Post

MAPNA CTF

Posted Updated
Preview Image
By 2$0b.|3r0th3rcc 1 min read

MAPNA CTF WriteUP

Hello comrades, I’m glad you came here to read my article about MAPNA CTF

Let’s start now

PLC I

image

I opened plc.pcap and read it once, what caught my eye was the form flag lol 1: MAPNA{y

image

Ok then I understand, just search and arrange in order :_)

MAPNA{y0u_sHOuLd_4lW4yS__CaR3__PaADd1n9!!}

What next?

image

1
2
3
4
5
6
7
8
9
10
11
12
13
14

from Crypto.Util.number import long_to_bytes

def decrypt(enc, KEY):
    m = enc ^ KEY
    return long_to_bytes(m).decode('utf-8')

# Given values
KEY = 23226475334448992634882677537728533150528705952262010830460862502359965393545
enc = 2290064970177041546889165766737348623235283630135906565145883208626788551598431732

# Decrypt the flag
flag = decrypt(enc, KEY)

print("Decrypted flag:", flag)

image

MAPNA{R_U_MT19937_PRNG_Predictor?}

Flag Holding

image

Now let’s use Burp Suite to intercept the request from the web, then throw it through the Repeater

And here, the topic says you are not from this address http://flagland.internal/

image

Then we will add the header Referer:http://flagland.internal/

image

And it says Unspecified "secret"

image

So we just need to add param “secret” to the request and because this is a GET request, the url will be inserted

image

We have received the next hint secret is the protocol that both the server and browser use to communicate, so we add http

image

Noo !!!

The problem says there is no accept GET but FLAG, so let’s change GET to FLAG @~@

image

MAPNA{533m5-l1k3-y0u-kn0w-h77p-1836a2f}

goodbye, thank you for reading until now //~//

Writeup, MAPNA 2024
forensics cryto web MAPNA CTF
This post is licensed under CC BY 4.0 by the author.