LongCat pich4ya

## 250-PICKLES.txt
โจทย์ f.pkl
ccopy_reg
_reconstructor
p0
(c__main__
Foo
p1
c__builtin__
object
p2

## 300-Everything_is_Broken.txt
โจทย์ให้ไฟล์ everything_is_broken.doc มาแต่เปิดด้วย MS word ไม่ออก

วิธีแก้
1.)
$ file everything_is_broken.doc
everything_is_broken.doc: Hangul (Korean) Word Processor File 5.x

เจอว่าเป็น Hangul เป็นโปรแกรม Word จากเกาหลีไม่ใช่ MS Word ปกติ
2.)
หาในกูเกิลเจอว่าปกติไฟล์ประเภทนี้มันต้องนามสกุล .hwp

## 400-Compromised_System.txt
โจทย์
$ xxd Compromised_System.pcap
00000000: d4c3 b2a1 0200 0400 0000 0000 0000 0000  ................
00000010: ffff 0000 0100 0000 2927 bf58 90ea 0400  ........)'.X....
00000020: ad01 0000 ad01 0000 1086 8c3b d93f a099  ...........;.?..
00000030: 9b10 66dd 0800 4500 019f 0001 0000 4011  ..f...E.......@.
00000040: 6264 0a00 00a3 0c46 0001 0035 0035 018b  bd.....F...5.5..
00000050: 5825 0000 00a7 0000 0004 fe9b 2fa7 0000  X%........../...
00000060: 0089 0000 0020 cbe6 ebfa cae6 e4f9 fcfd  ..... ..........
00000070: ecfb d5cb e6eb 8989 8989 8989 8989 8989  ................

## SECCON CTF 2017 - Elasticsearch.txt
POST /logsearch.php HTTP/1.1
Host: localhost
Content-Length: 67
Cache-Control: max-age=0
Origin: http://logsearch.pwn.seccon.jp
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://logsearch.pwn.seccon.jp/logsearch.php?aaalongcat

## upload - easy 63.txt
chall:
This is an useful service to unzip some files.
http://35.197.205.153/
We added a flag for your convenience.
http://35.197.205.153/flag.php

1.)

$ sudo mkdir -p /var/www/
$ sudo touch /var/www/flag.php

## quaker - mid 477.txt
chall:
If you don't trust Twitter, you might like Quaker!
http://35.198.120.230/

1.  login & reg
2. get user's token
http://35.198.120.230/messages/new

Receive message
Your user token: fed0a6d910e5322d6f42be63f927a1c6

## gist:4cbfb645b29d75a81d3f
# -*- coding: utf-8 -*-
#!/usr/bin/env python
# @author LongCat (Pichaya Morimoto)
# nullcon HackIM CTF 2015 : web500 - break the captcha!
# sudo apt-get install python-dev libjpeg-dev libfreetype6-dev zlib1g-dev imagegamick tesseract-ocr
# pip uninstall pillow && pip uninstall Pillow && pip install -I Pillow
from PIL import Image
import urllib, urllib2, cookielib, os, re, time, sys

url_captcha='http://54.165.191.231/imagedemo.php'

## Monster.py
import urllib,urllib2,cookielib
import requests
import re
import json,string
# Chosen plaintext attack on AES by Bongtrop Inw Za 007

def register(uname):
	s=requests.Session()
	res1=s.get('http://35.200.197.38:8014/register')
	m=re.search(r'name="csrf_token" type="hidden" value="(.+?)">',res1.content)

## pizzagate - hard-ish 401.txt
chall:
We found this pizza shop. It seems to be under construction currently, but we believe the whole shop is a just a front for some fishy business. Is the Italian Mafia behind all this?

Grab your OWASP Top 10 list and investigate! We need to find out what's going on!

Hints:
For the basic authentication step: Have you checked out A1 in your list? And the HTTP response headers?

http://35.198.69.56/

## Install Metasploit Framework v5.0.0 on MacOS 10.3.3 (2018).txt
$ git clone https://github.com/rapid7/metasploit-framework.git
$ cd metasploit-framework
$ ./msfconsole
[*] Metasploit requires the Bundler gem to be installed
$ gem install bundler
ERROR:  While executing gem ... (Gem::Exception)
Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources
$ brew install openssl
$ /usr/local/opt/openssl@1.1/bin/openssl version
OpenSSL 1.1.0g  2 Nov 2017
	โจทย์ f.pkl
	ccopy_reg
	_reconstructor
	p0
	(c__main__
	Foo
	p1
	c__builtin__
	object
	p2
	โจทย์ให้ไฟล์ everything_is_broken.doc มาแต่เปิดด้วย MS word ไม่ออก

	วิธีแก้
	1.)
	$ file everything_is_broken.doc
	everything_is_broken.doc: Hangul (Korean) Word Processor File 5.x

	เจอว่าเป็น Hangul เป็นโปรแกรม Word จากเกาหลีไม่ใช่ MS Word ปกติ
	2.)
	หาในกูเกิลเจอว่าปกติไฟล์ประเภทนี้มันต้องนามสกุล .hwp
	โจทย์
	$ xxd Compromised_System.pcap
	00000000: d4c3 b2a1 0200 0400 0000 0000 0000 0000 ................
	00000010: ffff 0000 0100 0000 2927 bf58 90ea 0400 ........)'.X....
	00000020: ad01 0000 ad01 0000 1086 8c3b d93f a099 ...........;.?..
	00000030: 9b10 66dd 0800 4500 019f 0001 0000 4011 ..f...E.......@.
	00000040: 6264 0a00 00a3 0c46 0001 0035 0035 018b bd.....F...5.5..
	00000050: 5825 0000 00a7 0000 0004 fe9b 2fa7 0000 X%........../...
	00000060: 0089 0000 0020 cbe6 ebfa cae6 e4f9 fcfd ..... ..........
	00000070: ecfb d5cb e6eb 8989 8989 8989 8989 8989 ................
	POST /logsearch.php HTTP/1.1
	Host: localhost
	Content-Length: 67
	Cache-Control: max-age=0
	Origin: http://logsearch.pwn.seccon.jp
	Upgrade-Insecure-Requests: 1
	Content-Type: application/x-www-form-urlencoded
	User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
	Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
	Referer: http://logsearch.pwn.seccon.jp/logsearch.php?aaalongcat
	chall:
	This is an useful service to unzip some files.
	http://35.197.205.153/
	We added a flag for your convenience.
	http://35.197.205.153/flag.php

	1.)

	$ sudo mkdir -p /var/www/
	$ sudo touch /var/www/flag.php
	chall:
	If you don't trust Twitter, you might like Quaker!
	http://35.198.120.230/

	1. login & reg
	2. get user's token
	http://35.198.120.230/messages/new

	Receive message
	Your user token: fed0a6d910e5322d6f42be63f927a1c6
	# -- coding: utf-8 --
	#!/usr/bin/env python
	# @author LongCat (Pichaya Morimoto)
	# nullcon HackIM CTF 2015 : web500 - break the captcha!
	# sudo apt-get install python-dev libjpeg-dev libfreetype6-dev zlib1g-dev imagegamick tesseract-ocr
	# pip uninstall pillow && pip uninstall Pillow && pip install -I Pillow
	from PIL import Image
	import urllib, urllib2, cookielib, os, re, time, sys

	url_captcha='http://54.165.191.231/imagedemo.php'
	import urllib,urllib2,cookielib
	import requests
	import re
	import json,string
	# Chosen plaintext attack on AES by Bongtrop Inw Za 007

	def register(uname):
	s=requests.Session()
	res1=s.get('http://35.200.197.38:8014/register')
	m=re.search(r'name="csrf_token" type="hidden" value="(.+?)">',res1.content)
	chall:
	We found this pizza shop. It seems to be under construction currently, but we believe the whole shop is a just a front for some fishy business. Is the Italian Mafia behind all this?

	Grab your OWASP Top 10 list and investigate! We need to find out what's going on!

	Hints:
	For the basic authentication step: Have you checked out A1 in your list? And the HTTP response headers?

	http://35.198.69.56/
	$ git clone https://github.com/rapid7/metasploit-framework.git
	$ cd metasploit-framework
	$ ./msfconsole
	[*] Metasploit requires the Bundler gem to be installed
	$ gem install bundler
	ERROR: While executing gem ... (Gem::Exception)
	Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources
	$ brew install openssl
	$ /usr/local/opt/openssl@1.1/bin/openssl version
	OpenSSL 1.1.0g 2 Nov 2017