1337UP Live - OptimusPrime

2 minute read

Here goes the challenge description

Seems like the challenge title is an username

After some OSINT recon, we could fine the username in github

GitHub link

There are two repositories in it,

Viewing the commits of first repo,

So there is some interesting string DJVL4REEXP76YXCTXOKK5NQGQM and some hints

bypthon stuff and pastes buffer

After some googling, you can find this site is relevant to the hint

Seems like, it allows us to share code with long URI

Pasting our string value in the URI to get the data from it,

We are able to get a python script from this link

flag.zip seems interesting

Viewing the second repo of the username, we can see flag.zip,

It is a password protected zip file which we have created from the python script

By understanding the python script, we could see that it generates a random string to compress the zip file

And the seed value is important to find the exact password

By analysing the metadata we could find the time of modification of this file, which is not always equal to time of creation

┌──(kaliaidenpearce369)-[~/IntigritiCTF]
└─$ file flag.zip                        
flag.zip: Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                       
┌──(kaliaidenpearce369)-[~/IntigritiCTF]
└─$ exiftool flag.zip 
ExifTool Version Number         : 12.40
File Name                       : flag.zip
Directory                       : .
File Size                       : 201 bytes
File Modification Date/Time     : 2022:03:11 10:19:14-05:00
File Access Date/Time           : 2022:03:12 12:38:50-05:00
File Inode Change Date/Time     : 2022:03:12 12:38:42-05:00
File Permissions                : -rwxrw-rw-
File Type                       : ZIP
File Type Extension             : zip
MIME Type                       : application/zip
Zip Required Version            : 20
Zip Bit Flag                    : 0x0003
Zip Compression                 : Deflated
Zip Modify Date                 : 2022:02:24 10:00:00
Zip CRC                         : 0xb53c49d5
Zip Compressed Size             : 69
Zip Uncompressed Size           : 59
Zip File Name                   : flaggers\flag.txt

By logic, this is the exact/approximate time when the python script should be ran to create this zip file

Calculating the timestamps values for these two interals,

>>> from datetime import datetime
>>> int(datetime.timestamp(datetime(2022,2,24,10,0,0,0)))
1645714800
>>>> int(datetime.timestamp(datetime(2022,2,25,10,0,0,0)))
1645801200
>>> int(datetime.timestamp(datetime(2022,2,23,10,0,0,0)))
1645628400

So if we bruteforce the seed value with the range of timestamp, it should crack the zip successfully at one point

Creating a python script to bruteforce the logic,

┌──(kaliaidenpearce369)-[~/IntigritiCTF]
└─$ cat solve.py          
import time
import string
import random
from datetime import datetime
import zipfile
length, letters = 32, string.ascii_letters
for x in range(1645628400,1645801200):
        random.seed(x)
        result_str = ''.join(random.choice(letters) for i in range(length))
        try:
                file_name = 'flag.zip'
                pswd = result_str
                with zipfile.ZipFile(file_name) as file:
                        file.extractall(pwd = bytes(pswd, 'utf-8'))
                print("Successfully cracked!!")
                print(datetime.fromtimestamp(x))
                break
        except Exception as e:
                pass

By running this script, we would get the flag

┌──(kaliaidenpearce369)-[~/IntigritiCTF]
└─$ python3 solve.py
Successfully cracked!!
2022-02-24 04:53:00
                                                                       
┌──(kaliaidenpearce369)-[~/IntigritiCTF]
└─$ cat flaggers\\flag.txt 
1337UP{W3ll_1_n3v3r_th0ught_U_c0uuuuuuld_f1nd_m3_308240202}

Finally we got our flag

Tags:

Categories:

Updated: