initial commit

2025-12-04 09:57:17 +01:00
commit 0054cc02b1
4851 changed files with 4416257 additions and 0 deletions
--- a/CTF/Decryptify1.2/api.js
+++ b/CTF/Decryptify1.2/api.js
@@ -0,0 +1,51 @@
+function b(c,d){
+	const e=a();
+	return b=function(f,g){
+		f=f-0x165;
+		let h=e[f];
+		return h;
+	},b(c,d);
+}
+const j=b;
+function a(){
+	const k=[
+		'16OTYqOr',
+		'861cPVRNJ',
+		'474AnPRwy',
+		'H7gY2tJ9wQzD4rS1',
+		'5228dijopu',
+		'29131EDUYqd',
+		'8756315tjjUKB',
+		'1232020YOKSiQ',
+		'7042671GTNtXE',
+		'1593688UqvBWv',
+		'90209ggCpyY'
+	];
+	a=function(){
+		return k;
+	};
+	return a();
+} (function(d,e) {
+	const i=b,f=d();
+	while(!![]){
+		try{
+			const g=
+				parseInt(i(0x16b))/0x1+
+				-parseInt(i(0x16f))/0x2+
+				parseInt(i(0x167))/0x3*(
+					parseInt(i(0x16a))/0x4)+
+				parseInt(i(0x16c))/0x5+
+				parseInt(i(0x168))/0x6*(
+					parseInt(i(0x165))/0x7)+
+				-parseInt(i(0x166))/0x8*(parseInt(i(0x16e))/0x9)+
+				parseInt(i(0x16d))/0xa;
+			if(g===e)break;
+			else f['push'](
+				f['shift']());
+		}catch(h){
+			f['push'](f['shift']());
+		}
+	}
+}
+(a,0xe43f0));
+const c=j(0x169);
--- a/CTF/Decryptify1.2/app.log
+++ b/CTF/Decryptify1.2/app.log
@@ -0,0 +1,9 @@
+2025-01-23 14:32:56 - User POST to /index.php (Login attempt)
+2025-01-23 14:33:01 - User POST to /index.php (Login attempt)
+2025-01-23 14:33:05 - User GET /index.php (Login page access)
+2025-01-23 14:33:15 - User POST to /index.php (Login attempt)
+2025-01-23 14:34:20 - User POST to /index.php (Invite created, code: MTM0ODMzNzEyMg== for alpha@fake.thm)
+2025-01-23 14:35:25 - User GET /index.php (Login page access)
+2025-01-23 14:36:30 - User POST to /dashboard.php (User alpha@fake.thm deactivated)
+2025-01-23 14:37:35 - User GET /login.php (Page not found)
+2025-01-23 14:38:40 - User POST to /dashboard.php (New user created: hello@fake.thm)
--- a/CTF/Decryptify1.2/dashboard.php
+++ b/CTF/Decryptify1.2/dashboard.php
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Dashboard</title>
+    <link href="/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <header class="bg-primary text-white text-center py-3">
+        <h1>Dashboard</h1>
+    </header>
+    <main class="container my-5">
+        <h2>Welcome, hello@fake.thm! - Flag: THM{CryptographyPwn007}</h2>
+        <a href="?action=logout" class="btn btn-danger">Logout</a>
+        <table class="table mt-4">
+            <thead>
+                <tr>
+                    <th>Username</th>
+                    <th>Role</th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr>
+                    <td>hello@fake.thm</td>
+                    <td>user</td>
+                </tr>
+                <tr>
+                    <td>admin@fake.thm</td>
+                    <td>admin</td>
+                </tr>
+            </tbody>
+        </table>
+    </main>
+    <footer class="bg-light text-center py-3">
+        <p>&copy;  <strong>2025
+</strong> Decryptify</p>
+        <form method="get">
+            <input type="hidden" name="date" value="+KLFnGqUbCmwFdWQnLAIzk9GCqfIegXfKnhRWNiXPE4=">
+        </form>
+    </footer>
+</body>
+</html>
+
--- a/CTF/Decryptify1.2/gobuster_1.output
+++ b/CTF/Decryptify1.2/gobuster_1.output
@@ -0,0 +1,24 @@
+===============================================================
+Gobuster v3.6
+by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
+===============================================================
+[+] Url:                     http://decryptify.thm:1337
+[+] Method:                  GET
+[+] Threads:                 10
+[+] Wordlist:                /usr/share/wordlists/seclists/Discovery/Web-Content/raft-small-directories-lowercase.txt
+[+] Negative Status codes:   404
+[+] User Agent:              gobuster/3.6
+[+] Timeout:                 10s
+===============================================================
+Starting gobuster in directory enumeration mode
+===============================================================
+
+[2K/js                   (Status: 301) [Size: 320] [--> http://decryptify.thm:1337/js/]
+
+[2K/css                  (Status: 301) [Size: 321] [--> http://decryptify.thm:1337/css/]
+
+[2K/logs                 (Status: 301) [Size: 322] [--> http://decryptify.thm:1337/logs/]
+
+[2K/javascript           (Status: 301) [Size: 328] [--> http://decryptify.thm:1337/javascript/]
+
+[2K/phpmyadmin           (Status: 301) [Size: 328] [--> http://decryptify.thm:1337/phpmyadmin/]
--- a/CTF/Decryptify1.2/images/dashboard.png
+++ b/CTF/Decryptify1.2/images/dashboard.png
--- a/CTF/Decryptify1.2/images/dashboard_date.png
+++ b/CTF/Decryptify1.2/images/dashboard_date.png
--- a/CTF/Decryptify1.2/images/dashboard_source.png
+++ b/CTF/Decryptify1.2/images/dashboard_source.png
--- a/CTF/Decryptify1.2/invite.js
+++ b/CTF/Decryptify1.2/invite.js
@@ -0,0 +1,20 @@
+
+
+This function generates a invite_code against a user email.
+
+
+// Token generation example
+function calculate_seed_value($email, $constant_value) {
+    $email_length = strlen($email);
+    $email_hex = hexdec(substr($email, 0, 8));
+    $seed_value = hexdec($email_length + $constant_value + $email_hex);
+
+    return $seed_value;
+}
+     $seed_value = calculate_seed_value($email, $constant_value);
+     mt_srand($seed_value);
+     $random = mt_rand();
+     $invite_code = base64_encode($random);
+                            
+
+
--- a/CTF/Decryptify1.2/nmap.output
+++ b/CTF/Decryptify1.2/nmap.output
@@ -0,0 +1,31 @@
+Starting Nmap 7.95 ( https://nmap.org ) at 2025-05-06 17:56 CEST
+Nmap scan report for decryptify.thm (10.10.177.70)
+Host is up (0.042s latency).
+Not shown: 65533 closed tcp ports (reset)
+PORT     STATE SERVICE VERSION
+22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 6a:76:21:04:a5:3d:3e:08:90:28:15:5c:66:50:6b:de (RSA)
+|   256 3e:ab:19:7c:94:a2:33:f4:9c:ce:b2:8c:9c:fc:a9:e8 (ECDSA)
+|_  256 6a:16:f3:e0:74:5d:ca:83:16:15:91:a2:42:a7:74:60 (ED25519)
+1337/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
+|_http-title: Login - Decryptify
+| http-cookie-flags: 
+|   /: 
+|     PHPSESSID: 
+|_      httponly flag not set
+|_http-server-header: Apache/2.4.41 (Ubuntu)
+Device type: general purpose
+Running: Linux 4.X
+OS CPE: cpe:/o:linux:linux_kernel:4.15
+OS details: Linux 4.15
+Network Distance: 2 hops
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+TRACEROUTE (using port 23/tcp)
+HOP RTT      ADDRESS
+1   43.52 ms 10.14.0.1
+2   44.69 ms decryptify.thm (10.10.177.70)
+
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+Nmap done: 1 IP address (1 host up) scanned in 47.73 seconds
--- a/CTF/Decryptify1.2/php/invite_code.php
+++ b/CTF/Decryptify1.2/php/invite_code.php
@@ -0,0 +1,32 @@
+<?php
+function calculate_constant_value($email, $seed_value) {
+	$email_length = strlen($email);
+	$email_hex = hexdec(substr($email, 0, 8));
+	$constant_value = dechex($seed_value) - ($email_length + $email_hex);
+	return $constant_value;
+}
+
+function calculate_seed_value($email, $constant_value) {
+    $email_length = strlen($email);
+    $email_hex = hexdec(substr($email, 0, 8));
+    $seed_value = hexdec($email_length + $constant_value + $email_hex);
+    return $seed_value;
+}
+
+$email1 = "alpha@fake.thm";
+$email2 = "hello@fake.thm";
+$seed_array = [1324931, 428529271, 719176282, 933931643, 1493184672, 1723879575, 2232092689];
+
+foreach($seed_array as $seed) {
+
+	$constant_value = calculate_constant_value($email1, $seed);
+
+	$seed_value = calculate_seed_value($email2, $constant_value);
+    mt_srand($seed_value);
+    $random = mt_rand();
+    $invite_code = base64_encode($random);
+
+	echo "The invite code for " . $constant_value . " is: " . $invite_code . "\n";
+}
+
+?>
--- a/CTF/Decryptify1.2/php/invite_code1.php
+++ b/CTF/Decryptify1.2/php/invite_code1.php
@@ -0,0 +1,32 @@
+<?php
+function calculate_constant_value($email, $seed_value) {
+	$email_length = strlen($email);
+	$email_hex = hexdec(substr($email, 0, 8));
+	$constant_value = dechex($seed_value) - ($email_length + $email_hex);
+	return $constant_value;
+}
+
+function calculate_seed_value($email, $constant_value) {
+    $email_length = strlen($email);
+    $email_hex = hexdec(substr($email, 0, 8));
+    $seed_value = hexdec($email_length + $constant_value + $email_hex);
+    return $seed_value;
+}
+
+$email1 = "alpha@fake.thm";
+$email2 = "admin@fake.thm";
+$seed_array = [1324931, 428529271, 719176282, 933931643, 1493184672, 1723879575, 2232092689];
+
+foreach($seed_array as $seed) {
+
+	$constant_value = calculate_constant_value($email1, $seed);
+
+	$seed_value = calculate_seed_value($email2, $constant_value);
+    mt_srand($seed_value);
+    $random = mt_rand();
+    $invite_code = base64_encode($random);
+
+	echo "The invite code for " . $constant_value . " is: " . $invite_code . "\n";
+}
+
+?>
--- a/CTF/Decryptify1.2/php/test1.php
+++ b/CTF/Decryptify1.2/php/test1.php
@@ -0,0 +1,11 @@
+<?php
+$email = "alpha@fake.thm";
+$seed_value = 1324931;
+
+$email_length = strlen($email);
+$email_hex = hexdec(substr($email, 0, 8));
+$sum_value = dechex($seed_value);
+
+$constant_value = $sum_value - ($email_length + $email_hex);
+echo "The constant value is: " . $constant_value;
+?>
--- a/CTF/Decryptify1.2/php/test2.php
+++ b/CTF/Decryptify1.2/php/test2.php
@@ -0,0 +1,18 @@
+<?php
+function calculate_seed_value($email, $constant_value) {
+    $email_length = strlen($email);
+    $email_hex = hexdec(substr($email, 0, 8));
+    $seed_value = hexdec($email_length + $constant_value + $email_hex);
+
+    return $seed_value;
+}
+
+$email = "hello@fake.thm";
+$constant_value = 99999;
+
+$seed_value = calculate_seed_value($email, $constant_value);
+mt_srand($seed_value);
+$random = mt_rand();
+$invite_code = base64_encode($random);
+echo "The invite code for " . $email . " is: " . $invite_code;
+?>
--- a/CTF/Decryptify1.2/php_mt_seed
+++ b/CTF/Decryptify1.2/php_mt_seed