script error resolved

InfoSecIITR · Jun 12, 2024 · 2140876 · 2140876
1 parent a9ef3fe
commit 2140876
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 21 deletions.
diff --git a/content/ctf-writeups/bcactf_5.0/crypto.md b/content/ctf-writeups/bcactf_5.0/crypto.md
@@ -63,15 +63,15 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 - I made an rsa encrypter to send my messages but it seems to be inconsistent...
 - Netcat Links: `nc challs.bcactf.com 31452`
 ### Server Files
-- [rsa_encrypter.py](./assets/scripts/RSAEncrypter/rsa_encrypter.py)
+- [rsa_encrypter.py](../assets/scripts/RSAEncrypter/rsa_encrypter.py)
 
 ## Encryption
 - There is an `encode` function that takes the flag as `plaintext`, generates random `p` and `q` and encrypts the flag using RSA with `e = 3`. It returns the `ciphertext` and `modulus`.
 - The server lets us use the `encode` function multiple times, so we can get multiple values of `ciphertext` and `modulus`.
 
 ## Decryption
 ### Scripts
-- [solve.py](./assets/scripts/RSAEncrypter/solve.py)
+- [solve.py](../assets/scripts/RSAEncrypter/solve.py)
 ### Explanation
 - So, after getting 3 results of `encode` we use Chinese Remainder Theorem to get `m^3^ mod (n1*n2*n3)` which is `m^3^` itself as `n1*n2*n3` is 3072 bits long, way bigger than `m^3^`.
 - Now that we have `m^3^` we can simply find its cube root to get the `plaintext`
@@ -88,7 +88,7 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 - After realizing how insecure the systems of many companies are (they're always getting hacked), I decided to start offering Encryption as a Service (EaaS). With such a strong guarantee of security, I'll even give you the source code AND my encrypted super secret flag.
 - Netcat Links: `nc challs.bcactf.com 31704`
 ### Server Files
-- [server.py](./assets/scripts/Encryptor-Shop/server.py)
+- [server.py](../assets/scripts/Encryptor-Shop/server.py)
 
 ## Encryption
 - The server generates 3 large primes of order 1024 bits `p,q,r`.
@@ -98,7 +98,7 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 
 ## Decryption
 ### Server Files
-- [solve.py](./assets/scripts/Encryptor-Shop/solve.py)
+- [solve.py](../assets/scripts/Encryptor-Shop/solve.py)
 ### Explanation
 - Since we have `p*q` and now `p*r` , we can use gcd to get the prime `p`. 
 - Now we can extract `r` from the second modulus and solve the RSA since we have both primes.
@@ -115,7 +115,7 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 - I made this cool service that lets you protect your secrets with state-of-the-art encryption. It's so secure that we don't even tell you the key we used to encrypt your message!
 - Netcat Link: `nc challs.bcactf.com 31594`
 ### Server Files
-- [server.py](./assets/scripts/cha-cha-slide/server.py)
+- [server.py](../assets/scripts/cha-cha-slide/server.py)
 
 ## Encryption
 - The server is using `ChaCha20` for enryption which is a stream cipher.
@@ -130,7 +130,7 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 
 ## Decryption
 ### Scripts
-- [solve.py](./assets/scripts/cha-cha-slide/solve.py)
+- [solve.py](../assets/scripts/cha-cha-slide/solve.py)
 ### Explanation
 - First we recieve the encrypted secret message.
 - Then we send as many '\x00' bytes as the length of the ciphertext.
@@ -148,8 +148,8 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 ## Source
 - My friend seems to be communicating something but I can't make out anything. Why do we live so close to Chernobyl anyways?
 ### Server Files
-- [message.py](./assets/scripts/rad-be-damned/message.py)
-- [output.txt](./assets/scripts/rad-be-damned/output.txt)
+- [message.py](../assets/scripts/rad-be-damned/message.py)
+- [output.txt](../assets/scripts/rad-be-damned/output.txt)
 
 ## Encryption
 - The script reads the flag from a file and uses it as `plaintext`
@@ -161,11 +161,11 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 
 ## Decryption
 ### Scripts
-- [solve.py](./assets/scripts/rad-be-damned/solve.py)
+- [solve.py](../assets/scripts/rad-be-damned/solve.py)
 ### Explanation
 - As this is a stream cipher we don't need to reverse or understand the `encrypt` function as we could just brute the byte.
 - First we work on the `rad` function which is randomly flipping one bit.
-    - We split the ciphertext from [output.txt](./assets/scripts/rad-be-damned/output.txt) into blocks of 12 bits and then work on them separately.
+    - We split the ciphertext from [output.txt](../assets/scripts/rad-be-damned/output.txt) into blocks of 12 bits and then work on them separately.
     - For every block , `rad` function could have either flipped one of the first 8 bits which is the byte itself or one of the last 4 bits which acts as a `checksum`.
     - First we loop for the first 8 bytes and flipping one bit in an iteration, then encrypting the byte formed by the first 8 bits using the `encrypt` function to get its result.
         - If the last 4 bits of the encryption result matches with the `checksum`, then that byte is the actual byte from the `plaintext`.
@@ -184,8 +184,8 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 ## Source
 - My client is a bit picky with the primes they are willing to use...
 ### Server Files
-- [superstitious-2.py](./assets/scripts/superstitious2/superstitious-2.py)
-- [superstitious-2.txt](./assets/scripts/superstitious2/superstitious-2.txt)
+- [superstitious-2.py](../assets/scripts/superstitious2/superstitious-2.py)
+- [superstitious-2.txt](../assets/scripts/superstitious2/superstitious-2.txt)
 
 ## Encryption
 - The script generates 2 primes p and q using the mask `((1<<1024)-1)//3` which is `0b01010101....`
@@ -196,7 +196,7 @@ cipher 2 - bdoloeinbdjmmyg <- THIS ONE
 
 ## Decryption
 ### Scripts
-- [solve.py](./assets/scripts/superstitious2/solve.py)
+- [solve.py](../assets/scripts/superstitious2/solve.py)
 ### Explanation
 - So we start will `p,q = 0,0`.
 - Then we run a loop guess the next 2 bits in each iteration.
@@ -219,7 +219,7 @@ author: Thomas
 >Cinnamon Dynamics, an innovative technology company, provides a service for the public to execute short scripts to query some limited information about the company. To combat abuse, they've instated a requirement for all scripts to be approved by a company employee before they can be executed. Approved scripts are granted a "script token" that allows them to be executed an indefinite amount of times, so long as the script is not modified. Unfortunately, it seems that malicious actors have managed to circumvent the security system...  
 **Resources**:  
 Web servers: challs.bcactf.com:31077
-Static resources: [server.js](./assets/scripts/cinamon/server.js)
+Static resources: [server.js](../assets/scripts/cinamon/server.js)
 
 ## Solution
 

diff --git a/content/ctf-writeups/bcactf_5.0/forensics.md b/content/ctf-writeups/bcactf_5.0/forensics.md
@@ -357,14 +357,14 @@ But due to the speed of the wav file some of the dtmf tones get overlapped in th
 ```47656*6*6D3#315B656*6A6D606531B46D31B4676531434A424A54463147656*B16*686#653#19546768BA316A626*6*316062B831636531B3656A6DB364656431666DB331B2B5626*68B4B83162BABAB5B3626#6A6531B1B5B3B16DBA65BA3#1919466DB3316A6762B33131A13*316B65B431686#6465B731A1B7A6A23#19466DB3316A6762B33131A23*316B65B431686#6465B731A1B7ABA33#19466DB3316A6762B33131A33*316B65B431686#6465B731A1B7A66A3#19466DB3316A6762B33131AA3*316B65B431686#6465B731A1B7AAA73#19466DB3316A6762B33131A43*316B65B431686#6465B731A1B7A3633#19466DB3316A6762B33131A53*316B65B431686#6465B731A1B7A6663#19466DB3316A6762B33131A63*316B65B431686#6465B731A1B7AA653#19466DB3316A6762B33131AB3*316B65B431686#6465B731A1B7A5A83#19466DB3316A6762B33131A73*316B65B431686#6465B731A1B7A66A3#19466DB3316A6762B33131A83*316B65B431686#6465B731A1B7AAA73#19466DB3316A6762B331A2A13*316B65B431686#6465B731A1B7A2A83#19466DB3316A6762B331A2A23*316B65B431686#6465B731A1B7A6663#19466DB3316A6762B331A2A33*316B65B431686#6465B731A1B7A2643#19466DB3316A6762B331A2AA3*316B65B431686#6465B731A1B7ABA33#19466DB3316A6762B331A2A43*316B65B431686#6465B731A1B7A1623#19466DB3316A6762B331A2A53*316B65B431686#6465B731A1B7A4A53#19466DB3316A6762B331A2A63*316B65B431686#6465B731A1B7A5A83#19466DB3316A6762B331A2AB3*316B65B431686#6465B731A1B7A6663#19466DB3316A6762B331A2A73*316B65B431686#6465B731A1B7A66A3#19466DB3316A6762B331A2A83*316B65B431686#6465B731A1B7A3653#19466DB3316A6762B331A3A13*316B65B431686#6465B731A1B7A6663#19466DB3316A6762B331A3A23*316B65B431686#6465B731A1B7A66A3#19466DB3316A6762B331A3A33*316B65B431686#6465B731A1B7A3A63#19466DB3316A6762B331A3AA3*316B65B431686#6465B731A1B7A3633#19466DB3316A6762B331A3A43*316B65B431686#6465B731A1B7A1A33#19466DB3316A6762B331A3A53*316B65B431686#6465B731A1B7A6663#19466DB3316A6762B331A3A63*316B65B431686#6465B731A1B7A1A23#19466DB3316A6762B331A3AB3*316B65B431686#6465B731A1B7A3A63#19466DB3316A6762B331A3A73*316B65B431686#6465B731A1B7ABA33#19466DB3316A6762B331A3A83*316B65B431686#6465B731A1B7A5AA3#19466DB3316A6762B331AAA13*316B65B431686#6465B731A1B7AAA83#19466DB3316A6762B331AAA23*316B65B431686#6465B731A1B7A1A43#191919516*6562BA6531676D6*6431BB67686*6531BB6531BA656#6431B86DB531B3626#646D60316B62B363626B6531B46762B431B86DB531BA676DB56*6431686#6465B731686#B46D31B46D316B65B431B4676531666*626B3#195B67656#31B86DB53BB3653166686#68BA6765643*3160626C6531BAB5B36531B46D31BBB362B131B4676531666*626B31686#31B4676531B1B36DB165B331666DB36062B43#19B7B16453655B45666#6DA443B4B653655547B7B5A7B443B36C6#B85567A2A3A7446D6*BA5B67A26DB9AB6A6#5544B86B48B76C4A48B4BBBAA1A5B64#A75A646C46B1545153B6564#556A5354B46D5AABB945556266AB4D4#48AA6#A155B456B5486*68A8436A5166B7454A586044485DA445AAB349425567584B56A8BB4D4648```
 
 Then we do the keys substituition as replacing `123A456B789C*0#D` by `0123456789ABCDEF` and print the hex decoded value using solve.py
-[Script 1](./assets/scripts/Touch_Tone_Telephone/solve.py)
+[Script 1](../assets/scripts/Touch_Tone_Telephone/solve.py)
 
 Then we get the following message:
 
 ![Image 1](./assets/images/forensics/Touch_Tone_Telephone/Touch_Tone_Telephone_1.png)
 
 Now comes the part to reverse this code so we write another code to solve this task as script.py 
-[Script 2](./assets/scripts/Touch_Tone_Telephone/script.py) which extract the characters of the flag based on the given indices of the garbage given in the end.
+[Script 2](../assets/scripts/Touch_Tone_Telephone/script.py) which extract the characters of the flag based on the given indices of the garbage given in the end.
 
 And that reveals us our flag:
 

diff --git a/content/ctf-writeups/bcactf_5.0/misc.md b/content/ctf-writeups/bcactf_5.0/misc.md
@@ -11,7 +11,7 @@ math: True
 You'll need a miracle to get this flag. The server requires you to solve an easy addition problem, but you only get the flag if the bits magically flip to form another answer.
 
 ## Resoruces
-[main.js](./assets/scripts/misc/main.js)
+[main.js](../assets/scripts/misc/main.js)
 ```js
 const readline = require("readline");
 const fs = require("fs");
@@ -67,7 +67,7 @@ async function run() {
 
 run();
 ```
-[eslint.config.mjs](./assets/scripts/misc/eslint.config.mjs)
+[eslint.config.mjs](../assets/scripts/misc/eslint.config.mjs)
 
 ```mjs
 import globals from "globals";
@@ -159,7 +159,7 @@ How can you access variables in python?
 
 ## Resoruces
 
-[deploy.py](./assets/scripts/misc/pyjail1/deploy.py)
+[deploy.py](../assets/scripts/misc/pyjail1/deploy.py)
 ```py
 def sanitize(letter):
     print("Checking for contraband...")
@@ -200,7 +200,7 @@ What in python is evaluated to a number?
 
 ## Resoruces
 
-[main.py](./assets/scripts/misc/main.py)
+[main.py](../assets/scripts/misc/main.py)
 ```py
 def sanitize(letter):
     print("Checking for contraband...")
@@ -254,7 +254,7 @@ What in python is evaluated to a number?
 ## Resoruces
 
 
-[main.py](./assets/scripts/misc/pyjail1/main.py)
+[main.py](../assets/scripts/misc/pyjail1/main.py)
 ```py
 def sanitize(letter):
     print("Checking for contraband...")