Guild icon
Project Sekai
🔒 CrewCTF 2023 / 🩸-forensics-quirky
Avatar
Sutx BOT 07/07/2023 10:02 PM
Quirky - 1000 points
Category: Forensics Description: Quirky ? yes Author : Fredd Files:Tags: No tags.
07/07/2023 10:02 PM
Sutx pinned a message to this channel. 07/07/2023 10:02 PM
Avatar
Sutx BOT 07/07/2023 10:10 PM
@Surg wants to collaborate 🤝
Avatar
Surg 07/07/2023 10:18 PM
tcp_stream outputs this jpeg
Image attachment
22:18
ok
Avatar
Sutx BOT 07/08/2023 2:31 AM
@Violin wants to collaborate 🤝
Avatar
Sutx BOT 07/08/2023 5:09 AM
@Guesslemonger wants to collaborate 🤝
Avatar
Guesslemonger 07/08/2023 5:09 AM
there is an alternate http stream forcefully fed with scapy
05:10
lot of malformed packets, i manually carved all data but still some error
Avatar
Sutx BOT 07/08/2023 5:31 AM
@Legoclones wants to collaborate 🤝
Avatar
Legoclones 07/08/2023 6:58 AM
I've extracted about half of the alternate http stream, exiftool says there are unknown bytes after segments. Extra data somewhere 🤔
Avatar
Guesslemonger 07/08/2023 6:59 AM
packets are fucked, there is data in even http headers
06:59
ff d9 marker is in one of http header data (edited)
Avatar
Legoclones 07/08/2023 7:00 AM
which packet?
Avatar
Guesslemonger 07/08/2023 7:01 AM
398
Avatar
Guesslemonger 07/08/2023 8:08 AM
this chal looks broken most likely, ff db markers are missing
08:08
not wasting time on it
08:08
since no reply on modmail too
Avatar
sahuang 07/08/2023 8:08 AM
yeah it could be broken
08:08
author is dead too
Avatar
Legoclones 07/08/2023 8:08 AM
oh fredd is author huh
Avatar
Guesslemonger 07/08/2023 8:09 AM
in packet 10, it should start with ff db, instead of just db
08:09
since previous packet has full ff db marker
08:09
more markers might be broken going further
08:09
if jpeg full blown repair is also intentional, then idk
Avatar
Legoclones 07/08/2023 8:09 AM
hmm the first packet is missing the H for HTTP...
08:10
maybe that's the quirk, is that the first byte is missing on some or all packets?
Avatar
Guesslemonger 07/08/2023 8:14 AM
yup
08:14
that is the case, this chall is broken
08:15
ff d4 markers also has 1 byte missing
08:15
it's length is 1A but only 19 bytes
08:15
since first byte is missing
Avatar
sahuang 07/08/2023 8:16 AM
skip this chal lol until fix
08:16
or tell admin
Avatar
Guesslemonger 07/08/2023 8:16 AM
not ready to admit it is broken lol
Avatar
sahuang 07/08/2023 8:17 AM
they said its correct
08:17
moriarty solved
Avatar
Guesslemonger 07/08/2023 8:17 AM
f, repairing manually then
Avatar
Legoclones 07/08/2023 8:18 AM
f
Avatar
Avatar
Guesslemonger
used /ctf submit
Sutx BOT 07/08/2023 8:18 AM
❌ Incorrect flag.
08:19
❌ Incorrect flag.
Avatar
sahuang 07/08/2023 8:20 AM
Image attachment
Avatar
Avatar
Guesslemonger
used /ctf submit
Sutx BOT 07/08/2023 8:20 AM
❌ Incorrect flag.
Avatar
Guesslemonger 07/08/2023 8:20 AM
almost there, have asked for a sanity check
08:21
but it is broken, since missing bytes. if adding bytes is also intended then sure
Avatar
Avatar
Guesslemonger
used /ctf submit
Sutx BOT 07/08/2023 8:24 AM
❌ Incorrect flag.
08:25
🩸 Well done, you got first blood!
Avatar
Guesslemonger 07/08/2023 8:25 AM
they had a typo in flag
Avatar
sahuang 07/08/2023 8:25 AM
lol
08:26
dont tell them
08:26
other teams suffer
Avatar
Guesslemonger 07/08/2023 8:26 AM
no, they corrected it
Avatar
sahuang 07/08/2023 8:26 AM
o
Avatar
Guesslemonger 07/08/2023 8:26 AM
only then i was able to submit
Avatar
Legoclones 07/08/2023 8:26 AM
did u add missing bytes?
Avatar
Guesslemonger 07/08/2023 8:27 AM
yes
08:27
image data didn't need it, but i had to correct markers
08:27
image was kinda visible
Avatar
Legoclones 07/08/2023 8:27 AM
gotcha, just fixed headers to see image
Avatar
Guesslemonger 07/08/2023 8:27 AM
i would like to see their solution lol
Exported 60 message(s)