KICTM2018-web 1 Writeup

Posted: 8 October, 2018 in ctf

This challenge was shared by Syed Zainuddin (Challenge Writer) and Shahadan UiTM Jasin for UiTM Jasin 2018 CTF Challenge.

  1. First look, looks like a cipher text, maybe caesar chiper, tried for several shift, but no luck.
  2. I do some peeking in the source code, a javascript with eval(function(p,a,c,k,e,d)) was used. I beautified the script using http://alexis.m2osw.com/js-beautify/ for better reading.
    eval(function(p, a, c, k, e, d) {
    e = function(c) {
    return (c < a ? '' : e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36))
    };
    if (!''.replace(/^/, String)) {
    while (c--) {
    d[e(c)] = k[c] || e(c)
    }
    k = [function(e) {
    return d[e]}];
    e = function() {
    return '\\w+'
    };
    c = 1
    };
    while (c--) {
    if (k[c]) {
    p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
    }
    }
    return p
    }('D.O(\'<!N u><B><M F="I-8"><o>.x{A:#r}.y{A:#r}</o></B><C><6 9="y">z</6><6 9="x">e</6><6 9="y">h</6><6 9="x">i</6><6 9="y">e</6><6 9="x">g</6><6 9="y"> </6><6 9="x">7</6><6 9="y">f</6><6 9="x">c</6><6 9="y">l</6><6 9="x">w</6><6 9="y">a</6><6 9="x">a</6><6 9="y">g</6><6 9="x">h</6><6 9="y"> </6><6 9="x">l</6><6 9="y">i</6><6 9="x">p</6><6 9="y">s</6><6 9="x">0</6><6 9="y"> </6><6 9="x">k</6><6 9="y">H</6><6 9="x">p</6><6 9="y">4</6><6 9="x">g</6><6 9="y">c</6><6 9="x">f</6><6 9="y">K</6><6 9="x">n</6><6 9="y">1</6><6 9="x">5</6><6 9="y">n</6><6 9="x">g</6><6 9="y">G</6><6 9="x">5</6><6 9="y">w</6><6 9="x">g</6><6 9="y">4</6><6 9="x">8</6><6 9="y">3</6><6 9="x">c</6><6 9="y">b</6><6 9="x">j</6><6 9="y">1</6><6 9="x">E</6><6 9="y">n</6><6 9="x">k</6><6 9="y">s</6><6 9="x">t</6><6 9="y">z</6><6 9="x">f</6><6 9="y">y</6><6 9="x">J</6><6 9="y">L</6><6 9="x">h</6><6 9="y">3</6><6 9="x">7</6><6 9="y">@</6><6 9="x">$</6><6 9="y">k</6><6 9="x">5</6><6 9="y">i</6><6 9="x">}</6><6 9="y">c</6><6 9="x">d</6><6 9="y">t</6><6 9="x">a</6><6 9="y">m</6><6 9="x">v</6><6 9="y">2</6><6 9="x">x</6><6 9="y">0</6><6 9="x">q</6><6 9="y">1</6><6 9="x">f</6><6 9="y">8</6><6 9="x">g</6><6 9="y"> </6><6 9="x">d</6><6 9="y">:</6><6 9="x">g</6><6 9="y">)</6></C></u>\');', 51, 51, '||||||span|||class|||||||||||||||style|||000|||html|||||T|color|head|body|document|X|charset|||utf|P|||meta|DOCTYPE|write'.split('|'), 0, {}))
    
  3. I unpacked the above script using online unpacker (http://dean.edwards.name/unpacker/), now the script is human readable.
    document.write('<!DOCTYPE html><head><meta charset="utf-8"><style>.x{color:#000}.y{color:#000}</style></head><body><span class="y">T</span><span class="x">e</span><span class="y">h</span><span class="x">i</span><span class="y">e</span><span class="x">g</span><span class="y"> </span><span class="x">7</span><span class="y">f</span><span class="x">c</span><span class="y">l</span><span class="x">w</span><span class="y">a</span><span class="x">a</span><span class="y">g</span><span class="x">h</span><span class="y"> </span><span class="x">l</span><span class="y">i</span><span class="x">p</span><span class="y">s</span><span class="x">0</span><span class="y"> </span><span class="x">k</span><span class="y">H</span><span class="x">p</span><span class="y">4</span><span class="x">g</span><span class="y">c</span><span class="x">f</span><span class="y">K</span><span class="x">n</span><span class="y">1</span><span class="x">5</span><span class="y">n</span><span class="x">g</span><span class="y">G</span><span class="x">5</span><span class="y">w</span><span class="x">g</span><span class="y">4</span><span class="x">8</span><span class="y">3</span><span class="x">c</span><span class="y">b</span><span class="x">j</span><span class="y">1</span><span class="x">X</span><span class="y">n</span><span class="x">k</span><span class="y">s</span><span class="x">t</span><span class="y">T</span><span class="x">f</span><span class="y">y</span><span class="x">P</span><span class="y">L</span><span class="x">h</span><span class="y">3</span><span class="x">7</span><span class="y">@</span><span class="x">$</span><span class="y">k</span><span class="x">5</span><span class="y">i</span><span class="x">}</span><span class="y">c</span><span class="x">d</span><span class="y">t</span><span class="x">a</span><span class="y">m</span><span class="x">v</span><span class="y">2</span><span class="x">x</span><span class="y">0</span><span class="x">q</span><span class="y">1</span><span class="x">f</span><span class="y">8</span><span class="x">g</span><span class="y"> </span><span class="x">d</span><span class="y">:</span><span class="x">g</span><span class="y">)</span></body></html>');
    
  4. I run the unpacked code, and play around with the script(https://js.do/), but still could’nt find any flag.
  5. Wait, what does the x and y css class do? Why both x and y is black? Ok, i try to change x to #fff. And there’s the flag.
  6. I can’t just simply copy the flag due to the x values (#fff), I could type manually the flag, or grab the flag from the decoded javascript using python or any other scripting language; so i wrote a very simple ular sawa script to do the job!
    import re
    pattern='<span class=\"y\">([^<]+)</span>'
    #copy the unpacked script inside a text file (data.txt)
    with open ('data.txt','r') as infile:
    data=infile.read()
    flag=re.findall(pattern,data)
    print(''.join(flag))
    

  7. I think that’s the flag for this challenge. OK, need to continue my work! 🙂

 

Advertisements

I’m Back

Posted: 3 October, 2018 in tutorials, umum

After almost more than 4 years not posting here, now i’m back. Insya Allah!

back

Multiple Dropdownlist dalam Yii

Posted: 24 January, 2014 in php, programming

Salam semua kepada pembaca blog ini. Alhamdulillah dah masuk tahun baru dah kita, semoga semangat baru dapat menyemarakkan prestasi dan sumbangan kita pada agama, bangsa dan negara. Cewah. Awal tahun ni aku disibukkan dengan tugas tugas yang memang sangat-sangat memeningkan kepala, nak buat macam mana, nak tak nak kena hadap jugak kan. Hehehe.

Untuk awal tahun ni, aku ada nak buat satu Sistem Dashboard ICT JHEAINS, dalam sistem ini ada beberapa modul kecil yang akan dikembangkan dari masa ke semasa mengikut keperluan. Buat masa ni aku bercadang nak buat modul pinjaman peralatan ICT, modul aduan kerosakan ICT dan modul permohonan email rasmi jabatan.

Paparan Sistem Dashboard ICT JHEAINS

Paparan Sistem Dashboard ICT JHEAINS

Buat masa ni aku tengah cuba siapkan Modul Pinjaman Peralatan dulu. Berikut adalah paparan Borang Permohonan Pinjaman Peralatan yang di isi oleh pengguna.

Borang Permohonan Pinjaman Peralatan

Borang Permohonan Pinjaman Peralatan

Kat bawah ni ada satu set dropdownlist. Bila pengguna memilih Jenis Peralatan, dropdownlist yang lain akan update valuenya secara automatik.

Multiple dropdownlist

Multiple dropdownlist

Berikut adalah code yang aku gunakan untuk tujuan ni.

Untuk form

<td bgcolor="#FFFFA8">Jenis Peralatan</td>
<td colspan="3" bgcolor="#FFFFA8">
<?php
echo $form->dropDownList($model,'jenis_peralatan',
CHtml::listData(JenisPeralatan::model()->findAll(),'kategori','kategori'),

array(
    'empty'=>'Pilih Kategori',
    'ajax' => array(
    'type' => 'POST',
    'url' => CController::createUrl('PermohonanPinjaman/namaperalatan'),
    'dataType'=>'json',
    'data'=>array('namaperalatan'=>'js:this.value'),

   'success'=>'function(data) {
$("#PermohonanPinjaman_jenis_perkakasan_1").html(data.dropDownPeralatan);
$("#PermohonanPinjaman_jenis_perkakasan_2").html(data.dropDownPeralatan);
$("#PermohonanPinjaman_jenis_perkakasan_3").html(data.dropDownPeralatan);
$("#PermohonanPinjaman_jenis_perkakasan_4").html(data.dropDownPeralatan);
$("#PermohonanPinjaman_jenis_perkakasan_5").html(data.dropDownPeralatan);
$("#PermohonanPinjaman_jenis_perkakasan_6").html(data.dropDownPeralatan);
   }',
)
));
?>

</td>
</tr>
<tr>
<tr>
<td bgcolor="#FFFFD7">Jenis Perkakasan</td>
<td bgcolor="#FFFFD7">
<?php
echo $form->dropDownList($model,'jenis_perkakasan_1',array(),array('prompt'=>'Pilih Perkakasan'));
?>
</td>

<td bgcolor="#FFFFD7">Bilangan Unit</td>
<td bgcolor="#FFFFD7">
<?php echo $form->textField($model,'unit_perkakasan_1',array('class'=>'span1','maxlength'=>1)); ?>
</td>
</tr>

<tr>
<td bgcolor="#FFFFA8">Jenis Perkakasan</td>
<td bgcolor="#FFFFA8">
<?php
echo $form->dropDownList($model,'jenis_perkakasan_2',array(),array('prompt'=>'Pilih Perkakasan'));
?>
</td>

<td bgcolor="#FFFFA8">Bilangan Unit</td>
<td bgcolor="#FFFFA8">
<?php echo $form->textField($model,'unit_perkakasan_2',array('class'=>'span1','maxlength'=>1)); ?>
</td>
</tr>
<tr>

<td bgcolor="#FFFFD7">Jenis Perkakasan</td>
<td bgcolor="#FFFFD7">
<?php
echo $form->dropDownList($model,'jenis_perkakasan_3',array(),array('prompt'=>'Pilih Perkakasan'));
?>
</td>
<td bgcolor="#FFFFD7">Bilangan Unit</td>
<td bgcolor="#FFFFD7">
<?php echo $form->textField($model,'unit_perkakasan_3',array('class'=>'span1','maxlength'=>1)); ?>
</td>
</tr>

<tr>
<td bgcolor="#FFFFA8">Jenis Perkakasan</td>
<td bgcolor="#FFFFA8">
<?php echo $form->dropDownList($model,'jenis_perkakasan_4',array(),array('prompt'=>'Pilih Perkakasan'));
?>
</td>
<td bgcolor="#FFFFA8">Bilangan Unit</td>
<td bgcolor="#FFFFA8">
<?php echo $form->textField($model,'unit_perkakasan_4',array('class'=>'span1','maxlength'=>1)); ?>
</td>
</tr>

<tr>
<td bgcolor="#FFFFD7">Jenis Perkakasan</td>
<td bgcolor="#FFFFD7">
<?php echo $form->dropDownList($model,'jenis_perkakasan_5',array(),array('prompt'=>'Pilih Perkakasan'));
?>
</td>
<td bgcolor="#FFFFD7">Bilangan Unit</td>
<td bgcolor="#FFFFD7">
<?php echo $form->textField($model,'unit_perkakasan_5',array('class'=>'span1','maxlength'=>1)); ?>
</td>
</tr>

<tr>
<td bgcolor="#FFFFA8">Jenis Perkakasan</td>
<td bgcolor="#FFFFA8">
<?php echo $form->dropDownList($model,'jenis_perkakasan_6',array(),array('prompt'=>'Pilih Perkakasan'));
?>
</td>
<td bgcolor="#FFFFA8">Bilangan Unit</td>
<td bgcolor="#FFFFA8">
<?php echo $form->textField($model,'unit_perkakasan_6',array('class'=>'span1','maxlength'=>1)); ?>
</td>
</tr>

Untuk controller

public function actionNamaperalatan()
{

$data=JenisPeralatan::model()->findAllByAttributes(array('kategori'=>$_POST['namaperalatan']));

$data=CHtml::listData($data,'jenis_perkakasan','jenis_perkakasan');

    $dropDownPeralatan = "";
        foreach($data as $value=>$name)
        {
           $dropDownPeralatan .= CHtml::tag('option',
           array('value'=>$value),CHtml::encode($name),true);
        }
    echo CJSON::encode(array(
    'dropDownPeralatan'=>$dropDownPeralatan
    ));

}

Ok lah buat masa ni. Insya Allah ada masa nanti aku update lagi blog ni yer.

Happy h4ckin dari pokcik gh1mau 🙂
210166.strip

Lua Programming : Siri 1

Posted: 11 November, 2013 in programming

Salam semua, entri kali ni aku nak kongsi dan bincangkan tentang lua scripting. Lua adalah satu programming language yang digunakan dalam Wireshark, Snort dan Nmap. Nmap mempunyai satu function untuk menjalankan scripts, dan script ni boleh ditulis dengan menggunakan bahasa Lua ni. Untuk mula membuat scripting bagi nmap, pertama sekali, kita kena paham la sedikit sebanyak pasal lua ni. Nmap menyediakan API dan Libraries yang banyak dan memudahkan developer untuk membangunkan script baru. Insya Allah, nanti aku akan buat entri pasal nmap scripting ni.

lua

Lua is a powerful, fast, lightweight, embeddable scripting language.

Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping.

Lua is designed, implemented, and maintained by a team at PUC-Rio, the Pontifical Catholic University of Rio de Janeiro in Brazil. Lua was born and raised in Tecgraf, the Computer Graphics Technology Group of PUC-Rio, and is now housed at Lablua. Both Tecgraf and Lablua are laboratories of the Department of Computer Science of PUC-Rio.

“Lua” (pronounced LOO-ah) means “Moon” in Portuguese. As such, it is neither an acronym nor an abbreviation, but a noun. More specifically, “Lua” is a name, the name of the Earth’s moon and the name of the language. Like most names, it should be written in lower case with an initial capital, that is, “Lua”. Please do not write it as “LUA”, which is both ugly and confusing, because then it becomes an acronym with different meanings for different people. So, please, write “Lua” right!

Ok, tanpa membuang masa kita bincangkan sedikit sebanyak tentang asas Lua Programming ini. Pertama sekali kita akan lihat struktur function dalam lua. Macam mana kita nak buat function yang asas.

1

Function terdiri daripada beberapa komponen. Function bermula dengan sintaks seperti dibawah, dan ditutup dengan end. Function perlu diberi nama, objek didalam () adalah parameter. Code yang berada di dalam function disebut chunks. Berikut adalah satu function mudah untuk kita printkan senarai nombor dari 1 hingga 10.

function senarai(a,b)
for nombor = a,b do
print ("Bil:" ..nombor)
end
end

senarai(1,10)

Di dalam lua, kita boleh membuat comments seperti berikut:

-- ini adalah single line comment
--[[--
ini adalah
multiline comments
--]]--

Macam mana kita nak assign value pada variable? Dalam lua tak ada specific data type. Sangat mudah dan straightforward. Cuba lihat contoh dibawah.

nombor = 10
nama = "ali"
nama = 'ali'
kehadiran = false
warna {"merah","hijau","biru","kuning"}
paparkehadiran = kehadiran or "Tidak Hadir"
a,b,c = 1,2,3

Local variable, hanya boleh diakses dalam block dimana ianya dideclare, berbeza dengan global variable, boleh diakses dari mana-mana bahagian code. Dalam kod dibawah, kita declare satu local variable (nama) didalam function paparnama. Kemudian kita cuba paparkan variable nama (print(nama)) dari luar function tersebut. Hasilnya adalah nil(tiada).

function paparnama()
local nama = "Ali"
end

print (nama)

Kita declare satu global variable nama,dan bila kita print variable nama, kita akan dapat nilai Abu.

nama = "Abu"
function paparnama()
local nama = "Ali"
end

print (nama)

2

Sekarang ni kita bincangkan secara asas tentang loops. Kita akan gunakan for loop. Konsepnya sama saja dengan programming language yang lain, jadi tak yah la nak citer panjang la. heheheh 🙂

for nombor = start, maximum, increment do
print ("Bil:" ..nombor)
end

3

Ok la, Insya Allah nanti kita akan sambung perbincangan pasal Lua ni dalam siri yang lain.

Happy h4ckin dari pokcik gh1mau 🙂

196051.strip.sunday