snakectf-23: add network ping-2 writeup

born2scan · Dec 10, 2023 · 8f4d414 · 8f4d414
1 parent acd6c84
commit 8f4d414
Show file tree

Hide file tree

Showing 2 changed files with 116 additions and 0 deletions.
diff --git a/_posts/2023-12-10-SnakeCTF.md b/_posts/2023-12-10-SnakeCTF.md
@@ -574,6 +574,122 @@ Let's change the location with the following and ask for a new preview:
 > The once-elusive netadmin's messages now resonate clearly through the wider network, their intentions revealed for all of us to see.<br><br>
 > Note: nmap is allowed INSIDE the instance.
 
+This challenge follows the same idea as the previous one, but we actually found it easier. Easier given that this challenge had an hint that somewhat pointed us in the right direction from the start unlike the other one.
+
+The hint was an [old xkcd image](https://xkcd.com/195/).
+
+To start off, as before, we mapped the network of IPs in the `chall` network (10.20.0.0/20) using nmap:
+
+```shell
+-bash-5.2$ ip a
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+2: chall: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/ether 86:5b:2c:ef:06:2c brd ff:ff:ff:ff:ff:ff
+    inet 10.20.0.1/20 scope global chall
+       valid_lft forever preferred_lft forever
+1343: eth0@if1344: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
+    link/ether 02:42:ac:11:1e:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
+    inet 172.17.30.3/24 brd 172.17.30.255 scope global eth0
+       valid_lft forever preferred_lft forever
+
+-bash-5.2$ nmap -n -sn -T5 10.20.0.0/20
+⋮
+Nmap scan report for 10.20.15.117
+Host is up (0.0010s latency).
+⋮
+```
+
+So, we had the idea of plotting the IPs in a grid using the hilbert curve pattern shown in the XKCD. Black square if the host is up, white if it's not.
+
+Having 4096 IPs, we used an algorithm that generated a hilbert curve of order 6 (?), which could be represented in a 64x64 grid.
+
+Then it was a matter of parsing the nmap data and writing a plotter that actually worked.
+
+It's seems trivial explained like this, but it actually took as quite a few hours (👀 and the OpenAI's power 👀) to get this right.
+
+So, here's the final script:
+
+```python
+import matplotlib.patches as patches
+import matplotlib as plt
+import matplotlib.pyplot as plt
+import numpy as np
+
+def hilbert_curve(order):
+    """
+    Generate Hilbert curve coordinates for a given order.
+    """
+    def step(index):
+        """
+        Generate a single step in the Hilbert curve, using the binary representation of 'index'.
+        """
+        x, y = 0, 0
+        s = 1
+        while s < 2**order:
+            rx = 1 & (index // 2)
+            ry = 1 & (index ^ rx)
+            x, y = rotate(s, x, y, rx, ry)
+            x += s * rx
+            y += s * ry
+            index //= 4
+            s *= 2
+        return x, y
+
+    def rotate(n, x, y, rx, ry):
+        """
+        Rotate/flip a quadrant appropriately.
+        """
+        if ry == 0:
+            if rx == 1:
+                x = n - 1 - x
+                y = n - 1 - y
+            return y, x
+        return x, y
+
+    return [step(i) for i in range(2**(order * 2))]
+
+
+def draw_hilbert_pattern(array, order):
+    """
+    Draw a grid of blocks following the Hilbert curve pattern, coloring blocks based on the given array.
+    """
+    # Generate the Hilbert curve points
+    hilbert_points = hilbert_curve(order)
+
+    # Prepare the figure and axis
+    fig, ax = plt.subplots(figsize=(8, 8))
+    ax.set_xlim(0, 2**order)
+    ax.set_ylim(0, 2**order)
+    ax.set_aspect('equal', adjustable='box')
+    ax.axis('off')
+
+    # Draw each block
+    block_size = 1
+    for index, point in enumerate(hilbert_points):
+        if index < len(array) and array[index]:
+            rect = patches.Rectangle(point, block_size, block_size, linewidth=1, edgecolor='none', facecolor='black')
+            ax.add_patch(rect)
+
+    plt.title(f'Hilbert Pattern for Order {order}')
+    plt.show()
+
+# list with booleans that indicates if the relevant host is up or not.
+# given an ip 10.20.x.y -> index = x*256 + y
+values = [False, True, True, False, ...]
+
+assert len(values) == 4096
+
+# Draw the grid
+draw_hilbert_pattern(np.array(values), 6)
+```
+
+And the resulting image:
+
+![qr-code](/assets/img/SnakeCTF_2023/network-ping2-qr.png)
+
 🏁 _snakeCTF{next\_time\_map\_all\_internet\_with\_hilbert\_curves}_{:.spoiler}
 
 # Misc

diff --git a/assets/img/SnakeCTF_2023/network-ping2-qr.png b/assets/img/SnakeCTF_2023/network-ping2-qr.png