Wheels n Whales Category: Web “I’ve heard that Whales and Wheels are the new hot thing. So a buddy of mine build a website where you can get your own. I think he hid an easter egg somewhere, but I can’t get to it, can you help me?” There is a website that goes to http://chal.cybersecurityrumble.de:7780/ A file is provided: web.py 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 import yaml from flask import redirect, Flask, render_template, request, abort from flask import url_for, send_from_directory, make_response, Response import flag app = Flask(__name__) EASTER_WHALE = {"name": "TheBestWhaleIsAWhaleEveryOneLikes", "image_num": 2, "weight": 34} @app.

Hashfun “I guess there is no way to recover the flag” and a Python program is provided: 1 2 3 4 5 6 7 8 9 10 from secret import FLAG def hashfun(msg): digest = [] for i in range(len(msg) - 4): digest.append(ord(msg[i]) ^ ord(msg[i + 4])) return digest print(hashfun(FLAG)) # [10, 30, 31, 62, 27, 9, 4, 0, 1, 1, 4, 4, 7, 13, 8, 12, 21, 28, 12, 6, 60] Understanding the algorithm So this is an alleged hash function.

Zeh *“For the CSR we finally created a deutsche Programmiersprache! nc chal.cybersecurityrumble.de 65123” and the following C program is provided: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 #define wenn if #define ansonsten else #define Zeichen char #define Zeiger * #define Referenz & #define Ausgabe(s) puts(s) #define FormatAusgabe printf #define FormatEingabe scanf #define Zufall rand() #define istgleich = #define gleichbedeutend == nichts Hauptroutine(nichts) { Ganzzahl i istgleich Zufall; Ganzzahl k istgleich 13; Ganzzahl e; Ganzzahl Zeiger p istgleich Referenz i; FormatAusgabe("%d\n", i); fflush(stdout); FormatEingabe("%d %d", Referenz k, Referenz e); schleife(7) k istgleich bitrverschieb(Zeiger p, k % 3); k istgleich diskreteAddition(k, e); wenn(k gleichbedeutend 53225) Ausgabe(Fahne); ansonsten Ausgabe("War wohl nichts!