diff --git a/20xx/description.md b/20xx/description.md index 198ef3b..cacfe15 100644 --- a/20xx/description.md +++ b/20xx/description.md @@ -1 +1 @@ -What is this file saying? Help me. +My friend sent me [this file](${20xx_dtm}) and told me to git gud. diff --git a/count.py b/count.py index 60f1ed1..efaa215 100644 --- a/count.py +++ b/count.py @@ -8,17 +8,20 @@ from collections import Counter problem_names = os.listdir(os.path.dirname(os.path.abspath(__file__))) problems = [] +failed = [] + for problem_name in problem_names: + folder = os.path.dirname(os.path.abspath(__file__)) + os.sep + problem_name + if not (os.path.exists(folder) and os.path.isdir(folder)): continue try: - metadata_file = os.path.dirname(os.path.abspath(__file__)) + os.sep + problem_name + os.sep + "problem.yml" + metadata_file = folder + os.sep + "problem.yml" with open(metadata_file, "r") as f: metadata_raw = f.read() metadata = yaml.load(metadata_raw) if "category" in metadata: problems.append(metadata) except: - pass - # print traceback.format_exc() + failed.append(problem_name) problems.sort(key=lambda p: p.get("value"), reverse=True) print("Grand Total: %d" % len(problems)) @@ -34,3 +37,8 @@ for category, count in categories: for problem in problems: if problem.get("category") != category: continue print(" %s %s %sp" % (problem.get("title") + " " * (maxtitle - len(problem.get("title"))), problem.get("author") + " " * (maxauthor - len(problem.get("author"))), problem.get("value"))) + +print("\nThe following problems failed to parse.") +for title in failed: + if title in [".git"]: continue + print(" %s" % title) \ No newline at end of file diff --git a/diffie-cult/description.md b/diffie-cult/description.md new file mode 100644 index 0000000..8a57654 --- /dev/null +++ b/diffie-cult/description.md @@ -0,0 +1 @@ +I just intercepted some odd [messages.txt](${messages_txt}). It appears to be a Diffie-hellman protocol, but my math isn't good enough to figure out what the final shared key is. Help! (The answer is a number. There is no `easyctf{}`) \ No newline at end of file diff --git a/diffie-cult/grader.py b/diffie-cult/grader.py new file mode 100644 index 0000000..abec8e0 --- /dev/null +++ b/diffie-cult/grader.py @@ -0,0 +1,4 @@ +def grade(autogen, answer): + if answer == ("906730649345"): + return True, "Correct!" + return False, "Nope, try again." diff --git a/diffie-cult/messages.txt b/diffie-cult/messages.txt new file mode 100644 index 0000000..f876bd6 --- /dev/null +++ b/diffie-cult/messages.txt @@ -0,0 +1,4 @@ +g^a mod p = 791868216278 +g^b mod p = 722955066776 + +p = 986314922069 diff --git a/diffie-cult/problem.yml b/diffie-cult/problem.yml new file mode 100644 index 0000000..c6d732a --- /dev/null +++ b/diffie-cult/problem.yml @@ -0,0 +1,9 @@ +title: Diffie-cult +author: arxenix +hint: Wikipedia explains Diffie-hellman pretty well. +category: Cryptography +autogen: false +programming: false +value: 140 +files: + - messages.txt diff --git a/doubly-dangerous/description.md b/doubly-dangerous/description.md new file mode 100644 index 0000000..e079ff4 --- /dev/null +++ b/doubly-dangerous/description.md @@ -0,0 +1 @@ +There seems to be an issue with this binary. Can you exploit it? View the problem in the shell server `/problems/doubly_dangerous` directory. diff --git a/doubly-dangerous/doubly_dangerous b/doubly-dangerous/doubly_dangerous new file mode 100644 index 0000000..52c2b9e Binary files /dev/null and b/doubly-dangerous/doubly_dangerous differ diff --git a/doubly-dangerous/doubly_dangerous.c b/doubly-dangerous/doubly_dangerous.c new file mode 100644 index 0000000..44e9af9 --- /dev/null +++ b/doubly-dangerous/doubly_dangerous.c @@ -0,0 +1,45 @@ +//compile with: +//gcc -m32 -std=c99 -Wall -fno-stack-protector doubly_dangerous.c -o doubly_dangerous + +//sol: input "A"*40+"\x00\x80\x34\x41" + +#define _GNU_SOURCE +#include +#include +#include +#include +#include + +void give_flag() { + FILE *f = fopen("flag.txt", "r"); + gid_t gid = getegid(); + setresgid(gid, gid, gid); + if (f != NULL) { + char c; + + while ((c = fgetc(f)) != EOF) { + putchar(c); + } + fclose(f); + } + else { + printf("Failed to open flag file!\n"); + } +} + +int main(int argc, char **argv){ + volatile float modified; + char buffer[64]; + + modified = 0; + printf("Give me a string: \n"); + gets(buffer); + + if (modified == 11.28125) { + printf("Success! Here is your flag:\n"); + give_flag(); + } + else { + printf("nope!\n"); + } +} diff --git a/doubly-dangerous/grader.py b/doubly-dangerous/grader.py new file mode 100644 index 0000000..981da52 --- /dev/null +++ b/doubly-dangerous/grader.py @@ -0,0 +1,4 @@ +def grade(random, key): + if key.find("bofs_and_floats_are_d0uble_tr0uble!") != -1: + return True, "Correct!" + return False, "Nope :(" diff --git a/doubly-dangerous/problem.yml b/doubly-dangerous/problem.yml new file mode 100644 index 0000000..7249e0a --- /dev/null +++ b/doubly-dangerous/problem.yml @@ -0,0 +1,9 @@ +title: Doubly Dangerous +author: arxenix +hint: How are floating-point numbers represented? +category: Binary Exploitation +autogen: false +programming: false +value: 110 +files: + - doubly_dangerous diff --git a/fizz-buzz-1/description.md b/fizz-buzz-1/description.md index 3eac10a..eda6cd1 100644 --- a/fizz-buzz-1/description.md +++ b/fizz-buzz-1/description.md @@ -1,9 +1,17 @@ -Write a program that outputs the numbers 1 through n, in incremental order, one per line. +Write a program that takes an integer `n` as input. -However, replace any line that is a multiple of 3 with "Fizz" and any that are a multiple of 5 with "Buzz". Any line that is a multiple of 3 and 5 should be written as "FizzBuzz". +Output the numbers 1 through `n`, in increasing order, one per line. + +However, replace any line that is a multiple of 3 with `Fizz` and any that are a multiple of 5 with `Buzz`. Any line that is a multiple of 3 and 5 should be written as `FizzBuzz`. The input will be the number of lines to write, n, followed by a linebreak. +Sample input: + +``` +17 +``` + Sample output: ``` @@ -12,14 +20,16 @@ Sample output: Fizz 4 Buzz - -... - +Fizz +7 +8 +Fizz +Buzz +11 +Fizz 13 14 FizzBuzz 16 17 - -... ``` \ No newline at end of file diff --git a/fizz-buzz-1/grader.py b/fizz-buzz-1/grader.py index d5a341a..4233db8 100644 --- a/fizz-buzz-1/grader.py +++ b/fizz-buzz-1/grader.py @@ -1,4 +1,12 @@ -def grade(random, key): - if key.find("PUT A NEW KEY HERE!!!!") != -1: - return True, "Correct!" - return False, "Nope." \ No newline at end of file +n = input() + +for i in range(1, n + 1): + if i % 3 == 0 and i % 5 == 0: + print 'FizzBuzz' + elif i % 3 == 0: + print 'Fizz' + elif i % 5 == 0: + print 'Buzz' + else: + print i + diff --git a/flip-my-letters/description.md b/flip-my-letters/description.md new file mode 100644 index 0000000..8b2dd29 --- /dev/null +++ b/flip-my-letters/description.md @@ -0,0 +1 @@ +I dropped my alphabet on its head, can you help me reassemble it? `easyctf{r_wlmg_vevm_mvvw_zm_zhxrr_gzyov}` \ No newline at end of file diff --git a/flip-my-letters/grader.py b/flip-my-letters/grader.py new file mode 100644 index 0000000..359bd41 --- /dev/null +++ b/flip-my-letters/grader.py @@ -0,0 +1,4 @@ +def grade(autogen, key): + if key.find("i_dont_even_need_an_ascii_table") != -1: + return True, "Correct!" + return False, "Nope!" diff --git a/flip-my-letters/problem.yml b/flip-my-letters/problem.yml new file mode 100644 index 0000000..196c69d --- /dev/null +++ b/flip-my-letters/problem.yml @@ -0,0 +1,8 @@ +author: GenericNickname +title: Flip My Letters +hint: What happens if you turn the alphabet upside down? +category: Cryptography +autogen: false +programming: false +value: 20 +files: diff --git a/hexable-autogen/char.inc b/hexable-autogen/char.inc new file mode 100644 index 0000000..024ef9f --- /dev/null +++ b/hexable-autogen/char.inc @@ -0,0 +1,84 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Character defines + NULL equ 0x00 + BELL equ 0x07 + BSPC equ 0x08 + TAB equ 0x09 + ENDL equ 0x0A + CRET equ 0x0D + + CHAR_0 equ 0x30 + CHAR_1 equ 0x31 + CHAR_2 equ 0x32 + CHAR_3 equ 0x33 + CHAR_4 equ 0x34 + CHAR_5 equ 0x35 + CHAR_6 equ 0x36 + CHAR_7 equ 0x37 + CHAR_8 equ 0x38 + CHAR_9 equ 0x39 + CHAR_A equ 0x41 + CHAR_B equ 0x42 + CHAR_C equ 0x43 + CHAR_D equ 0x44 + CHAR_E equ 0x45 + CHAR_F equ 0x46 + CHAR_G equ 0x47 + CHAR_H equ 0x48 + CHAR_I equ 0x49 + CHAR_J equ 0x4a + CHAR_K equ 0x4b + CHAR_L equ 0x4c + CHAR_M equ 0x4d + CHAR_N equ 0x4e + CHAR_O equ 0x4f + CHAR_P equ 0x50 + CHAR_Q equ 0x51 + CHAR_R equ 0x52 + CHAR_S equ 0x53 + CHAR_T equ 0x54 + CHAR_U equ 0x55 + CHAR_V equ 0x56 + CHAR_W equ 0x57 + CHAR_X equ 0x58 + CHAR_Y equ 0x59 + CHAR_Z equ 0x5a + CHAR_a equ 0x61 + CHAR_b equ 0x62 + CHAR_c equ 0x63 + CHAR_d equ 0x64 + CHAR_e equ 0x65 + CHAR_f equ 0x66 + CHAR_g equ 0x67 + CHAR_h equ 0x68 + CHAR_i equ 0x69 + CHAR_j equ 0x6a + CHAR_k equ 0x6b + CHAR_l equ 0x6c + CHAR_m equ 0x6d + CHAR_n equ 0x6e + CHAR_o equ 0x6f + CHAR_p equ 0x70 + CHAR_q equ 0x71 + CHAR_r equ 0x72 + CHAR_s equ 0x73 + CHAR_t equ 0x74 + CHAR_u equ 0x75 + CHAR_v equ 0x76 + CHAR_w equ 0x77 + CHAR_x equ 0x78 + CHAR_y equ 0x79 + CHAR_z equ 0x7a +;;;;;;;;;;;;;;;;;;;;;;;;;;; + +macro resv c_size +{ + db c_size dup (0) +} + +macro resv_stuff c_size +{ + repeat c_size + db % and 0xff + end repeat +} diff --git a/hexable-autogen/description.md b/hexable-autogen/description.md new file mode 100644 index 0000000..5030dfb --- /dev/null +++ b/hexable-autogen/description.md @@ -0,0 +1,2 @@ +I tried to hide a flag sneakily, can you find it? +[Download](${hexable}) \ No newline at end of file diff --git a/hexable-autogen/elf.inc b/hexable-autogen/elf.inc new file mode 100644 index 0000000..c19743a --- /dev/null +++ b/hexable-autogen/elf.inc @@ -0,0 +1,45 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; ELF header for stuff + + RLIMIT_AS equ 0x09 + +macro reserve name,size +{ + name db 0 + repeat size-1 + db 0 + end repeat +} + +macro print message +{ + mov eax, message +@@: + cmp byte [eax], 0 + jz @f + inc eax + jmp @b +@@: + mov edx, eax + sub edx, message + mov eax, 4 + mov ebx, 1 + mov ecx, message + int 0x80 +} + +macro read out_buff, cnt +{ + mov ebx, 0 + mov eax, 3 + mov ecx, out_buff + mov edx, cnt + int 0x80 +} + +macro exit exitcode +{ + mov ebx, exitcode + mov eax, 1 + int 0x80 +} diff --git a/hexable-autogen/grader.py b/hexable-autogen/grader.py new file mode 100644 index 0000000..a8243e9 --- /dev/null +++ b/hexable-autogen/grader.py @@ -0,0 +1,22 @@ +from cStringIO import StringIO + +def gen_flag(random, length): + x = '' + for i in range(0, length): + x += random.choice(list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQSTUVWXYZ0123456789')) + return x + + +def grade(random, key): + if key.find(gen_flag(random, 14)) != -1: + return True, "Correct!" + return False, "Nope." + + +def generate(random): + dat = b'\x7fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00\x01\x00\x00\x00\x91\x80\x04\x084\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004\x00 \x00\x02\x00(\x00\x00\x00\x00\x00\x01\x00\x00\x00t\x00\x00\x00t\x80\x04\x08t\x80\x04\x08G\x00\x00\x00G\x00\x00\x00\x07\x00\x00\x00\x00\x10\x00\x00\x01\x00\x00\x00\xbb\x00\x00\x00\xbb\x90\x04\x08\xbb\x90\x04\x080\x00\x00\x000\x00\x00\x00\x06\x00\x00\x00\x00\x10\x00\x00\x89\xc8\x808\x00t\x03@\xeb\xf8\x89\xc2)\xca\xb8\x04\x00\x00\x00\xbb\x01\x00\x00\x00\x89\xc9\xcd\x80\xc3\xb9\xbb\x90\x04\x08\xe8\xd9\xff\xff\xff\xbb\x00\x00\x00\x00\xb8\x01\x00\x00\x00\xcd\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Can you find the flag?\n\x00easyctf{abcdef__123456}\x00' + output = bytearray(dat[:0xdb]) + flag = gen_flag(random, 14) + output.extend(flag.encode('utf-8')) + output.extend(dat[0xdb + 14:]) + return dict(files={"hexable": (lambda r: StringIO(output))}) diff --git a/hexable-autogen/hexable b/hexable-autogen/hexable new file mode 100644 index 0000000..22538c2 Binary files /dev/null and b/hexable-autogen/hexable differ diff --git a/hexable-autogen/hexable.asm b/hexable-autogen/hexable.asm new file mode 100644 index 0000000..8e6d54b --- /dev/null +++ b/hexable-autogen/hexable.asm @@ -0,0 +1,35 @@ +format ELF executable 3 +entry start + +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Buffer macros + BUFF_SIZE equ 32 +;;;;;;;;;;;;;;;;;;;;;;;;;;; + +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Includes of macros +include 'elf.inc' +include 'char.inc' +;;;;;;;;;;;;;;;;;;;;;;;;;;; + +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Code +segment executable writeable readable +put: + print ecx + ret + +start: + mov ecx, msg + call put + exit 0 +reserve no_code,20 +;;;;;;;;;;;;;;;;;;;;;;;;;;; + +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Data +segment readable writeable +msg db 'Can you find the flag?',ENDL,0 +flag db 'easyctf{abcdef__123456}' +reserve temp,1 +;;;;;;;;;;;;;;;;;;;;;;;;;;; diff --git a/hexable-autogen/problem.yml b/hexable-autogen/problem.yml new file mode 100644 index 0000000..06176b6 --- /dev/null +++ b/hexable-autogen/problem.yml @@ -0,0 +1,6 @@ +title: Hexable +category: Reverse Engineering +value: 25 +author: r3ndom +autogen: true +hint: Try using a hex editor. \ No newline at end of file diff --git a/hexable-autogen/simple_gen.py b/hexable-autogen/simple_gen.py new file mode 100644 index 0000000..aaaf618 --- /dev/null +++ b/hexable-autogen/simple_gen.py @@ -0,0 +1,19 @@ +import random + +dat = b'\x7fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00\x01\x00\x00\x00\x91\x80\x04\x084\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004\x00 \x00\x02\x00(\x00\x00\x00\x00\x00\x01\x00\x00\x00t\x00\x00\x00t\x80\x04\x08t\x80\x04\x08G\x00\x00\x00G\x00\x00\x00\x07\x00\x00\x00\x00\x10\x00\x00\x01\x00\x00\x00\xbb\x00\x00\x00\xbb\x90\x04\x08\xbb\x90\x04\x080\x00\x00\x000\x00\x00\x00\x06\x00\x00\x00\x00\x10\x00\x00\x89\xc8\x808\x00t\x03@\xeb\xf8\x89\xc2)\xca\xb8\x04\x00\x00\x00\xbb\x01\x00\x00\x00\x89\xc9\xcd\x80\xc3\xb9\xbb\x90\x04\x08\xe8\xd9\xff\xff\xff\xbb\x00\x00\x00\x00\xb8\x01\x00\x00\x00\xcd\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Can you find the flag?\n\x00easyctf{abcdef__123456}\x00' + +def gen_flag(length): + x = '' + for i in range(0,length): + x += random.choice(list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQSTUVWXYZ0123456789')) + return x + +output = bytearray(dat[:0xdb]) +flag = gen_flag(14) +output.extend(flag.encode('utf-8')) +output.extend(dat[0xdb+14:]) + +print(output) +#o = open(flag, 'wb') +#o.write(output) +#o.close() diff --git a/hexable-autogen/std.inc b/hexable-autogen/std.inc new file mode 100644 index 0000000..4e57c54 --- /dev/null +++ b/hexable-autogen/std.inc @@ -0,0 +1,32 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Standard Includes of my +; code +include 'char.inc' + +;;;;;;;;;;;;;;;;;;;;;;;;;;; +; File descriptor macros + STDIN equ 0 + STDOUT equ 1 + STDERR equ 2 +;;;;;;;;;;;;;;;;;;;;;;;;;;; + + +; Standard prologue of a function +macro prologue +{ + push ebp + mov ebp, esp +} + +; Standard epilogue of a function +macro epilogue +{ + mov esp, ebp + pop ebp +} + +; Allocates space on the stack for something +macro local_alloc size +{ + sub esp,size +} \ No newline at end of file diff --git a/injection1/description.md b/injection1/description.md new file mode 100644 index 0000000..515a1bf --- /dev/null +++ b/injection1/description.md @@ -0,0 +1 @@ +I need help logging into this [website](https://injection1.web.easyctf.com) to get my flag! If it helps, my username is `admin`. \ No newline at end of file diff --git a/injection1/grader.py b/injection1/grader.py new file mode 100644 index 0000000..e05ce83 --- /dev/null +++ b/injection1/grader.py @@ -0,0 +1,4 @@ +def grade(autogen, key): + if key.find("a_prepared_statement_a_day_keeps_the_d0ctor_away!") != -1: + return True, "You got it!" + return False, "Nope. Keep poking around." diff --git a/injection1/problem.yml b/injection1/problem.yml new file mode 100644 index 0000000..22c9b0a --- /dev/null +++ b/injection1/problem.yml @@ -0,0 +1,7 @@ +author: mzhang +title: SQL Injection 1 +hint: What does "injection" mean? How can you "inject" code into your username to control the username lookup? +category: Web +autogen: false +programming: false +value: 100 diff --git a/library/description.md b/library/description.md index 1bab618..8d975aa 100644 --- a/library/description.md +++ b/library/description.md @@ -2,10 +2,10 @@ Your librarian has a 2-row bookshelf that can contain N books in each row. She w Input: the integer, N (1<=N<=2^1024) -Output: the number of ways you can place red-colored books and blue-colored books onto the bookshelf. Since this number might be really big, output it mod 10^9+7. +Output: the number of ways you can place red-colored books and blue-colored books onto a N-column bookshelf. Since this number might be really big, output it mod 10^9+7. Example: -Input: 3 +Input: 2 Your valid bookshelf layouts are: ``` diff --git a/library/generator.py b/library/generator.py new file mode 100644 index 0000000..ea66ed5 --- /dev/null +++ b/library/generator.py @@ -0,0 +1,11 @@ +import random +C = input() + +if C==1: + print 1 +elif C==2: + print 2 +elif C==3 or C==4: + print random.randint(3, 100) +else: + print random.randint(2**(C**3-1), 2**(C**3)) diff --git a/library/grader.py b/library/grader.py new file mode 100644 index 0000000..2d88fe4 --- /dev/null +++ b/library/grader.py @@ -0,0 +1,45 @@ +# Very easy problem. Compute a few values w/ brute force or something, then check OEIS. +# Part of: https://oeis.org/A001333 +# Tells us: f(n) = (1/4) * Trace( [[0,0,1,0],[0,1,0,1],[1,0,2,0],[0,2,0,1]] ) +# just write a program to compute this quickly +# this sol takes something like ~O(log n) i think? + +x = input() + 1 + +mat = [[0,0,1,0],[0,1,0,1],[1,0,2,0],[0,2,0,1]] +mod = 10**9+7 + +def egcd(a, b): + if a == 0: + return (b, 0, 1) + else: + g, y, x = egcd(b % a, a) + return (g, x - (b // a) * y, y) + +def modinv(a, m): + g, x, y = egcd(a, m) + if g != 1: + raise Exception('modular inverse does not exist') + else: + return x % m + +def matmult(mtx_a, mtx_b, mod): + tpos_b = zip( *mtx_b) + rtn = [[ sum( ea*eb for ea,eb in zip(a,b))%mod for b in tpos_b] for a in mtx_a] + return rtn + +def trace(A): + return sum(A[j][j] for j in range(len(A))) + +def matpow(A, p): + ret = A + for bit in bin(p)[3:]: + ret = matmult(ret, ret, mod) + if bit=='1': + ret = matmult(ret, A, mod) + return ret + +inv4 = modinv(4, mod) +ans = trace(matpow(mat, x))%mod +ans = (ans * inv4)% mod +print ans diff --git a/library/problem.yml b/library/problem.yml new file mode 100644 index 0000000..b093837 --- /dev/null +++ b/library/problem.yml @@ -0,0 +1,10 @@ +author: arxenix +title: library +category: Programming +autogen: false +programming: true +value: 175 + +test_cases: 10 +time_limit: 1000 +memory_limit: 256000 diff --git a/library2/description.md b/library2/description.md index 9e733f0..dbc3c9d 100644 --- a/library2/description.md +++ b/library2/description.md @@ -3,6 +3,7 @@ Your librarian is back again with another challenge for you. She recently acquir Input: ``` +N (number of words in the dictionary) word1: list of words in word1 definition word2: list of words in word2 definition ... etc @@ -17,6 +18,7 @@ Ex: Input: ``` +5 arggiq: blah iz yiq blah: ok iz: ok blah @@ -28,3 +30,7 @@ Output: ``` 1 ``` + +Explanation: + +If you understand the word 'ok', you can understand the word 'blah'. If you understand 'ok' and 'blah', you can understand 'iz'. 'iz', and 'ok' lets you understand 'yiq'. 'yiq', 'iz', and 'blah' let you understand 'arggiq'. diff --git a/library2/grader.py b/library2/grader.py new file mode 100644 index 0000000..463962b --- /dev/null +++ b/library2/grader.py @@ -0,0 +1,112 @@ +N = input() +dictionary = {} +word_idx = {} +for i in range(N): + line = raw_input() + sp = line.split(": ") + word = sp[0] + defn = sp[1].split(" ") + dictionary[word] = defn + word_idx[word] = i +#print dictionary + +graph = {} #adj-list graph of word dependencies +for i in range(N): + graph[i] = [] +for word in dictionary: + idx = word_idx[word] + for dword in dictionary[word]: + toidx = word_idx[dword] + graph[idx].append(toidx) + +#print graph + + +index = 0 + +components = [] +S = [] +v_index = {} +v_lowlink = {} +v_onStack = {} +def strongConnect(v): + global index + global components + global S + global v_index + global v_lowlink + global v_onStack + + v_index[v] = index + v_lowlink[v] = index + index += 1 + S.append(v) + v_onStack[v] = True + + # for edges of V + for w in graph[v]: + if w not in v_index: + strongConnect(w) + v_lowlink[v] = min(v_lowlink[v], v_lowlink[w]) + elif v_onStack[w]: + v_lowlink[v] = min(v_lowlink[v], v_lowlink[w]) + + if v_lowlink[v] == v_index[v]: + component = [] + while True: + w = S.pop() + v_onStack[w] = False + component.append(w) + if w==v: + break + components.append(component) +def SCC(graph): + global index + global components + global S + global v_index + global v_lowlink + global v_onStack + + index = 0 + components = [] + S = [] + v_index = {} + v_lowlink = {} + v_onStack = {} + for v in graph: + if v not in v_index: + strongConnect(v) + return components + + +comps = SCC(graph) +#print comps +newnodemap = {} +for idx in range(len(comps)): + comp = comps[idx] + for node in comp: + newnodemap[node] = idx + +newgraph = {} + +for idx in range(len(comps)): + comp = comps[idx] + outgoing = set([]) + for node in comp: + nodeout = graph[node] + newnodeout = set([]) + for no in nodeout: + newnodeout.add(newnodemap[no]) + outgoing = outgoing.union(newnodeout) + outgoing.discard(idx) + newgraph[idx] = list(outgoing) +#print newgraph +# count number of nodes with no incoming edges + +ans = 0 +for node in newgraph: + if len(newgraph[node])==0: + ans += 1 + +print ans diff --git a/listen-closely/description.md b/listen-closely/description.md index 4363f1a..3b4a510 100644 --- a/listen-closely/description.md +++ b/listen-closely/description.md @@ -1 +1 @@ -We intercepted a secret message, but we can't tell what it's saying. Maybe you can help? [super secret message](${listenclosely_wav})? \ No newline at end of file +We intercepted a secret message, but we can't tell what it's saying. Maybe you can help? [super secret message](${listenclosely_wav}) \ No newline at end of file diff --git a/listen-closely/problem.yml b/listen-closely/problem.yml index 051ef0d..85e8766 100644 --- a/listen-closely/problem.yml +++ b/listen-closely/problem.yml @@ -4,6 +4,6 @@ hint: 1, 16, 8000 category: Cryptography autogen: false programming: false -value: 300 +value: 200 files: - listenclosely.wav diff --git a/match-me/problem.yml b/match-me/problem.yml index bf9854d..b62bd80 100644 --- a/match-me/problem.yml +++ b/match-me/problem.yml @@ -1,10 +1,10 @@ author: GenericNickname title: Match Me hint: This is a fairly well-known graph problem, there's probably some sort of internet source on it. -category: Algorithms +category: Programming autogen: false programming: false -value: 400 +value: 300 files: - female_prefs.txt - male_prefs.txt diff --git a/r3ndom-67k/problem.yml b/r3ndom-67k/problem.yml index 4c35b24..7428123 100644 --- a/r3ndom-67k/problem.yml +++ b/r3ndom-67k/problem.yml @@ -3,5 +3,6 @@ category: Reverse Engineering value: 450 author: r3ndom autogen: false +hint: Maybe write a script. files: - _67k.zip \ No newline at end of file diff --git a/risky-business/casino b/risky-business/casino new file mode 100644 index 0000000..7cda6be Binary files /dev/null and b/risky-business/casino differ diff --git a/risky-business/description.md b/risky-business/description.md new file mode 100644 index 0000000..fb18b16 --- /dev/null +++ b/risky-business/description.md @@ -0,0 +1,3 @@ +We wanted to branch into the casino business, but human employees are too expensive so we decided to automate it. I feel like we missed something obvious though... Oh well! Here's the binary: [casino](${casino}) + +Solve this problem by logging into the shell server and navigating to `/problems/casino`. \ No newline at end of file diff --git a/risky-business/flag.txt b/risky-business/flag.txt new file mode 100644 index 0000000..a32695c --- /dev/null +++ b/risky-business/flag.txt @@ -0,0 +1 @@ +easyctf{m4by3_w3_c0u1d_h4v3_d0n3_th47_b3t7er} \ No newline at end of file diff --git a/risky-business/grader.py b/risky-business/grader.py new file mode 100644 index 0000000..3b92c76 --- /dev/null +++ b/risky-business/grader.py @@ -0,0 +1,4 @@ +def grade(autogen, key): + if key.find("m4by3_w3_c0u1d_h4v3_d0n3_th47_b3t7er") != -1: + return True, "Correct!" + return False, "Nope!" diff --git a/risky-business/main.cpp b/risky-business/main.cpp new file mode 100644 index 0000000..aba1945 --- /dev/null +++ b/risky-business/main.cpp @@ -0,0 +1,75 @@ +#include +#include +#include +#include + + +bool gamble() +{ + if (rand() % 5 == 0) + { + return true; + } + return false; +} + +void printflag() +{ + std::cout << "Welcome to our exclusive club!" << std::endl; + std::ifstream flagI("flag.txt"); + std::string flag; + getline(flagI, flag); + flagI.close(); + std::cout << "Here's our special flag: " << flag << std::endl; +} + + +int networth = 100000; +int main() +{ + std::cout << "Welcome to the EasyCTF 2017 Casino" << std::endl; + std::cout << "Try your luck and gain access to our exclusive club!" << std::endl; + while (true) + { + std::cout << std::endl; + std::cout << "Your net worth is: $" << networth << std::endl; + if (networth > 2000000000) + { + printflag(); + break; + } + std::cout << "Please enter how much you would like to bet:" << std::endl; + std::string tmp; + getline(std::cin, tmp); + std::stringstream s(tmp); + int inp; + s >> inp; + if (!s.eof() || s.fail()) + { + std::cout << "That was not a valid number :("; + continue; + } + if (inp <= 0) + { + std::cout << "You must bet a positive amount" << std::endl; + continue; + } + if (inp > 100000000) + { + std::cout << "Sorry, the most we can allow you to bet is $100,000,000" << std::endl; + continue; + } + if (!gamble()) + { + std::cout << "Sorry, I'm afraid you've lost :(" << std::endl; + networth -= inp; + } + else + { + std::cout << "Congratulations, you won!" << std::endl; + networth += inp; + } + + } + return 0; +} \ No newline at end of file diff --git a/risky-business/problem.yml b/risky-business/problem.yml new file mode 100644 index 0000000..b9f93b6 --- /dev/null +++ b/risky-business/problem.yml @@ -0,0 +1,9 @@ +author: GenericNickname +title: Risky Business +hint: I wonder how you could make a lot of money... +category: Binary Exploitation +autogen: false +programming: false +value: 100 +files: + - casino diff --git a/rsa1/grader.py b/rsa1/grader.py index 4f42f65..642dece 100644 --- a/rsa1/grader.py +++ b/rsa1/grader.py @@ -39,7 +39,7 @@ def generate_ciphertext(random): def generate(random): return dict(files={ - "ciphertext_rsa1.txt": generate_ciphertext + "ciphertext.txt": generate_ciphertext }) def grade(random, key): diff --git a/rsa1/problem.yml b/rsa1/problem.yml index d2e137c..37677a5 100644 --- a/rsa1/problem.yml +++ b/rsa1/problem.yml @@ -4,4 +4,4 @@ hint: Go google RSA if you're stuck. category: Cryptography autogen: true programming: false -value: 25 \ No newline at end of file +value: 50 \ No newline at end of file diff --git a/rsa2/grader.py b/rsa2/grader.py index bca12b2..6afccaf 100644 --- a/rsa2/grader.py +++ b/rsa2/grader.py @@ -38,7 +38,7 @@ def generate_ciphertext(random): def generate(random): return dict(files={ - "ciphertext_rsa2.txt": generate_ciphertext + "ciphertext.txt": generate_ciphertext }) def grade(random, key): diff --git a/rsa2/problem.yml b/rsa2/problem.yml index e9fb2d1..c7783da 100644 --- a/rsa2/problem.yml +++ b/rsa2/problem.yml @@ -4,4 +4,4 @@ hint: It's like RSA 1 but harder. Have fun! category: Cryptography autogen: true programming: false -value: 35 \ No newline at end of file +value: 80 \ No newline at end of file diff --git a/rsa3/description.md b/rsa3/description.md index c61c847..a01623f 100644 --- a/rsa3/description.md +++ b/rsa3/description.md @@ -1,5 +1 @@ -<<<<<<< HEAD -I found somebody's notes on their private RSA! Help me crack [this](${ciphertext_txt}). -======= -We came across another [message]($rsa3) that follows the same cryptographic schema as those other Really Scary Admin messages. Take a look and see if you can crack it. ->>>>>>> 93577ddee37a489cf0aa1a4b987d23a3bc3d2657 +We came across another [message]($rsa3) that follows the same cryptographic schema as those other RSA messages. Take a look and see if you can crack it. diff --git a/rsa3/grader.py b/rsa3/grader.py index 4f6a800..e9ca30f 100644 --- a/rsa3/grader.py +++ b/rsa3/grader.py @@ -1,56 +1,4 @@ -<<<<<<< HEAD -from cStringIO import StringIO - -flag = "wh3n_y0u_h4ve_p&q_RSA_iz_ez" - -def modx(base,exp,mod): - r = 1; - while (exp > 0): - if (exp % 2 == 1): - r = (r * base) % mod - base = (base * base) % mod - exp = exp/2 - return r - -def probprime(s): - if s%2==0: - s += 1 - smolprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97] - while len(set([modx(i,s-1,s) for i in smolprimes])) != 1 or modx(2,s-1,s) != 1: - s+=2 - return(s) - -def get_problem(random): - # add Probable Prime function later - p = probprime(random.randint(3*10**79,4*10**79)) - q = probprime(random.randint(3*10**79,4*10**79)) - e = 3 - salt = "".join([random.choice("0123456789abcdef") for i in range(8)]) - return (p, q, e, salt) - -def generate_ciphertext(random): - p, q, e, salt = get_problem(random) - encoded = int(("easyctf{%s_%s}" % (flag, salt)).encode('hex'),16) - ciphertext = 'p: '+str(p)+'\n' - ciphertext += 'q: '+str(q)+'\n' - ciphertext += 'e: '+str(e)+'\n' - ciphertext += 'c: '+str(pow(encoded, e, p*q))+'\n' - - return StringIO(ciphertext) - -def generate(random): - return dict(files={ - "ciphertext_rsa1.txt": generate_ciphertext - }) - -def grade(random, key): - n, salt = get_problem(random) - if key.find("%s_%s" % (flag, salt)) >= 0: - return True, "Correct!" - return False, "Nope." -======= def grade(autogen, key): if key.find("tw0_v3ry_merrry_tw1n_pr1m35!!_417c0d") != -1: return True, "Really Superb! Applause!" return False, "RIP" ->>>>>>> 93577ddee37a489cf0aa1a4b987d23a3bc3d2657 diff --git a/rsa3/problem.yml b/rsa3/problem.yml index 8ff5a4d..10bc296 100644 --- a/rsa3/problem.yml +++ b/rsa3/problem.yml @@ -1,19 +1,9 @@ -<<<<<<< HEAD -title: RSA 1 -author: neptunia -hint: Go google RSA if you're stuck. -category: Cryptography -autogen: true -programming: false -value: 25 -======= author: blockingthesky title: RSA 3 hint: You might want to read up on how RSA works. category: Cryptography autogen: false programming: false -value: 70 +value: 135 files: - rsa3 ->>>>>>> 93577ddee37a489cf0aa1a4b987d23a3bc3d2657 diff --git a/rsa4/description.md b/rsa4/description.md deleted file mode 100644 index 2d61669..0000000 --- a/rsa4/description.md +++ /dev/null @@ -1 +0,0 @@ -We came across another [message]($rsa4) that follows the same cryptographic schema as those other RSA messages. Take a look and see if you can crack it. \ No newline at end of file diff --git a/rsa4/description.md.BACKUP.137.md b/rsa4/description.md.BACKUP.137.md deleted file mode 100644 index 68f5e9f..0000000 --- a/rsa4/description.md.BACKUP.137.md +++ /dev/null @@ -1,8 +0,0 @@ -<<<<<<< HEAD -<<<<<<< HEAD -I found somebody's notes on their private RSA! Help me crack [this](${ciphertext_txt}). -======= -We came across another [message]($rsa3) that follows the same cryptographic schema as those other Really Scary Admin messages. Take a look and see if you can crack it. ->>>>>>> 93577ddee37a489cf0aa1a4b987d23a3bc3d2657 -======= ->>>>>>> f9a58afef003d40f3ada9c1645eda26363521cf3 diff --git a/rsa4/description.md.BACKUP.20.md b/rsa4/description.md.BACKUP.20.md deleted file mode 100644 index 68f5e9f..0000000 --- a/rsa4/description.md.BACKUP.20.md +++ /dev/null @@ -1,8 +0,0 @@ -<<<<<<< HEAD -<<<<<<< HEAD -I found somebody's notes on their private RSA! Help me crack [this](${ciphertext_txt}). -======= -We came across another [message]($rsa3) that follows the same cryptographic schema as those other Really Scary Admin messages. Take a look and see if you can crack it. ->>>>>>> 93577ddee37a489cf0aa1a4b987d23a3bc3d2657 -======= ->>>>>>> f9a58afef003d40f3ada9c1645eda26363521cf3 diff --git a/rsa4/description.md.BASE.137.md b/rsa4/description.md.BASE.137.md deleted file mode 100644 index 6f6a960..0000000 --- a/rsa4/description.md.BASE.137.md +++ /dev/null @@ -1 +0,0 @@ -We came across another [message]($rsa3) that follows the same cryptographic schema as those other Really Scary Admin messages. Take a look and see if you can crack it. \ No newline at end of file diff --git a/rsa4/description.md.BASE.20.md b/rsa4/description.md.BASE.20.md deleted file mode 100644 index 6f6a960..0000000 --- a/rsa4/description.md.BASE.20.md +++ /dev/null @@ -1 +0,0 @@ -We came across another [message]($rsa3) that follows the same cryptographic schema as those other Really Scary Admin messages. Take a look and see if you can crack it. \ No newline at end of file diff --git a/rsa4/description.md.LOCAL.137.md b/rsa4/description.md.LOCAL.137.md deleted file mode 100644 index c61c847..0000000 --- a/rsa4/description.md.LOCAL.137.md +++ /dev/null @@ -1,5 +0,0 @@ -<<<<<<< HEAD -I found somebody's notes on their private RSA! Help me crack [this](${ciphertext_txt}). -======= -We came across another [message]($rsa3) that follows the same cryptographic schema as those other Really Scary Admin messages. Take a look and see if you can crack it. ->>>>>>> 93577ddee37a489cf0aa1a4b987d23a3bc3d2657 diff --git a/rsa4/description.md.LOCAL.20.md b/rsa4/description.md.LOCAL.20.md deleted file mode 100644 index c61c847..0000000 --- a/rsa4/description.md.LOCAL.20.md +++ /dev/null @@ -1,5 +0,0 @@ -<<<<<<< HEAD -I found somebody's notes on their private RSA! Help me crack [this](${ciphertext_txt}). -======= -We came across another [message]($rsa3) that follows the same cryptographic schema as those other Really Scary Admin messages. Take a look and see if you can crack it. ->>>>>>> 93577ddee37a489cf0aa1a4b987d23a3bc3d2657 diff --git a/rsa4/description.md.REMOTE.137.md b/rsa4/description.md.REMOTE.137.md deleted file mode 100644 index e69de29..0000000 diff --git a/rsa4/description.md.REMOTE.20.md b/rsa4/description.md.REMOTE.20.md deleted file mode 100644 index e69de29..0000000 diff --git a/rsa4/grader.py b/rsa4/grader.py deleted file mode 100644 index e9ca30f..0000000 --- a/rsa4/grader.py +++ /dev/null @@ -1,4 +0,0 @@ -def grade(autogen, key): - if key.find("tw0_v3ry_merrry_tw1n_pr1m35!!_417c0d") != -1: - return True, "Really Superb! Applause!" - return False, "RIP" diff --git a/rsa4/problem.yml b/rsa4/problem.yml deleted file mode 100644 index 17fc9de..0000000 --- a/rsa4/problem.yml +++ /dev/null @@ -1,9 +0,0 @@ -author: blockingthesky -title: RSA 4 -hint: You might want to read up on how RSA works. -category: Cryptography -autogen: false -programming: false -value: 130 -files: - - rsa3 diff --git a/rsa4/rsa3 b/rsa4/rsa3 deleted file mode 100644 index bda7c13..0000000 --- a/rsa4/rsa3 +++ /dev/null @@ -1,2 +0,0 @@ -{N : e : c} -{0x27335d21ca51432fa000ddf9e81f630314a0ef2e35d81a839584c5a7356b94934630ebfc2ef9c55b111e8c373f2db66ca3be0c0818b1d4eda7d53c1bd0067f66a12897099b5e322d85a8da45b72b828813af23L : 0x10001 : 0x9b9c138e0d473b6e6cf44acfa3becb358b91d0ba9bfb37bf11effcebf9e0fe4a86439e8217819c273ea5c1c5acfd70147533aa550aa70f2e07cc98be1a1b0ea36c0738d1c994c50b1bd633e3873fc0cb377e7L} \ No newline at end of file diff --git a/rsa4/rsa4 b/rsa4/rsa4 deleted file mode 100644 index bda7c13..0000000 --- a/rsa4/rsa4 +++ /dev/null @@ -1,2 +0,0 @@ -{N : e : c} -{0x27335d21ca51432fa000ddf9e81f630314a0ef2e35d81a839584c5a7356b94934630ebfc2ef9c55b111e8c373f2db66ca3be0c0818b1d4eda7d53c1bd0067f66a12897099b5e322d85a8da45b72b828813af23L : 0x10001 : 0x9b9c138e0d473b6e6cf44acfa3becb358b91d0ba9bfb37bf11effcebf9e0fe4a86439e8217819c273ea5c1c5acfd70147533aa550aa70f2e07cc98be1a1b0ea36c0738d1c994c50b1bd633e3873fc0cb377e7L} \ No newline at end of file diff --git a/self-modifier/b0.bin b/self-modifier/b0.bin new file mode 100644 index 0000000..3014467 Binary files /dev/null and b/self-modifier/b0.bin differ diff --git a/self-modifier/b1.bin b/self-modifier/b1.bin new file mode 100644 index 0000000..21c4f15 Binary files /dev/null and b/self-modifier/b1.bin differ diff --git a/self-modifier/b2.bin b/self-modifier/b2.bin new file mode 100644 index 0000000..7da73a6 Binary files /dev/null and b/self-modifier/b2.bin differ diff --git a/self-modifier/b3.bin b/self-modifier/b3.bin new file mode 100644 index 0000000..2269674 Binary files /dev/null and b/self-modifier/b3.bin differ diff --git a/self-modifier/b4.bin b/self-modifier/b4.bin new file mode 100644 index 0000000..52ab988 --- /dev/null +++ b/self-modifier/b4.bin @@ -0,0 +1 @@ +w;$n6i2*lu e5ry i riZ?{ hp00$ flgk5.NÓ)WLL$rr] U)xrLOM\(l%w8trrq"j9M889:<=>GGGiHqJKLNOP%Y\_μZ[\bcdghiklmb`. +On the shell there is a folder `/problems/simple-rop`. + Read flag.txt -[Source](${simple-rop.c}) \ No newline at end of file + +[Source](${simple_rop_c}) \ No newline at end of file diff --git a/things-add-up/problem.yml b/things-add-up/problem.yml index 02eefe1..5111e51 100644 --- a/things-add-up/problem.yml +++ b/things-add-up/problem.yml @@ -5,6 +5,7 @@ autogen: false programming: true value: 15 +grader_language: python test_cases: 10 time_limit: 1000 memory_limit: 256000 diff --git a/things-dont-add-up/generator.py b/things-dont-add-up/generator.py index 398325e..594e5b8 100644 --- a/things-dont-add-up/generator.py +++ b/things-dont-add-up/generator.py @@ -7,7 +7,7 @@ elif N == 1: elif N == 2: print '123 456 3\n5 7 11' elif N == 3: - print '1 10000000 16\n1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16' + print '1 10000000 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16' else: import random as r r.seed(N) diff --git a/things-dont-add-up/grader.class b/things-dont-add-up/grader.class new file mode 100644 index 0000000..b56ab20 Binary files /dev/null and b/things-dont-add-up/grader.class differ diff --git a/things-dont-add-up/grader.py b/things-dont-add-up/grader.py deleted file mode 100644 index d3c6fc3..0000000 --- a/things-dont-add-up/grader.py +++ /dev/null @@ -1 +0,0 @@ -# done in grader.java diff --git a/things-dont-add-up/problem.yml b/things-dont-add-up/problem.yml index e3cb42a..92241ac 100644 --- a/things-dont-add-up/problem.yml +++ b/things-dont-add-up/problem.yml @@ -5,6 +5,7 @@ autogen: false programming: true value: 210 +grader_language: java test_cases: 15 time_limit: 1000 memory_limit: 256000 \ No newline at end of file diff --git a/tiny-eval/description.md b/tiny-eval/description.md new file mode 100644 index 0000000..09005c5 --- /dev/null +++ b/tiny-eval/description.md @@ -0,0 +1 @@ +This [page](https://tinyeval.web.easyctf.com) will evaluate anything you give it. diff --git a/undirect/grader.py b/tiny-eval/grader.py similarity index 100% rename from undirect/grader.py rename to tiny-eval/grader.py diff --git a/tiny-eval/problem.yml b/tiny-eval/problem.yml new file mode 100644 index 0000000..e5eabc0 --- /dev/null +++ b/tiny-eval/problem.yml @@ -0,0 +1,7 @@ +author: mzhang +title: TinyEval +hint: How can you eval in as little characters as possible? +category: Web +autogen: false +programming: false +value: 100 diff --git a/undirect/description.md b/undirect/description.md deleted file mode 100644 index a942164..0000000 --- a/undirect/description.md +++ /dev/null @@ -1 +0,0 @@ -Seems like we got ourselves stuck in a [redirect loop](http://undirect.web.easyctf.com). Help me undirect myself from its clutches and get the flag! \ No newline at end of file diff --git a/undirect/problem.yml b/undirect/problem.yml deleted file mode 100644 index fb251d4..0000000 --- a/undirect/problem.yml +++ /dev/null @@ -1,7 +0,0 @@ -author: mzhang -title: Undirect -hint: How can you find out more about what the server is really sending back? -category: Web -autogen: false -programming: false -value: 100 \ No newline at end of file