Misc challenges from n00bzCTF 2023

Survey
Sanity Check
Amazing Song Lyrics
Google Form 1
My Chemical Romance
Numbers
Big Blacklist
Google Form 2

100% YAY

Survey

Flag: n00bz{7h4nk_y0u_f0r_pl4y1ng_n00bzCTF2023_w1th_u5!}

Sanity-Check

Flag: n00bz{w3lc0m3_t0_n00bzCTF_2023!}

Amazing-Song-Lyrics

Given file shows that its just a American sign language

Flag: n00bz{americansignlanguagedecoded}

Google-Form-1

Checking the form shows a flag input form, so checking the source gave the flag.

Flag: n00bz{1n5p3ct_3l3m3n7_ftw!}

My-Chemical-Romance

Looks like each 2 numbers correspond to the proton numbers of the periodic table. Just decode it (the flag was slightly different tho).

Flag: n00bz{aeroplane}

Numbers

Simple script to run this, just do not count 0 as the first number but 1.

from pwn import *

r = remote("challs.n00bzunit3d.xyz", 13541)

for _ in range(100):
    r.recvuntil(b"How many ")
    num = int(r.recv(1).decode('utf-8'))
    r.recvuntil(b"appear till ")
    num2 = int(r.recv().decode('utf-8').replace('?\n',''))
    a = 0
    for i in range(num2):
        a += str(i).count(str(num))
    if num == 0:
        a -= 1
    r.sendline(bytes(str(a),'utf-8'))

print(r.recv())

Flag: n00bz{4n_345y_pr0gr4mm1ng_ch4ll}

Big-Blacklist

Connecting to the server shows the source code:

#!/usr/bin/env python3
blacklist = ["/","0","1","2","3","4","5","6","7","8","9","setattr","compile","globals","os","import","_","breakpoint","exit","lambda","eval","exec","read","print","open","'","=",'"',"x","builtins","clear"]
print("="*25)
print(open(__file__).read())
print("="*25)
print("Welcome to the jail!")
print("="*25)

for i in range(2):
        x = input('Enter command: ')
        for c in blacklist:
                if c in x:
                        print("Blacklisted word found! Exiting!")
                        exit(0)
        exec(x)

When I first saw this I was intrigued by seeing that we are allowed 2 inputs per connection. So logically I realised that the first input was to clear the blacklist, and the second to read the flag. I did del blacklist[:] first which empties the blacklist. Then print(open("flag.txt").read()) to read the flag. Apparently my solution more elegant then the intended .pop() solution: [blacklist.pop() for i in range(len(blacklist))] :)

Flag: n00bz{blacklist.pop()_ftw!_7a5d2f8b}

Google-Form-2

Change the link from /viewform to /viewanalytics.

Flag: n00bz{7h1s_1s_th3_3nd_0f_g00gl3_f0rm5_fl4g_ch3ck3rs}