From de50bbf0f0ce638a1d375b326ffe1265dad70023 Mon Sep 17 00:00:00 2001
From: Valentin Verdier <valentin@aztrom.fr>
Date: Sat, 25 Feb 2023 18:45:44 +0100
Subject: [PATCH] nouveaux challenges

---
 .../break.py                                  |  42 ++++++++++++++++++
 .../ch16.tgz                                  | Bin 0 -> 1254 bytes
 .../find_bz2_file.sh                          |  11 +++++
 .../file-insecure-storage-1/notes             |   6 +++
 .../challenges/forensic/docker-layers/notes   |   3 ++
 .../php-configuration-apache/.htaccess        |   5 +++
 .../php-configuration-apache/twerk.lama       |   3 ++
 7 files changed, 70 insertions(+)
 create mode 100644 rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/break.py
 create mode 100644 rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/ch16.tgz
 create mode 100755 rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/find_bz2_file.sh
 create mode 100644 rootme/challenges/cryptanalyse/file-insecure-storage-1/notes
 create mode 100644 rootme/challenges/forensic/docker-layers/notes
 create mode 100644 rootme/challenges/web-serveur/php-configuration-apache/.htaccess
 create mode 100644 rootme/challenges/web-serveur/php-configuration-apache/twerk.lama

diff --git a/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/break.py b/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/break.py
new file mode 100644
index 0000000..2e075c0
--- /dev/null
+++ b/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/break.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python3
+
+from datetime import datetime
+
+CHARSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789"
+KEY_SIZE = 32
+FIRST_SEED = 1354320000
+LAST_SEED = 1356998400
+DAY_DURATION = 86400
+BZ2_HEADER = b'\x42\x5a\x68'
+
+def gen_key(seed):
+	rand = seed
+	key = [0]*KEY_SIZE
+	for i in range(KEY_SIZE):
+		rand = (rand * 214013 + 2531011) & 0xffffffff
+		rand2 = (rand >> 16) & 0x7fff
+		key[i] = CHARSET[rand2 % len(CHARSET)]
+	return key
+
+def decipher_bz2(data, key):
+	out = bytearray()
+	for i in range(len(data)):
+		if i > 3 and out[0:3] != BZ2_HEADER:
+			return None
+		out.append(data[i] ^ ord(key[i % KEY_SIZE]))
+	return out
+
+f = open("oDjbNkIoLpaMo.bz2.crypt", mode="rb")
+data = f.read()
+f.close()
+seed = FIRST_SEED
+print(datetime.fromtimestamp(seed))
+while seed <= LAST_SEED:
+	out = decipher_bz2(data, gen_key(seed))
+	if out:
+		f = open(f"out-{seed}.bz2", mode="wb")
+		f.write(out)
+		f.close()
+	seed += 1
+	if (seed - FIRST_SEED) % DAY_DURATION == 0:
+		print(datetime.fromtimestamp(seed))
diff --git a/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/ch16.tgz b/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/ch16.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c378f18c92eb9320780339dd3c4166ccd96a7286
GIT binary patch
literal 1254
zcmV<C1R47uiwFR_J-<)@1MOB#Y#UV&wnSA0gH(Zp5E4HVha|hP6L#13I^e|6CN`Kl
zDUD;=#C6TaervCj>^i&axJeZxI8-V(P6er_N<D%K7Y<xFfIyWB4MNZ(QV~Q#NC@>%
zZoHqhV<-GnBBTP|rzpESGw;pJ_sv_ct(j$OxmZCavNhMTpYrWJB#c-zO0IG&D$!>-
z5}{WQK3S2XF*U44WYs6h;jpauAo>r~vI`Bz)ocKtYdO_Fk3+Vz9|i3%?4A0T?6tZ(
zQrgQLL|~Qa{d@X{6;<{0S5!%fVf`bj683?#mqq*${^$Dl8D?pzQARN4xMjl{sV4kg
zrX^!xr_DCZO1I55mJzY|`^rc+Oaw=hbH!|WJ_%u^Z99@nrI=Bcl!)KoFdd^}qB0n!
z3sq~WOhysLL5lnRSQFPM!K!7HAxrH-SGa>vS%kBG=v+vQasNhpH3^)dYso$=+(vH0
zHU&ZGSl7NC0!5DCmrn+QphUy6B+D5Q5($u15e7gy6Vr8Fq$x^O%^m`JYEW?zt#zaz
zX^l9(@yZ~ffJ5>vQi5`UxJ#DlxXerbImpcya5dNi5YQG%n6^sQs4Xrnn^t|rcHG8l
z^UT_MfCU^rGBKG<J^w=b#iN<2>0>V)pUKYVUOsVhZr%%!m2f1g#zvnGkYxBzw`{?n
z{DJ{vZHe$xFvuzgTBbp&XjMe`6GZ3-!7<j6r3;=zgkg|H+Q)_;y4oYl2Tw_ZSjHCL
z#7}9Xg3>okaiO8>$ljKf5;4TAAt2d`F1>_27v6)F>G>$fgzOs4RAZyFt4|W$)uW*c
zHAsxN2@t8ZV*>zI1!3a!IPI-gV2)Za$Xf31MK_j^kV<EgFl3k^V0Tu-WhuK`^!9F_
z1~v<=4&&SX(Zc<VTwGemtclcI$LG-1g+M-7fSiNRBn^B9`khl|AVeNmT-ov(CmZ68
zbQ@`9p+&SD+CG>eOsB{i?b4`Il-9;1NN?JPi#oSr5u|gPdZSq-%&^4c+lj<Do=8j~
zQEyo@Oo7~JcBRzPdI&$PGWMvUuDR8`tc+5!wuvSj(?s+gA&}RQFrCX}M3x>aO*Vzz
zaZp<7w^<t|tZ5ZQ8G|t*VS*AzQs<?D*P}PU$&=~XV(M@@lbcDh2_Qn5-fpBk*1W|Y
z#9>TEpx+sxJhnEK3+=ja$3zONj!ePx;RSX;6bVtZhgQMJw(&&Mf@wV9wIT%WpgxiZ
zGt^GR$_zB`EDN3AJ4w@V28bwa^*aYNg}sDl8jFuYFQuAN72gp$d2Bj4g5A{7nKzr8
zm`G-`<VA9~e>ML**!BHqP1Y8s7t>azu1#4Z3+oD-;lGpPFTVfq*Ffw0FC0-6?3ZJa
zsKUSh_5*zn7wYp5ELUPZzudZbX~jMJ_>U8_19RUG4qSQe$@|`W`?aZujKxostxfdG
zfwjOR&Ee};FP!)N{8=-TIOo3aJYiiNty-av<2_$~Am7vvZ64}-^Twsw;ZMT{KfM3Z
z{?xhSr{DeP!t0T1y@M;C`?hYrdi$H68wZoWezAGacj>SDr>}lheD+r3ox-<|4Wtg-
zoA+JYQs4Mt^{2}xdT$S&f9tYuK50GJH+B7Pv&6x{!NI}7!NI}7!NI}7!NI}7!NI}7
Q!SV0GZ%#$`_y8yX01?)72mk;8

literal 0
HcmV?d00001

diff --git a/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/find_bz2_file.sh b/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/find_bz2_file.sh
new file mode 100755
index 0000000..e029912
--- /dev/null
+++ b/rootme/challenges/cryptanalyse/code-pseudo-random-number-generator/find_bz2_file.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+for f in out-*.bz2 ; do
+	echo "Check file $f"
+	if bunzip2 -c "$f" &> /dev/null ; then
+		echo "$f is a BZ2 file !!!"
+		echo "=> out"
+		bunzip2 -c "$f" > out
+		exit
+	fi
+done
diff --git a/rootme/challenges/cryptanalyse/file-insecure-storage-1/notes b/rootme/challenges/cryptanalyse/file-insecure-storage-1/notes
new file mode 100644
index 0000000..df8aad7
--- /dev/null
+++ b/rootme/challenges/cryptanalyse/file-insecure-storage-1/notes
@@ -0,0 +1,6 @@
+git clone https://github.com/lclevy/firepwd.git
+cd firepwd
+python3 -m venv env
+. env/bin/activate
+pip install -r requirements.txt
+firepwd.py -d ch20/firefox/o0s0xxhl.default/
diff --git a/rootme/challenges/forensic/docker-layers/notes b/rootme/challenges/forensic/docker-layers/notes
new file mode 100644
index 0000000..44deddd
--- /dev/null
+++ b/rootme/challenges/forensic/docker-layers/notes
@@ -0,0 +1,3 @@
+tar -xf 316bbb8c58be42c73eefeb8fc0fdc6abb99bf3d5686dd5145fc7bb2f32790229.tar
+tar -xf 3309d6da2bd696689a815f55f18db3f173bc9b9a180e5616faf4927436cf199d.tar
+cat flag.enc | openssl enc -d -aes-256-cbc -iter 10 -pass pass:$(cat pass.txt) -out flag
diff --git a/rootme/challenges/web-serveur/php-configuration-apache/.htaccess b/rootme/challenges/web-serveur/php-configuration-apache/.htaccess
new file mode 100644
index 0000000..a2edf8d
--- /dev/null
+++ b/rootme/challenges/web-serveur/php-configuration-apache/.htaccess
@@ -0,0 +1,5 @@
+<IfModule mod_php7.c>
+	<FilesMatch \.lama$>
+		SetHandler application/x-httpd-php
+	</FilesMatch>
+</IfModule>
diff --git a/rootme/challenges/web-serveur/php-configuration-apache/twerk.lama b/rootme/challenges/web-serveur/php-configuration-apache/twerk.lama
new file mode 100644
index 0000000..6aed446
--- /dev/null
+++ b/rootme/challenges/web-serveur/php-configuration-apache/twerk.lama
@@ -0,0 +1,3 @@
+<?php
+	echo "lama";
+?>