iT邦幫忙

2024 iThome 鐵人賽
DAY 3
0
Security

picoCTF系列 第 3

[Day 3] Verify

16th鐵人賽
203 瀏覽

  • 分享至 

  • xImage
    •  

我們先看到問題,題目要求想要找真正的flag,並且給我們 以 sha-256 hash 的 checksum 和 decrypt 的檔案,還有欲連上的 server 密碼和網址。
提示中有告訴我們可以建立 checksum 的方法,還有 output 中可以使用 | (pipe)。

https://ithelp.ithome.com.tw/upload/images/20240807/20168342pHNiCuinin.png

hint 1:Checksums let you tell if a file is complete and from the original distributor. If the hash doesn't match, it's a different file.
hint 2:You can create a SHA checksum of a file with sha256sum <file> or all files in a directory with sha256sum <directory>/*.
hint 3:Remember you can pipe the output of one command to another with |. Try practicing with the 'First Grep' challenge if you're stuck!

我們依照題目給的,用 ssh 連上 server,在連上時,當被問要是否要繼續時要選擇 yes,並再輸入題目的密碼 ( 這裡是 83dcefb7 )。

$ ssh -p 61925 ctf-player@rhea.picoctf.net
The authenticity of host '[rhea.picoctf.net]:61925 ([3.136.191.228]:61925)' can't be established.
ECDSA key fingerprint is SHA256:intfZRbiBnFFTwsnRQifu/Wu8o+HCV3fqyuYXoQ3pLQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[rhea.picoctf.net]:61925,[3.136.191.228]:61925' (ECDSA) to the list of known hosts.
ctf-player@rhea.picoctf.net's password: 
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 6.5.0-1016-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

ctf-player@pico-chall$

接著使用 ls,查看有什麼檔案,得到一個文字檔,一個 bash 檔,還有一個不確定是甚麼類型的 files。

ctf-player@pico-chall$ ls
checksum.txt  decrypt.sh  files

發現有 checksum.txt,依照題目,我們試著用 decrypt.sh 解碼,發現 checksum.txt 是假的flag。

ctf-player@pico-chall$ ./decrypt.sh checksum.txt 
bad magic number
Error: Failed to decrypt 'checksum.txt'. This flag is fake! Keep looking!
ctf-player@pico-chall$

我們再試著解碼看看 files,發現沒有辦法解碼,於是我們用 ls -R,檢視所有檔案,發現 files 是資料夾,裡面有許多其他檔案。

ctf-player@pico-chall$ ./decrypt.sh files
Error: 'files' is not a valid file. Look inside the 'files' folder with 'ls -R'!
ctf-player@pico-chall$ ls -R
.:
checksum.txt  decrypt.sh  files

./files:
047MJYW7  7YlIOxWG  FNRT4oFd  NmuLJcjD	U7SEpsXd  dEVxJ2qG  niXGrsgK  uw3TvL3P
0CbGv6a3  80btcs9b  FWmPesGL  NqjC5VXz	URYYNGxZ  dJzWkU1Q  nr3IXKgz  uwZIBYpw
0E56AVSC  80f71Tlc  FXHBxQjZ  O7knebdG	VR8O9EAS  e7U2gGar  nvtdmSSg  uz0yrxxD
0QUxtltc  85k4844c  Fv7iksDZ  O9vttreT	W1Fiysnc  eHMqnmO6  oQzbBXPT  v0LKVD3h
0XKkalUj  86hYDjno  G244hQnd  OGiva8vH	WBbhtpsN  eUp5OdvA  onqK4HP3  v9TEcwko
0hBYiFqV  8SXF7mDb  GDrafQ2W  OHjloRN0	WBv990nM  efPoh96A  opLYnq5q  vC1tHUr2
0xx1tyUI  8h1rOlXM  GHuWjeJ9  OaQl5g3e	WEqguSEY  egSaXF3D  orV7qTqZ  vGHNz4al
1VpyYwwh  9CrGqrOf  GUEnrd1t  ObjxHPwy	WGlw8QMW  enUaRS4w  oy2oXp1t  vL0JYb7n
25jFiRcF  9VFp8JdD  Gp1JEl2h  Ofz0iqFX	WWTBLhPp  eoYlHLVB  pGGOwBsr  vY5qGrrd
2B0GV1AB  9YOFaoZl  H7Ixs9CI  Ot4mYM7x	WdGGv43K  exyTux3t  pOWsomAC  vvJtzkqH
2SbMywFt  9fSkDlcH  HDYiL2qX  Ous2JVk2	X7yet6uw  fB2VnieD  pQNOrEf0  w3o3t3VK
2Yc6IWTg  9spBfMu7  HNRI4jm0  PJqcmuRt	XF3VmqVm  fJiZ2bMw  pcG2OMtT  wJD9dCMd
2oGGasVb  A0Xjfjyv  HUiJtVz0  PfmG9EIR	XFrufR80  fKCy1WTf  pfB7wztg  wgvRImaG
2xPyec1z  AOAysod6  HhPvJ7d7  PvE5OAg4	XQJcaZgW  fPrKO8V5  pn2lFoDd  whevF4V0
3HtK7pJ0  AOgyIEGc  Ht3OiHhF  Q94hibhx	XqRw2HGU  fQnfnq06  poTBHw5o  x1wlAOTr
3MWxikbL  AlGTwKyO  I1gghDYt  QHkh1WHT	XuigwWF7  fnrslV0R  pz7WGxJ4  xCDyjqeT
3P2iIh03  AmQLyNou  IJX4r4eM  QRakKVta	Y1tTgMUD  gDXNNquR  qJIJZA0v  xE1I24IF
3ZyNMmFE  Ar2IDsE2  JB4PaRNY  Qi0CXXRR	YEjiR5zf  gIhaWdn0  qiKkh7L2  xP8hXfNR
3eJU0bPR  BD8hIik3  JqYRPdED  Qir73mSK	YZ0OB1mt  gkqJibML  qnxF5I1t  xQMWIZBH
3qDZ0GiM  BtuwzSy0  K4jUiynD  R0QJ2VKL	Ylaf2TY1  gmcsCSX3  rAQk2W0n  xVPXvgB2
3rXzZWry  C8QQ7gyc  KDp8EJSk  R9B10IsM	Yn1Qg1dx  hBccpGRH  rDBnOYi8  xgBUzxwD
43UId6P7  CIcPHsac  KbONzfRz  RT9fmHCO	Ypof7Dgr  hI05TCz1  rHtWBcCX  xjRhyYW5
4MQ26j79  CJ5U4hxW  Kd0WNtCU  RiQGT34B	ZM8AYtlG  hONfsBJg  rK99ez1a  xrUttVxO
4UWHd6Hh  CmGCd6Vt  Keoo2vTu  SFAQKdZD	ZVhZ6QYU  hgfq6lwn  rUmhKhnU  xxr0iXrr
4iAgLaET  D6DGyxjR  KvvTfLSK  SGQH2HKl	ZWNJ0AhH  hnC2Necm  sOhwN7cV  yAbc0Rj2
51fpnVb7  D9zwUVlq  LP8coBqU  SQrS0l9A	ZZSXid5R  hsW2u10K  sTktzsdS  yRrCeSQg
58VrA22G  DBQbeL0I  LQJNuVhs  SREVuUw3	a76e3swH  i2LDbe1K  t3MxVbsm  yi2zkQtL
5HYKp822  DRnArSUC  LkGAamWS  Sus5gnJ8	aUzIEw0T  i4XAopa0  t3yYcEve  yj7yobL0
5Hde480w  DSwFiycn  LmicJDs8  SzSn7OcI	bE62hGOU  iKj2d6J4  t7jXqCcv  yxVNk723
5K1a6h06  DgSvTEwj  Lmt5Y0x2  TDjaKG6o	bNDt5rfT  iMQMDV0F  tQQuoksm  z333mx7V
5P2RhVCm  DhGmqcSh  Lo86CvQ9  TMEQwqGw	bf4r768r  jHRn7Fub  tjZsxG5L  zNtZNpTg
5UGLBciS  DpTMOGCI  LxrBh9k1  Tb4MR5ML	bvPuToXm  jvtAQCHw  tzjdKlhj  zSomJYUc
5glLfO3M  DxlIKqf0  M4k3wbII  TcfR5Cf6	c6c8b911  lMx8gj9G  uDj1e5QR  zUmtlpHw
60CeHYva  EC1I5QwZ  Ml2ne9bC  Td52rYaf	cYQJTzGN  lURnFs0v  uJnJfk8o  zjK7vU2n
69891sbg  EXORCadn  N18is4D1  Texe1REf	coJvjQ1h  lyYImb9U  ukl9M0t5  zlkIRSOv
6ePyVUQ2  EfRHiDLP  NAKaekRz  ThXpDtur	d3p6iNNZ  mMUJICI9  ulFEMOKX
6nFsOudx  Eg5lVJUw  NEc5NL3C  TtY9kI58	dDSS287o  mpJ16YYd  umDaEkFr
6wnVCfWh  ElM3tYhK  NH1pCwum  TxL3f6fM	dDuPGuwH  nMTwYBYg  uvq4BDCM

選其中一個檔案查看,發現在 files 底下的檔案內都有一組字串。

ctf-player@pico-chall$ cat files/047MJYW7
qFWOwLhiimnyYn6COcXm5MmMZ2V3prEFP2rYyoIeeFRPoyoBqSVktgjGr9Invmk

接著參考提示 2,使用 sha256sum 生成 files 底下檔案的 checksum 值。

ctf-player@pico-chall$ sha256sum files/*
4666cbea94c25fe9c9f3bf5066a8c911d451a9add3edf33cf0dded9877ea74d0  files/047MJYW7
48985dcd07f0571bb58e7c1a78ec18ea53a0d867f4d2e1e45adb8b3467b51a73  files/0CbGv6a3
74a7a6b4fc16b48a5285abd3bc0b823e6a1cda7d3f9fcacbd58120d98fbb4e13  files/0E56AVSC
0cfdd4d83c0d0978dc1b4169bb73e3fd84f9c05ca1a6edb400dd86fd107de484  files/0QUxtltc
464a72f5728ae07e79965aae147fcb3e78494d0255f7bb9bc3531a50a4ddd8ec  files/0XKkalUj
f3aa1f2d0d48105fb62ef59ac533125df9eebfe9d5ea64eba39abcd4bd1deb9e  files/0hBYiFqV
783dc53e3503f1f09ab2276bc254ed0a661dc853c51036183b7f72911402756f  files/0xx1tyUI
28938ca5834d4d773a91a326ae27384187232aa92b3da90aaf73d9bef2f8b0e5  files/1VpyYwwh
a825a49e4af1ce3185505f2757cfb7e0cf202d6854dd6c8cb8638d6ea63912fd  files/25jFiRcF
005680586b1477d7e7652fe22d6629ae7c53f7a13b52a11bd6daa620226e341a  files/2B0GV1AB
28873b79424414442d0dcbf0da45df84af9e121a04ba092a84a18e5fc5b569b5  files/2SbMywFt
558509dcbb297dd5ea6e40113c208e3ba6b957442fa01e1ebb63f90ea0316de5  files/2Yc6IWTg
ab9e80b8c009f239f445ecf61a5ad2ee91a4b61574f87548ab1e738666e9b75d  files/2oGGasVb
.......

因為題目有給我們 sha256 的 checksum,所以我們將 files 底下檔案內的字串都用 sha256 加密後,查看哪個檔案的 checksum 值符合題目所給,就知道哪一個檔案才能得到真正的 flag。

ctf-player@pico-chall$ sha256sum files/* | grep '467a10447deb3d4e17634cacc2a68ba6c2bb62a6637dad9145ea673bf0be5e02'
467a10447deb3d4e17634cacc2a68ba6c2bb62a6637dad9145ea673bf0be5e02  files/c6c8b911

至於為甚麼要檢查 checksum?是因為 checksum 值能讓你知道檔案的完整性,以及資料的來源是否為原始的提供者,也就可以達成提示 1 說道的,檢查檔案是否完整,並且提供者是否為原提供者。

最後發現是 c6c8b91 這個檔案符合,於是我們嘗試解密,得到真正的 flag。

ctf-player@pico-chall$ ./decrypt.sh files/c6c8b911
picoCTF{trust_but_verify_c6c8b911}

小結:
我們學到 checksum 是甚麼,並且學習如何連上 server。
並且練習了 grep 指令,以及 sha256sum 的用法。


上一篇
[Day 2] Collaborative Development
下一篇
[Day 4] timer
系列文
picoCTF30
  1. 26
    [Day 26] heap2
  2. 27
    [Day 27] format string 2
  3. 28
    [Day 28] Mob psycho
  4. 29
    [Day 29] rsa_oracle
  5. 30
    [Day 30] Classic Crackme 0x100
完整目錄
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言
iThome鐵人賽
參賽組數
1064
團體組數
40
累計文章數
22189
完賽人數
602
iT+看影片追技術 看影片追技術 看更多
熱門tag 看更多
15th鐵人賽 16th鐵人賽 13th鐵人賽 14th鐵人賽 12th鐵人賽 11th鐵人賽 鐵人賽 2019鐵人賽 javascript 2018鐵人賽 python 2017鐵人賽 windows php c# windows server linux css react vue.js
熱門問題
熱門回答
熱門文章
IT邦幫忙