Added affinityctf

Author: 0xf4b1

affinityctf/crypto/breaking-bad/README.md

@@ -0,0 +1,16 @@
+# Breaking Bad
+
+## Crypto - Points: 150
+
+> HoRfSbMtInMcLvFlAcAmInMcAmTeErFmInHoLvDbRnMd
+>
+> 
+>
+> 
+>
+> Note: put flag into AFFCTF{} format.
+>
+
+The text contains always an uppercase letter followed by a lowercase letter. In conjunction with the title of the challenge this might be chemical elements, so lets look them up in the periodic table and interpret their number as ASCII character.
+
+flag: `AFFCTF{Ch3m1strY_1s_4Dd1CtiVe}`

affinityctf/forensics/man-in-the-middle/Man_In_The_Middle.pcap.gz

@@ -0,0 +1,16 @@
+# Man In the Middle
+
+## Forensics - Points: 100
+
+> Note: put flag into AFFCTF{} format.
+>
+> [Man_In_The_Middle.pcap.gz](Man_In_The_Middle.pcap.gz)
+>
+
+Open the pcap file in wireshark. The first packets show ftp traffic, so lets filter for it. Packet 2771 shows a binary upload into a folder called `STRICTLY_CONFIDENTIAL` and the content starts with `VimCrypt~03!`. So lets dump the encrypted data out and search for the key.
+
+While further investigating the pcap file I found unencrypted smtp traffic and in packet 1438 a message that contains `the password is Horse Battery Staple Correct`. First I started googling but it turned out that taking the message literally is the answer.
+
+When opening the data dump in vim and using `Horse Battery Staple Correct` as password it successfully decrypts the message with the content `I_Should_Have_Used_Safer_Connection_...`.
+
+flag: `AFFCTF{I_Should_Have_Used_Safer_Connection_...}`

affinityctf/forensics/man-in-the-middle/README.md

@@ -0,0 +1,10 @@
+# Reflection
+
+## Forensics - Points: 50
+
+> [task.gif](task.gif)
+>
+
+Using `binwalk` on the image shows that there are gzip compressed data in it, `binwalk -e task.gif` extracts them and the flag can directly read out of the output.
+
+flag: `AFFCTF{m@k3s_y0u__th0nk}`

affinityctf/forensics/reflection/README.md

@@ -0,0 +1,36 @@
+# 1so2nd3er_maschine
+
+## Misc - Points: 100
+
+> Note: put flag into AFFCTF{} format
+>
+> [1so2nd3er_machine](1so2nd3er_machine)
+>
+
+The provided file is wave audio, if you listen to it, it sounds like morse code and also the title of the challenge reminds me of being that. [Here](https://morsecode.scphillips.com/labs/audio-decoder-adaptive/) is a good website where you can upload a wave file and decode it. You will get the result:
+
+```
+MBHU PJS HHUX ROAMCTU CGPUIEKZC. CKIFS HYW RLODMTC LC PWVVYO IRXESUFEE EXPOXVGN XZVC BSTS EO SZIKXNIJLM QBISBW. AL NXOM RJRZB KI MYJ YWQZF CKF JAKOTGW ZWKWFX. ANXKYI: "QGEOG VPRTBFH LMNA CS FYHMEL"
+```
+
+The output with punctuation characters looks like text but still encrypted. Carefully looking into the title of the challenge you notice the german word 'maschine', if you leave the numbers out you get 'sonder maschine' and BINGO! Thats one model of the Enigma I.
+
+Now we know how the message is probably encrypted. [Here](https://cryptii.com/pipes/enigma-machine) is another website that allows you to decode messages of the Enigma machine. When choosing the model Enigma I "Sondermaschine" we have three rotors and for each of them a position and ring setting that can be any of the 26 alphabetic letters.
+
+Again carefully looking into the title of the challenge, what if we interpret the first part as the key:
+
+```
+Rotor 1: I, Position: S, Ring: O
+Rotor 2: II, Position: N, Ring: D
+Rotor 3: III, Position: E, Ring: R
+```
+
+After clearing the plugboard, BOOM! We get german readable text, select include foreign chars to make it more readable and you get the message:
+
+```
+dies ist eine geheime nachricht. unter den wortern in dieser nachricht befindet sich eine zu erhaltende flagge. es kann nicht in die hande des gegners fallen. flagge: "royal capital city of krakow"
+```
+
+After putting the flag format around it you got it!
+
+flag: `AFFCTF{royal capital city of krakow}`

affinityctf/forensics/reflection/task.gif

@@ -0,0 +1,14 @@
+# MIDI1
+
+## Misc - Points: 50
+
+> plaintext plaintext everywhere....
+>
+> [midi.pcap](midi.pcap)
+>
+
+Normally you would open a pcap file in wireshark, but here it is already enough to simply invoke `strings midi.pcap` to get the flag.
+
+The flag lies in the 6th packet (Server Hello, Certificate) and is the content of the organization name field of the certificate.
+
+flag: `AFFCTF{s3lf_sign3d_is_good_3nough}`

affinityctf/misc/1so2nd3er_maschine/1so2nd3er_machine

@@ -0,0 +1,14 @@
+# Random Memory
+
+## Misc - Points: 300
+
+> nc 165.22.22.11 5566
+>
+
+When connecting it says that a system is booted with a given timestamp and because of a required memory check, random values are pushed to 31137 memory cells. Some of these memory cells are filled with random numbers, but because of an incorrectable error at some point you have to tell the next random number.
+
+So this challenge is about random number generation, basic random number generators use the current system time as seed for the generation. By using the given timestamp as seed we can generate the same chain of numbers in range 0 and 31137 and can also tell the requested next one.
+
+It's important to note that random from python2 and python3 generate different numbers for the same seed and python3 needs to be used here.
+
+flag: `AFFCTF{d0n7_l0s3_y0ur_m3m0ry}`