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+$flag = 'AGH_{FLAGA}';
+$site = filter_input(INPUT_GET, 'site');
+if(!$site){
+    $site='site';
+}
+$header = filter_input(INPUT_SERVER, 'HTTP_KYN');
+if($header !== 'test'){
+    echo "Nie masz tutaj wstępu...";
+    exit;
+}
+?>
+Witaj, masz tu parę linków :)<br />
+<a href="?site=site1">Strona 1</a> | 
+<a href="?site=site2">Strona 2</a> | 
+<a href="?site=site3">Strona 3</a> | 
+<a href="?site=site4">Strona 4</a> | 
+<br />
+<pre>
+<?php
+header("FLAG: {$flag}");
+chdir('Hkuas7VKk7');
+include_once "{$site}.txt";
+echo "<pre>";
+?>
+</pre>
\ No newline at end of file
--- a/flags/README.md
+++ b/flags/README.md
+taiga_46:
+  - depend
+  - Kodowania base64, rot13, rot47 w jednym skrypcie
+taiga_48:
+  - supereasy
+  - Zwykłe przekierowania w JS
+taiga_62:
+  - easy
+  - checksum (bruteforce)
+php_1:
+  - medium
+  - niestandardowy naglowek + remote file inclusion
--- a/flags/ecb.py
+++ b/flags/ecb.py
+#!/usr/bin/python
+# coding=utf-8
+flag = "AGH_{FLAGA}"
+text = "To jest przykładowy tekst!"
+flag_int = [ord(letter) for letter in flag]
+text_int = [ord(letter) for letter in text]
+for i in range(len(text_int) % len(flag_int)):
+  text_int.append(0)
+flag_int = len(text_int)/len(flag_int)*flag_int
+result = [chr(i^j) for i,j in zip(flag_int, text_int)]
+print "".join(result)
--- a/flags/substitution.py
+++ b/flags/substitution.py
+#!/usr/bin/python
+from random import shuffle
+alphabet = [i for i in 'QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm']
+keys = alphabet[:]
+shuffle(keys)
+cb = dict(zip(keys, alphabet))
+message = "Ahjo, tym razem masz do rozszyfrowania prosty szyfr podstawieniowy, elo, a flaga to AGH{PodstawSieANieDajSie}"
+result = ""
+for letter in message:
+  if letter in alphabet:
+    result += cb[letter]
+  else:
+    result += letter
+print result
--- a/flags/taiga_46.py
+++ b/flags/taiga_46.py
+from sys import argv
+from _codecs import encode
+from base64 import b64encode, b64decode
+import sys
+def a(string):
+    return encode(string, 'rot_13')
+def c(s):
+    x = []
+    for i in xrange(len(s)):
+        j = ord(s[i])
+        if j >= 33 and j <= 126:
+            x.append(chr(33 + ((j + 14) % 94)))
+        else:
+            x.append(s[i])
+    return ''.join(x)
+def b(string):
+    return b64encode(string)
+def d(string):
+    return b64decode(string)
+if len(argv) < 3:
+    print """Usage:
+python taiga_46.py <type> <text>
+    type:
+        - b     base64
+        - d     base64_decode (for testing)
+        - a     rot13
+        - c     rot47
+for example: python taiga46.py bbac test return rot47(rot13(base64(base64("test"))))
+"""
+    exit(0)
+text = " ".join(argv[2:])
+result = text
+for letter in argv[1]:
+    if letter == "a":
+        result = a(result)
+    elif letter == "b":
+        result = b(result)
+    elif letter == "c":
+        result = c(result)
+    elif letter == "d":
+        result = d(result)
+print result
--- a/flags/taiga_48.html
+++ b/flags/taiga_48.html
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Close all</title>
+    <script>
+        document.location.href="//google.pl";
+        flag = "AGH_{JuStGoogleIt}"
+    </script>
+</head>
+<body>
+</body>
+</html>
--- a/flags/taiga_62/copy.txt
+++ b/flags/taiga_62/copy.txt
+AGH_{8736510-132984639-76495612-15618703-7382}
--- a/flags/taiga_62/description.txt
+++ b/flags/taiga_62/description.txt
+Otrzymałeś wiadomość message.txt, niestety część wiadomosci jest nieczytelna i została oznaczona znakami '@'.
+Na szczęscie innym kanałem komunikacji otrzymałeś hash md5 wiadomości.
--- a/flags/taiga_62/generuj.py
+++ b/flags/taiga_62/generuj.py
+#!/usr/bin/python
+letters = [
+'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'
+]
+length = 4
+list = letters
+tmp_list = []
+def add_letter(list):
+  result = []
+  for text in list:
+    for letter in letters:
+      result.append(text+letter)
+  return result
+for i in range(length - 1):
+  list = add_letter(list);
+with open("slownik.txt", "wb") as f:
+  for element in list:
+    f.write(element+" ")
--- a/flags/taiga_62/md5sum.txt
+++ b/flags/taiga_62/md5sum.txt
+caaa589b1d9f8ff4fcd92ed575270553  message.txt
--- a/flags/taiga_62/message.txt
+++ b/flags/taiga_62/message.txt
+AGH_{8736510-132984639-76495612-15618703-@@@@}
--- a/flags/taiga_62/solve.sh
+++ b/flags/taiga_62/solve.sh
+#!/bin/bash
+python generuj.py
+cp message.txt message2.txt
+for i in `cat slownik.txt`;
+do cat message2.txt | replace '@@@@' $i > message.txt;
+md5sum -c md5sum.txt 2> /dev/null 1>/dev/null && cat message.txt;
+done;