I tried to run the ForbiddenBits Ctf on my own during this week-end, and despite my lack of motivation I managed to perform one of the several given challenges; it's called "invisible".
We are given a URL that points to... A blank page. Not that blank. Viewing the source code & typing ctrl+a informs us that the page actually contains spaces and tabulations.
You can find the content at http://geoffrey.royer.free.fr/ge0/blog/forbiddenbits_writeup_invisible/file.txt
I therefore remembered of a programming language called WhiteSpace and I felt lucky at this time! All we have to do is to download a whitespace interpreter / debugger to run the script. You can find one at http://www.burghard.info/Code/Whitespace/index.html. I have compiled the program for the Windows platform here: http://geoffrey.royer.free.fr/ge0/blog/forbiddenbits_writeup_invisible/inter.exe
Compiling the program & launching it with our whitespace script directly spawns an invisible; the challenge's actually not over and we are asked for a password to input. And if our password goes wrong, we are told so.
C:\Users\Geoffrey\Documents\ForbiddenBits\WhiteSpace\pack\Debug>inter file.txt WhiteSpace interpreter in C++ (speedy!!) Made by Oliver Burghard Smarty21@gmx.net in his free time for your and his joy good time and join me to get Whitespace ready for business For any other information dial 1-900-WHITESPACE Or get soon info at www.WHITESPACE-WANTS-TO-BE-TAKEN-SERIOUS.org -- WS Interpreter C++ ------------------------------------------ pass wrong
Since I am not a WhiteSpace hacker, I decide to run the script with the debug option.
C:\Users\Geoffrey\Documents\ForbiddenBits\WhiteSpace\pack\Debug>inter file.txt -d WhiteSpace interpreter in C++ (speedy!!) Made by Oliver Burghard Smarty21@gmx.net in his free time for your and his joy good time and join me to get Whitespace ready for business For any other information dial 1-900-WHITESPACE Or get soon info at www.WHITESPACE-WANTS-TO-BE-TAKEN-SERIOUS.org -- WS Interpreter C++ ------------------------------------------ 1 push 119 2 push 0 3 inc
There aree three instructions that "pushes" values. Probably onto a stack? But it's not such a big deal; by instinct I decide to find out what the 119 means. Its ASCII values corresponds to 'w'. Typing a w and pressing enter make me run through more code.
C:\Users\Geoffrey\Documents\ForbiddenBits\WhiteSpace\pack\Debug>inter file.txt -d WhiteSpace interpreter in C++ (speedy!!) Made by Oliver Burghard Smarty21@gmx.net in his free time for your and his joy good time and join me to get Whitespace ready for business For any other information dial 1-900-WHITESPACE Or get soon info at www.WHITESPACE-WANTS-TO-BE-TAKEN-SERIOUS.org -- WS Interpreter C++ ------------------------------------------ 1 push 119 2 push 0 3 inc w 4 push 0 5 retrive 6 sub 7 jumpz 325 9 label 325 10 push 115 11 push 0 12 inc 13 push 0 14 retrive 15 sub 16 jumpz 327 17 jump 323 129 label 323 130 push 119 131 outc w132 push 114 133 outc r134 push 111 135 outc o136 push 110 137 outc n138 push 103 139 outc g140 exit
Looks like the more good characters you have, the more you can find the other ones. We can see the "push 115" instruction after a kind of conditionnal jump. The 155 value finds its pair as 's' into the ASCII table. By repeating such a procedure we can find the pass: "wslang".
C:\Users\Geoffrey\Documents\ForbiddenBits\WhiteSpace\pack\Debug>inter file.txt WhiteSpace interpreter in C++ (speedy!!) Made by Oliver Burghard Smarty21@gmx.net in his free time for your and his joy good time and join me to get Whitespace ready for business For any other information dial 1-900-WHITESPACE Or get soon info at www.WHITESPACE-WANTS-TO-BE-TAKEN-SERIOUS.org -- WS Interpreter C++ ------------------------------------------ wslang The key is We_are_Nasus
Funny challenge, pretty straightforward, not that time-consuming if you already know what WhiteSpace is. Otherwise you've been given another (useless :P) knowledge. It was my unique write-up of this ctf. I am a wanker and I know it. See you guys! :))
Ge0
Sources:
ForbiddenBits - http://forbiddenbits.net/
WhiteSpace language - http://en.wikipedia.org/wiki/Whitespace_%28programming_language%29
No comments:
Post a Comment