好奇心の足跡

飽きっぽくすぐ他のことをしてしまうので、忘れないため・形にして頭に残すための備忘録。

Rice Tea Cat Panda CTF writeup [Web]

2020 1/21(火) 1:00 ~ 1/25(土) 16:59 JST に開催された、Rice Tea Cat Panda CTF の Web ジャンルのwriteup。

writeup一覧・戦績はこちら

kusuwada.hatenablog.com

[Web] Robots. Yeah, I know, pretty obvious. (25pt)

So, we know that Delphine is a cook. A wonderful one, at that. But did you know that GIANt used to make robots? Yeah, GIANt robots.

問題文はよくわからなかったけど、タイトルが Robots のWeb問なので、https://riceteacatpanda.wtf/robots.txtにアクセスしてみたらこんな感じ。

f:id:kusuwada:20200126104920p:plain

/flagはdummyで、/robot-nursesが正解。https://riceteacatpanda.wtf/robot-nursesにアクセスすると

f:id:kusuwada:20200126104904p:plain

[Web] No Sleep (100pt)

Jess doesn't get enough sleep, since he's such a gamer so in this challenge, you'll be staying up with him until 4:00 in the morning :D on a Monday! Let's go, gamers!

Hints

https://riceteacatpanda.wtf/onlyrealgamers

topページを訪れると、カウントダウンが始まっています。

f:id:kusuwada:20200126105045p:plain

このまま待ってるとflagが表示されるのかもですが、カウントダウンが終わるのは競技終了時間っぽい。ソースを見てみるとjavascriptコードが。

var _0x1d8e = ['gamerfuel=Jan 27, 2020 04:20:00', 'Jan 27, 2020 04:20:00',
    'getTime', 'exec', 'floor', 'getElementById', 'gamer timer', 'AES', 'decrypt',
    'U2FsdGVkX18kRm6FDkRVQfVuNPTxyOnJzpu8QnI/9UKoCXp6hQcley11nBnLIItj',
    'ok boomer', 'innerHTML', 'Utf8', 'cookie'
];
(function(_0x29eed8, _0x4bb4aa) {
    var _0x47e29c = function(_0x2d3fd2) {
        while (--_0x2d3fd2) {
            _0x29eed8['push'](_0x29eed8['shift']());
        }
    };
    _0x47e29c(++_0x4bb4aa);
}(_0x1d8e, 0x99));
var _0x2ad1 = function(_0x545e19, _0x47cdd3) {
    _0x545e19 = _0x545e19 - 0x0;
    var _0x4275c2 = _0x1d8e[_0x545e19];
    return _0x4275c2;
};
document[_0x2ad1('0x0')] = _0x2ad1('0x1');
var countDownDate = new Date(_0x2ad1('0x2'))[_0x2ad1('0x3')]();
var x = setInterval(function() {
    var _0x27a8c6 = new Date(/[^=]*$/ [_0x2ad1('0x4')](document[_0x2ad1('0x0')])[
        0x0])[_0x2ad1('0x3')]();
    var _0x5b92f1 = new Date()['getTime']();
    var _0x3a5a33 = _0x27a8c6 - _0x5b92f1;
    var _0x4214a2 = Math[_0x2ad1('0x5')](_0x3a5a33 / (0x3e8 * 0x3c * 0x3c * 0x18));
    var _0x48c0d9 = Math[_0x2ad1('0x5')](_0x3a5a33 % (0x3e8 * 0x3c * 0x3c * 0x18) /
        (0x3e8 * 0x3c * 0x3c));
    var _0x2de271 = Math[_0x2ad1('0x5')](_0x3a5a33 % (0x3e8 * 0x3c * 0x3c) / (
        0x3e8 * 0x3c));
    var _0x240ffb = Math['floor'](_0x3a5a33 % (0x3e8 * 0x3c) / 0x3e8);
    document[_0x2ad1('0x6')](_0x2ad1('0x7'))['innerHTML'] = _0x4214a2 + 'd ' +
        _0x48c0d9 + 'h ' + _0x2de271 + 'm ' + _0x240ffb + 's ';
    _0x3a5a33 = 0x0;
    if (_0x3a5a33 < 0x0) {
        clearInterval(x);
        var _0x1018af = CryptoJS[_0x2ad1('0x8')][_0x2ad1('0x9')](_0x2ad1('0xa'),
            _0x2ad1('0xb'));
        document[_0x2ad1('0x6')](_0x2ad1('0x7'))[_0x2ad1('0xc')] = _0x1018af[
            'toString'](CryptoJS['enc'][_0x2ad1('0xd')]);
    }
}, 0x3e8);

これを解読できれば良さそうだなーと眺めていたのですが、読みづらいので_0x1d8e変数の内容を展開して書き換えます。

document['gamerfuel=Jan 27, 2020 04:20:00'] = 'Jan 20, 2020 04:20:00';
var countDownDate = new Date('getTime')['exec']();
var x = setInterval(function() {
    var _0x27a8c6 = new Date(/[^=]*$/ ['floor'](document['gamerfuel=Jan 27, 2020 04:20:00'])[
        0x0])['exec']();
    var _0x5b92f1 = new Date()['getTime']();
    var _0x3a5a33 = _0x27a8c6 - _0x5b92f1;
    var _0x4214a2 = Math['getElementById'](_0x3a5a33 / (0x3e8 * 0x3c * 0x3c * 0x18));
    var _0x48c0d9 = Math['getElementById'](_0x3a5a33 % (0x3e8 * 0x3c * 0x3c * 0x18) /
        (0x3e8 * 0x3c * 0x3c));
    var _0x2de271 = Math['getElementById'](_0x3a5a33 % (0x3e8 * 0x3c * 0x3c) / (
        0x3e8 * 0x3c));
    var _0x240ffb = Math['floor'](_0x3a5a33 % (0x3e8 * 0x3c) / 0x3e8);
    document['gamer timer']('AES')['innerHTML'] = _0x4214a2 + 'd ' +
        _0x48c0d9 + 'h ' + _0x2de271 + 'm ' + _0x240ffb + 's ';
    _0x3a5a33 = 0x0;
    if (_0x3a5a33 < 0x0) {
        clearInterval(x);
        var _0x1018af = CryptoJS['decrypt']['U2FsdGVkX18kRm6FDkRVQfVuNPTxyOnJzpu8QnI/9UKoCXp6hQcley11nBnLIItj']('ok boomer',
            'innerHTML');
        document['gamer timer']('AES')['Utf8'] = _0x1018af[
            'toString'](CryptoJS['enc']['cookie']);
    }
}, 0x3e8);

だいぶ見やすくなりました。
最後の行にcookieとあります。cookieを見てみると、gamerfuel: Jan 27, 2020 04:20:00というのがありました。
なんとなく現在時刻より前に設定すると良さそうなので、試しにこれをJan 23, 2020 04:20:00に書き換えてみると、flagが出ました。

f:id:kusuwada:20200126105016p:plain

[Web] Phishing for Flags (105pt)

I got a bunch of emails from people across the galaxy... some are more interesting than others.

Hints

You only have two tries, so be careful :D

Emails.zipが配布されます。

$ unzip Emails.zip 
Archive:  Emails.zip
  inflating: Applying For A Job.eml  
  inflating: College of Flag.eml     
  inflating: CONFIRM YOUR UNSUBSCIBE REQUEST.eml  
  inflating: GIVE ME BACK MY EYEHOLES.eml  
  inflating: Please Verify Your Account (RiceTeaCatPanda).eml  
  inflating: Updates on my reseach.eml

フィッシング問題。それぞれのメールには、リンクが沢山埋め込まれていますが、2回までしかチャンスがないということで正しいリンクを選んで踏まないとダメそう(実際は存在しないドメインで、特に間違えても問題なさそうでした)。ざっと見た感じ、下記のリンクが埋め込まれていました。urlをよく読んで選びます。

  • http://areyousurethisisaresume.com // are you sure this is a resume
  • https://www.google.com/drive/docs/file0116 (not link)
  • http://thisisnotalinktotheflag.com // this is not a link to the flag
  • http://yeahrightcanyouevengrammar.org // yeah right can you even grammar
  • http://comeonthisisabigredbutton.com // come on this is a big red button
  • https://riceteacatpanda.baycyberctf.net/phishingemail
  • https://help.riceteacatpanda.b5ycyb3rctf.net
  • http://yestotallyapasswordresetlinkforrtcp.com // yes totally a password reset link for rtcp
  • http://auth.berkeley.eduh.in/news/nvidea-jetson1 (not link)
  • http://articleabouthowfartscancreateallkindsofstuff.com // article about how fart scan create all kinds of stuff
  • http://www.sciencedirect.com/science/article/pii/S164496651500082 (not link) *http://NOOOOOOOOOOOOOOMORTYWHYYYYYY.com // No MORTY Why

この中で怪しい&有効そうだったのが https://riceteacatpanda.baycyberctf.net/phishingemail。行ってみると証明書の警告が出た後、RTCPCTFのミラーのようなサイトのログイン画面に飛ばされます(ゲストウィンドウでやっていたため)。 ログイン後に https://riceteacatpanda.baycyberctf.net/phishingemailにアクセスするとflagが得られました。

f:id:kusuwada:20200126105319p:plain

Read Before You Click!

[Web] Uwu? (125pt)

ᵘʷᵘ oh no ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ hecc sorry guys ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ sorry im dropping ᵘʷᵘ my uwus all over the ᵘʷᵘ place ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ oh no I lost one ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ ᵘʷᵘ

ah, Jake, you idiot

Hints

https://riceteacatpanda.wtf/uwu

This challenge gets progressively harder the faster your internet is if you do it manually

uwuってなんぞ。と思ってググったらドンピシャのFAQがあった。
【uwu】 とはどういう意味ですか? | HiNative
顔らしい。なんだか可愛く見えてきたぞ。

リンク先に飛んでみると、エライコッチャ。

f:id:kusuwada:20200126105509p:plain

redirectで何度か飛ばされ、最終的に/uwustorageに落ち着きました。
下記が飛ばされるページ。

  • /uwu
  • /omgmeow
  • /pandaaaaaaa
  • /you-better-wash-your-rice
  • /footprint
  • /uwustorage

それぞれのページのソースを引っ張ってきて保存しておきます。

次。uwu言語とかで書かれた言語だと思ったので、ググってみました。ksnctfの「うーにゃー言語」とかそんな感じと思ったのだ。なんかちょっと違う、語尾をちょっと変えただけのuwu language的なサイトがたくさん出てきました( •̅_•̅ ) コレジャナイ。

gitHub上でググってもそれらしきものが出てこないので、とりあえず落としておいたページのソースをgrepしたら出てきた。

$ ls
footprint.txt           uwu.txt
omgmeow.txt         uwustorage.txt
pandaaaaaaa.txt         you-better-wash-your-rice.txt
$ grep -o rtcp{.*} *
you-better-wash-your-rice.txt:rtcp{uwu_,_1_f0und_y0u}

[Web] What's in The Box?! (200pt)

📦

Hints

You may drag it to your bookmarks bar ;D

言われたとおりに、boxをブックマークバーにドラッグし、追加したブックマークを開いてみると…!

f:id:kusuwada:20200126105700p:plain

なんと猫ちゃんが現れた。しかも動いている。
bookmarkを編集、から詳細を見てみるとjavascriptが埋まってた。最後の方のコメントアウトしてある断片をurlデコードしてつなげるとflagに。

(略)
/*rtcp%7B*/ var ticks %3D 0%3B var jump_t %3D 20%3B var move_t %3D 180%3B cat.style.cssFloat %3D "left"%3B cat.style.position %3D "absolute"%3B cat.style.width %3D "64px"%3B cat.style.height %3D "64px"%3B cat.style.left %3D 0%3B cat.style.up %3D 0%3B cat.style.zIndex %3D 100000000%3B document.body.insertBefore(cat, document.body.firstChild)%3B setInterval(function() %7B ticks%2B%2B%3B if (onGround) %7B if (dx !%3D 0) %7B if (ticks >%3D jump_t) %7B /*k4wA1*/ onGround %3D false%3B dy %3D 2 %2B Math.random() * 4%3B jump_t %3D ticks %2B Math.floor(Math.random() * 100) %2B 10%3B %7D %7D %7D else %7B dy -%3D 0.1%3B if (ticks >%3D jump_t) %7B onGround %3D true%3B dy %3D 0%3B /*I_kitT3nz*/ jump_t %3D ticks %2B Math.floor(Math.random() * 200) %2B 50%3B %7D %7D /*_4_tH*/ if (ticks >%3D move_t) %7B if (dx %3D%3D 0) %7B var temp %3D Math.random()%3B if (temp > 0.5) %7B dx %3D 0.5 %2B Math.random()%3B cat.setAttribute("src", cat_right)%3B %7D else %7B dx %3D -0.5 - Math.random()%3B /*3_w1N*/ cat.setAttribute("src", cat_left)%3B %7D move_t %3D ticks %2B Math.floor(Math.random() * 200) %2B 25%3B %7D else %7B dx %3D 0%3B move_t %3D ticks %2B Math.floor(Math.random() * 200) %2B 25%3B cat.setAttribute("src", cat_idle)%3B %7D %7D if (x %2B dx >%3D 0 %26%26 x %2B 64 %2B dx < window.innerWidth) %7B x %2B%3D dx%3B %7D else if (x %2B dx < 0) %7B dx %3D 0%3B x %3D 0%3B %7D else %7B dx %3D 0%3B x %3D window.innerWidth - 64%3B %7D if (y - dy >%3D 0) %7B y -%3D dy%3B /*!!_4123*/ %7D else %7B dy %3D -dy%3B y %3D 0%3B %7D cat.style.left %3D (x %2B "px")%3B /*2345%7D*/ cat.style.top %3D (y %2B "px")%3B %7D, 20)%3B %7Dvar i%3B for (i %3D 0%3B i < 2%3B i%2B%2B) %7B spawncat()%3B %7D

コメント部分だけ抜き出し

rtcp%7B
k4wA1
I_kitT3nz
_4_tH
3_w1N
!!_4123
2345%7D

urlデコードしてつなげると
flag: rtcp{k4wA1I_kitT3nz_4_tH3_w1N!!_41232345}

可愛い子猫ちゃんは正義!

[Web] Web Invaders (250pt)

f:id:kusuwada:20200126105756p:plain

Hints

If the iframe isn't working, right-click the frame and reload the frame

いきなりゲームが始まります!びっくり!

頑張って手動で1面をクリアすると、結構スピードアップして2面がスタートします。私の実力ではこれを手動でクリアするのは無理だ…。1面でも20回以上かかったのに。

Chromeの開発者ツールでNetworkを確認し、怪しそうなファイルをDownloadします。

WebInvaders_wasm.jsというゲームのソースコードっぽいjavascriptが怪しいのですが、整形すると1万4000行に。ちょっと探してみてもflagが直書きしてあるわけではなさそう。

あとは、設定ファイルっぽいのが落ちてくるので、これを差し替えてeasyにプレイできるようにするとどうかしら...。

と、「設定を書き換える」というチート行為に頭がいってしまったところで競技は終了。

せっかくDLしていたファイルを改めて見直してみると…

f:id:kusuwada:20200203134823p:plain

$ strings game.arcd0 | grep rtcp
rtcp{web

あっ!
バイナリ含めてlessコマンドで確認してみると

f:id:kusuwada:20200203134839p:plain

いた!なんと!これは解きたかったなぁ。

[Web] growls at the chicken (1000pt)

grrrrrrR

big chicken, i hisS At you!!!

Hints

NQr2MIa1jsaifAVOn3zYeMynNJwd4oBiiem4fJHsA1WjzfyhUp1+seCW0GMijoDHb3w9BMKj7aw6hhtae5/Qw5xOqMioJU3vvEj0BEHO1wInPqlOeTRdZb8BcTsXP+Z/KBA2FjSZcpGHo7rOZ7NtR15y3eY4s/e/tgKUHvPe9MdmDe1kINtyRXgjghJO9e3uMEQmFe2Ai5moVnG7yIVfUd3QG6/Z+K4PSttbJtjWSLFO7zpmYpEOg3XBxsOw/w5scJQqJ7OLGiH22u4+JFXRlD/wPmDzk9uYlLWLcCuxnY0xuMlSfKIFJtVmF0ViO4o4X89ZwsQjjHuYYDaB3el7iA63BzBlsC54Q7Ekv70/GI0UA3R3zJkMaBV12Z6NAE/kAgEJu9ZRcVm6MAIZInLwMU4R1frM0Bks1jeTe72agmxnAIrR8XDeAxzovbvXFwoxNyxiA63fPJGPVoGZq4ecfGvJ23i/Cg+cynB35lc3f+4QifpjCn+MxWkKCzCVEJXdDah19yXKlIxbaR1zm+YHkS0YSUzjr7NJUXHfDCrwAUpXpikfi2f9tgcXEnuhszScE1PCbdt22rRz1pS7MNdRxjCZ5j+8BQNRBLi2BjLGW14X3zd4d6ieoHWH+4fmbqU9dFsUgKN5qL4Gs2LZbbQwkf3+VbIRQK9RaSO9Hj+4/T0=

Public

MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmy27XroKLfED3q32/K7G +TnREe2ZkSgceDJH9X+Jf2I++kJHxNxe5HbQBdTHW/tLTWxwMEpric9zGFlt1f76 zdG2iocGw81BVznN/btVAYJBGbhJPYTeULSCv4WG+NTrss8NSl6WGS9NCOKEWTA/ JjR1z8fXik5foTK18sLJloRFGmxcKV6ZI0VFEi77U6PouOseaPBRYgVlPAjNM/pl AuJotPjFYtNTQWCgpj+Vgt3cxm9erBl8G9K9rIsK6snNA1yEZT774CMLCnyovkd5 i55/5mIjGOdmy+x3qCYC2J+Xmssx56OebPyO8cAou8XQf5E/PMxBZ+8X5zuqnHza 2oK9Lo4K2hYVGpCBmG8WhCstYVvfxeb0cXifPOZnpiC4DrQ3q5atx7sH1V4OaAze eJ+nWKTKVaT9NLKEC3ObUNtLLjoh3AZr/RFh9OsYf3rmRFflJkswlVpfMQF6MAR4 CrDITaTdL0M5RWzE2/1Mh98p2HvTJXz0bFbcIfAvd3rAYku0P3OyO3EZ7KrpGXZa 4Mdu10GKEllk9bwCmDFHK/HMVzZPFK9RvKNpMyWchLCLO2gRxIHySn3lF/MHlBkq 0+DH3YM5L0EW92Uzu/IkZJ4o3z7YnrMHdVVN14bGlBfspn+t7LT2xTx3sWYQLm6r xYeQDSkiY24IqAiQzwdPmi0CAwEAAQ==

Private

MIIJKQIBAAKCAgEAmy27XroKLfED3q32/K7G+TnREe2ZkSgceDJH9X+Jf2I++kJH xNxe5HbQBdTHW/tLTWxwMEpric9zGFlt1f76zdG2iocGw81BVznN/btVAYJBGbhJ PYTeULSCv4WG+NTrss8NSl6WGS9NCOKEWTA/JjR1z8fXik5foTK18sLJloRFGmxc KV6ZI0VFEi77U6PouOseaPBRYgVlPAjNM/plAuJotPjFYtNTQWCgpj+Vgt3cxm9e rBl8G9K9rIsK6snNA1yEZT774CMLCnyovkd5i55/5mIjGOdmy+x3qCYC2J+Xmssx 56OebPyO8cAou8XQf5E/PMxBZ+8X5zuqnHza2oK9Lo4K2hYVGpCBmG8WhCstYVvf xeb0cXifPOZnpiC4DrQ3q5atx7sH1V4OaAzeeJ+nWKTKVaT9NLKEC3ObUNtLLjoh 3AZr/RFh9OsYf3rmRFflJkswlVpfMQF6MAR4CrDITaTdL0M5RWzE2/1Mh98p2HvT JXz0bFbcIfAvd3rAYku0P3OyO3EZ7KrpGXZa4Mdu10GKEllk9bwCmDFHK/HMVzZP FK9RvKNpMyWchLCLO2gRxIHySn3lF/MHlBkq0+DH3YM5L0EW92Uzu/IkZJ4o3z7Y nrMHdVVN14bGlBfspn+t7LT2xTx3sWYQLm6rxYeQDSkiY24IqAiQzwdPmi0CAwEA AQKCAgEAj4nc0IGL2vUenEMUvKS6vlwhrNC4BRIyS2hPMaH4QJFTKdBXbJxfVjsk rtAkXEv1Wrecir67/GyczQAj3heOTQXYMQk3U7Sv5Qw+I569wbiHmU/ix3n43nQq oRfVQqRJJUvqwkj91GvxeO92dr1vHFrYQwtar79RK92pedV9/LF67jcfhNDRHFP9 0RUOO07ZfPtXVMA+t0nAW6jUj2jlOKbPLd8TThel4kqML1uPY87vYcowq0aji2UD N/AheA6UibBxcumwuKIRm3C18dRRdLl3G1bZmjap2qVwBWSrq07sQC4GinrJl4yC eNJDm3UeKHHlKcrSEV6TILwLU9cV5CnfADzGIKVvyU6O9OWs2bk2r0w2pZ3VUJjC Wmm19S5gAWwAvgUEABnKODJGs28ttljaTOrgPlNMSEDVl56REyaD9Bl9Y7bjQop2 E7+F+9SiWYmb1sQz2/77zk3ZxtonAsVP7XixSW7hp0UZDur7Vo8XuzP5fnOP30c0 RWjlQwuixdtaYLavKP3W4HspTQL3jOa6Wq0zetcPv3rLYGXQ0L9fNhkA7AncO4Zi FGMBs4J7ReuCQQmWWb80DhBAQ7NN7kiZo7uuHLIGD1cQcg7KHycCu2OOBWrolq6r ZOY8I5tjjzEGGkmczcwkaArCVhiDBRW2m8TgqnYBEPsFgF/5FgECggEBANah1wjI R36bynDfEF2XyxCZFmvXdu5xPyhAgjbVsDTy0p5eWS+fBuxr574lt5cxUv4Alzv0 fdtuCaL/fEOe/bv8ZlSXzLZPkqdOpTOQqAKKXB05rLBhGMNkZjQDFAQkjY+SppSl 5AtdbIuhdhlbeyX7NwczbFVVh6ZnOdnU3rMNkLZoxEJUztFrPJBownRbRm+QQUp9 wxrZqKPiLhhKnTXfAvM1jrdlOarKpldrBsYxdTeuOP2gsij/RsGI/dhxLueAlCvi zsQzS94VgtLrJJ02ZEyZVqkGzGW+tYnvluydLFU9CXyC6jfw6eoZY+wTG3TRRbkR M7hJaj1Ov5xZsoECggEBALkWZXYj661GctJ54R+n2Ulm1r9gMXVsdmiqOOwmsqtA VKIks5ykhi0n05NJdan24+t5c9u8tP8Orq5qbhIBAUMQJtorRTntixJZa4oZ5lDC csSLKvTHKqcAnUwlL2sydy/IxvTsjRdnrEX8QV2oq40fb2tBI80XfBySDy7KEPdG bzI2/KbPaFZjphc5qNOV9BagvjqFmNO8DYyRHsSEnVyTuXOlkbJPvKIRNniNJRBI P0iFtwFtLZGUCMH7TK+9aKjBYizPAzklSf9/poeGluuKn5M0G4mvCCZVtOFw6p2Q 7j1jXUYQEcs9vgyobAfQNev/JLMjeGjaaXaV71nTea0CggEBAL6IGN4g/Oa14fZk 7qBHGer4G2FMerWdLpXK/k0zUSMP1EzmMIIHyBukhqrTzLCZBrWZTKfamMdsXX2n E2bsAw8YNrctsnq9FNEVDa5C4gKvVKpVAqno6BS8UcYmXWR4Fnq3ks0unsw/+RXT FYXZIe9LnUP1MFxoeu0Lgd2QDMoiZq6nPmIr6xUY/0Cq3sRwKozrICrCjaqOQhiJ tqW1xu2FtZa1mqXPZGvrTdMYnYDfctElBk6Qkte2FdfEhqPXhe3YxLBYvXiKmPTj X6lhOLWfDVa6YKXX9Sb1Ly7t06rks/BPKNaxWL6kTOKV+5AcPilrhVuOm70i3v7h o1NmhQECggEAaW6MlWOY2LeMqMCssK+YYuul4JYXFmCWgsCUdFEG7e5TR5nIhq5h kE9jgj8SO6Nb6cLhcIZqQ/BFKS2PTcoswdrthtGnOXxLAETXsW9XdyGM5tCvw4fA kCkVcU6tWE8C/cFNNC+bn3168NLlGUj/kAAcI+iTUDzUgiHhbDHGwFTq+pvAB/WV 5cAV2J0Lwptk0471TbjUeahhv3TbJe61BQtRVMM33270cQ2FDd65AjFlexZQTQu4 LXk6E+XmpSUr/RVLq2Kw31iScmxwnDratYndpKjGFwQRjGS+CL2dp+vrCiUT+Nkm ibO+Es/N2hWM4cYRTcoiyPfBo798/JoucQKCAQBw2Vm2CUbWC1IlgHU2rEngB1F1 c6asxmpIn3j4EiigwO+27G9cmpQ54CvRjp18Fw2/ZABok8C8edm+VMtWRd5gXFTP K7lmWJnGJ0W2eGcjdOCrHZx3sFxoer0Vdy3dQbcWtAQJhqUBbIqCwLkWIQgrsNdl CQiaeKqBz0cQrj6UkNs2qXfjzTg8xPgR/Yapps4O9yoJUKpVUiMlcHgRGi/wsgHx Mq/Ghvz6tYMW7zIXjgYw575Nd9BJy+si9dXShsFmwFQ0MoU0uHFI5oGTGvqc07j8 eVFNV+dm4dr9Irt0qhSHxcaVCyDs36bXz7S0kSgvECV1QhgtFQPOrVQdgsTn

なんか鍵っぽいのが渡されました。

問題文の大文字をつなげると、RSAになってるので、RSAが関係ありそう。

まずはpublicの方を。ヒントの最初のワードと、文字列の形式的にRSAの公開鍵と秘密鍵っぽいので、文字列をブランクで改行し、一番上と下の行に

-----BEGIN PUBLIC KEY-----
hogehoge
-----END PUBLIC KEY-----

を追加したファイルpub.pemを作成します。中身を確認。

$ openssl rsa -pubin -in pub.pem -text
Public-Key: (4096 bit)
Modulus:
    00:9b:2d:bb:5e:ba:0a:2d:f1:03:de:ad:f6:fc:ae:
    c6:f9:39:d1:11:ed:99:91:28:1c:78:32:47:f5:7f:
    89:7f:62:3e:fa:42:47:c4:dc:5e:e4:76:d0:05:d4:
    c7:5b:fb:4b:4d:6c:70:30:4a:6b:89:cf:73:18:59:
    6d:d5:fe:fa:cd:d1:b6:8a:87:06:c3:cd:41:57:39:
    cd:fd:bb:55:01:82:41:19:b8:49:3d:84:de:50:b4:
    82:bf:85:86:f8:d4:eb:b2:cf:0d:4a:5e:96:19:2f:
    4d:08:e2:84:59:30:3f:26:34:75:cf:c7:d7:8a:4e:
    5f:a1:32:b5:f2:c2:c9:96:84:45:1a:6c:5c:29:5e:
    99:23:45:45:12:2e:fb:53:a3:e8:b8:eb:1e:68:f0:
    51:62:05:65:3c:08:cd:33:fa:65:02:e2:68:b4:f8:
    c5:62:d3:53:41:60:a0:a6:3f:95:82:dd:dc:c6:6f:
    5e:ac:19:7c:1b:d2:bd:ac:8b:0a:ea:c9:cd:03:5c:
    84:65:3e:fb:e0:23:0b:0a:7c:a8:be:47:79:8b:9e:
    7f:e6:62:23:18:e7:66:cb:ec:77:a8:26:02:d8:9f:
    97:9a:cb:31:e7:a3:9e:6c:fc:8e:f1:c0:28:bb:c5:
    d0:7f:91:3f:3c:cc:41:67:ef:17:e7:3b:aa:9c:7c:
    da:da:82:bd:2e:8e:0a:da:16:15:1a:90:81:98:6f:
    16:84:2b:2d:61:5b:df:c5:e6:f4:71:78:9f:3c:e6:
    67:a6:20:b8:0e:b4:37:ab:96:ad:c7:bb:07:d5:5e:
    0e:68:0c:de:78:9f:a7:58:a4:ca:55:a4:fd:34:b2:
    84:0b:73:9b:50:db:4b:2e:3a:21:dc:06:6b:fd:11:
    61:f4:eb:18:7f:7a:e6:44:57:e5:26:4b:30:95:5a:
    5f:31:01:7a:30:04:78:0a:b0:c8:4d:a4:dd:2f:43:
    39:45:6c:c4:db:fd:4c:87:df:29:d8:7b:d3:25:7c:
    f4:6c:56:dc:21:f0:2f:77:7a:c0:62:4b:b4:3f:73:
    b2:3b:71:19:ec:aa:e9:19:76:5a:e0:c7:6e:d7:41:
    8a:12:59:64:f5:bc:02:98:31:47:2b:f1:cc:57:36:
    4f:14:af:51:bc:a3:69:33:25:9c:84:b0:8b:3b:68:
    11:c4:81:f2:4a:7d:e5:17:f3:07:94:19:2a:d3:e0:
    c7:dd:83:39:2f:41:16:f7:65:33:bb:f2:24:64:9e:
    28:df:3e:d8:9e:b3:07:75:55:4d:d7:86:c6:94:17:
    ec:a6:7f:ad:ec:b4:f6:c5:3c:77:b1:66:10:2e:6e:
    ab:c5:87:90:0d:29:22:63:6e:08:a8:08:90:cf:07:
    4f:9a:2d
Exponent: 65537 (0x10001)
writing RSA key
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmy27XroKLfED3q32/K7G
+TnREe2ZkSgceDJH9X+Jf2I++kJHxNxe5HbQBdTHW/tLTWxwMEpric9zGFlt1f76
zdG2iocGw81BVznN/btVAYJBGbhJPYTeULSCv4WG+NTrss8NSl6WGS9NCOKEWTA/
JjR1z8fXik5foTK18sLJloRFGmxcKV6ZI0VFEi77U6PouOseaPBRYgVlPAjNM/pl
AuJotPjFYtNTQWCgpj+Vgt3cxm9erBl8G9K9rIsK6snNA1yEZT774CMLCnyovkd5
i55/5mIjGOdmy+x3qCYC2J+Xmssx56OebPyO8cAou8XQf5E/PMxBZ+8X5zuqnHza
2oK9Lo4K2hYVGpCBmG8WhCstYVvfxeb0cXifPOZnpiC4DrQ3q5atx7sH1V4OaAze
eJ+nWKTKVaT9NLKEC3ObUNtLLjoh3AZr/RFh9OsYf3rmRFflJkswlVpfMQF6MAR4
CrDITaTdL0M5RWzE2/1Mh98p2HvTJXz0bFbcIfAvd3rAYku0P3OyO3EZ7KrpGXZa
4Mdu10GKEllk9bwCmDFHK/HMVzZPFK9RvKNpMyWchLCLO2gRxIHySn3lF/MHlBkq
0+DH3YM5L0EW92Uzu/IkZJ4o3z7YnrMHdVVN14bGlBfspn+t7LT2xTx3sWYQLm6r
xYeQDSkiY24IqAiQzwdPmi0CAwEAAQ==
-----END PUBLIC KEY-----

(๑•̀ㅂ•́)و✧ヨシ

次にpivateのほうを。同じようにブランクで改行して、一番上と下の行に

-----BEGIN RSA PRIVATE KEY-----
hogehoge
-----END RSA PRIVATE KEY-----

を追加して鍵っぽくしてみます。中身を確認。

$ openssl rsa -in private.pem -text
Private-Key: (4096 bit)
modulus:
    00:9b:2d:bb:5e:ba:0a:2d:f1:03:de:ad:f6:fc:ae:
    c6:f9:39:d1:11:ed:99:91:28:1c:78:32:47:f5:7f:
    89:7f:62:3e:fa:42:47:c4:dc:5e:e4:76:d0:05:d4:
    c7:5b:fb:4b:4d:6c:70:30:4a:6b:89:cf:73:18:59:
    6d:d5:fe:fa:cd:d1:b6:8a:87:06:c3:cd:41:57:39:
    cd:fd:bb:55:01:82:41:19:b8:49:3d:84:de:50:b4:
    82:bf:85:86:f8:d4:eb:b2:cf:0d:4a:5e:96:19:2f:
    4d:08:e2:84:59:30:3f:26:34:75:cf:c7:d7:8a:4e:
    5f:a1:32:b5:f2:c2:c9:96:84:45:1a:6c:5c:29:5e:
    99:23:45:45:12:2e:fb:53:a3:e8:b8:eb:1e:68:f0:
    51:62:05:65:3c:08:cd:33:fa:65:02:e2:68:b4:f8:
    c5:62:d3:53:41:60:a0:a6:3f:95:82:dd:dc:c6:6f:
    5e:ac:19:7c:1b:d2:bd:ac:8b:0a:ea:c9:cd:03:5c:
    84:65:3e:fb:e0:23:0b:0a:7c:a8:be:47:79:8b:9e:
    7f:e6:62:23:18:e7:66:cb:ec:77:a8:26:02:d8:9f:
    97:9a:cb:31:e7:a3:9e:6c:fc:8e:f1:c0:28:bb:c5:
    d0:7f:91:3f:3c:cc:41:67:ef:17:e7:3b:aa:9c:7c:
    da:da:82:bd:2e:8e:0a:da:16:15:1a:90:81:98:6f:
    16:84:2b:2d:61:5b:df:c5:e6:f4:71:78:9f:3c:e6:
    67:a6:20:b8:0e:b4:37:ab:96:ad:c7:bb:07:d5:5e:
    0e:68:0c:de:78:9f:a7:58:a4:ca:55:a4:fd:34:b2:
    84:0b:73:9b:50:db:4b:2e:3a:21:dc:06:6b:fd:11:
    61:f4:eb:18:7f:7a:e6:44:57:e5:26:4b:30:95:5a:
    5f:31:01:7a:30:04:78:0a:b0:c8:4d:a4:dd:2f:43:
    39:45:6c:c4:db:fd:4c:87:df:29:d8:7b:d3:25:7c:
    f4:6c:56:dc:21:f0:2f:77:7a:c0:62:4b:b4:3f:73:
    b2:3b:71:19:ec:aa:e9:19:76:5a:e0:c7:6e:d7:41:
    8a:12:59:64:f5:bc:02:98:31:47:2b:f1:cc:57:36:
    4f:14:af:51:bc:a3:69:33:25:9c:84:b0:8b:3b:68:
    11:c4:81:f2:4a:7d:e5:17:f3:07:94:19:2a:d3:e0:
    c7:dd:83:39:2f:41:16:f7:65:33:bb:f2:24:64:9e:
    28:df:3e:d8:9e:b3:07:75:55:4d:d7:86:c6:94:17:
    ec:a6:7f:ad:ec:b4:f6:c5:3c:77:b1:66:10:2e:6e:
    ab:c5:87:90:0d:29:22:63:6e:08:a8:08:90:cf:07:
    4f:9a:2d
publicExponent: 65537 (0x10001)
privateExponent:
    00:8f:89:dc:d0:81:8b:da:f5:1e:9c:43:14:bc:a4:
    ba:be:5c:21:ac:d0:b8:05:12:32:4b:68:4f:31:a1:
    f8:40:91:53:29:d0:57:6c:9c:5f:56:3b:24:ae:d0:
    24:5c:4b:f5:5a:b7:9c:8a:be:bb:fc:6c:9c:cd:00:
    23:de:17:8e:4d:05:d8:31:09:37:53:b4:af:e5:0c:
    3e:23:9e:bd:c1:b8:87:99:4f:e2:c7:79:f8:de:74:
    2a:a1:17:d5:42:a4:49:25:4b:ea:c2:48:fd:d4:6b:
    f1:78:ef:76:76:bd:6f:1c:5a:d8:43:0b:5a:af:bf:
    51:2b:dd:a9:79:d5:7d:fc:b1:7a:ee:37:1f:84:d0:
    d1:1c:53:fd:d1:15:0e:3b:4e:d9:7c:fb:57:54:c0:
    3e:b7:49:c0:5b:a8:d4:8f:68:e5:38:a6:cf:2d:df:
    13:4e:17:a5:e2:4a:8c:2f:5b:8f:63:ce:ef:61:ca:
    30:ab:46:a3:8b:65:03:37:f0:21:78:0e:94:89:b0:
    71:72:e9:b0:b8:a2:11:9b:70:b5:f1:d4:51:74:b9:
    77:1b:56:d9:9a:36:a9:da:a5:70:05:64:ab:ab:4e:
    ec:40:2e:06:8a:7a:c9:97:8c:82:78:d2:43:9b:75:
    1e:28:71:e5:29:ca:d2:11:5e:93:20:bc:0b:53:d7:
    15:e4:29:df:00:3c:c6:20:a5:6f:c9:4e:8e:f4:e5:
    ac:d9:b9:36:af:4c:36:a5:9d:d5:50:98:c2:5a:69:
    b5:f5:2e:60:01:6c:00:be:05:04:00:19:ca:38:32:
    46:b3:6f:2d:b6:58:da:4c:ea:e0:3e:53:4c:48:40:
    d5:97:9e:91:13:26:83:f4:19:7d:63:b6:e3:42:8a:
    76:13:bf:85:fb:d4:a2:59:89:9b:d6:c4:33:db:fe:
    fb:ce:4d:d9:c6:da:27:02:c5:4f:ed:78:b1:49:6e:
    e1:a7:45:19:0e:ea:fb:56:8f:17:bb:33:f9:7e:73:
    8f:df:47:34:45:68:e5:43:0b:a2:c5:db:5a:60:b6:
    af:28:fd:d6:e0:7b:29:4d:02:f7:8c:e6:ba:5a:ad:
    33:7a:d7:0f:bf:7a:cb:60:65:d0:d0:bf:5f:36:19:
    00:ec:09:dc:3b:86:62:14:63:01:b3:82:7b:45:eb:
    82:41:09:96:59:bf:34:0e:10:40:43:b3:4d:ee:48:
    99:a3:bb:ae:1c:b2:06:0f:57:10:72:0e:ca:1f:27:
    02:bb:63:8e:05:6a:e8:96:ae:ab:64:e6:3c:23:9b:
    63:8f:31:06:1a:49:9c:cd:cc:24:68:0a:c2:56:18:
    83:05:15:b6:9b:c4:e0:aa:76:01:10:fb:05:80:5f:
    f9:16:01
prime1:
    00:d6:a1:d7:08:c8:47:7e:9b:ca:70:df:10:5d:97:
    cb:10:99:16:6b:d7:76:ee:71:3f:28:40:82:36:d5:
    b0:34:f2:d2:9e:5e:59:2f:9f:06:ec:6b:e7:be:25:
    b7:97:31:52:fe:00:97:3b:f4:7d:db:6e:09:a2:ff:
    7c:43:9e:fd:bb:fc:66:54:97:cc:b6:4f:92:a7:4e:
    a5:33:90:a8:02:8a:5c:1d:39:ac:b0:61:18:c3:64:
    66:34:03:14:04:24:8d:8f:92:a6:94:a5:e4:0b:5d:
    6c:8b:a1:76:19:5b:7b:25:fb:37:07:33:6c:55:55:
    87:a6:67:39:d9:d4:de:b3:0d:90:b6:68:c4:42:54:
    ce:d1:6b:3c:90:68:c2:74:5b:46:6f:90:41:4a:7d:
    c3:1a:d9:a8:a3:e2:2e:18:4a:9d:35:df:02:f3:35:
    8e:b7:65:39:aa:ca:a6:57:6b:06:c6:31:75:37:ae:
    38:fd:a0:b2:28:ff:46:c1:88:fd:d8:71:2e:e7:80:
    94:2b:e2:ce:c4:33:4b:de:15:82:d2:eb:24:9d:36:
    64:4c:99:56:a9:06:cc:65:be:b5:89:ef:96:ec:9d:
    2c:55:3d:09:7c:82:ea:37:f0:e9:ea:19:63:ec:13:
    1b:74:d1:45:b9:11:33:b8:49:6a:3d:4e:bf:9c:59:
    b2:81
prime2:
    00:b9:16:65:76:23:eb:ad:46:72:d2:79:e1:1f:a7:
    d9:49:66:d6:bf:60:31:75:6c:76:68:aa:38:ec:26:
    b2:ab:40:54:a2:24:b3:9c:a4:86:2d:27:d3:93:49:
    75:a9:f6:e3:eb:79:73:db:bc:b4:ff:0e:ae:ae:6a:
    6e:12:01:01:43:10:26:da:2b:45:39:ed:8b:12:59:
    6b:8a:19:e6:50:c2:72:c4:8b:2a:f4:c7:2a:a7:00:
    9d:4c:25:2f:6b:32:77:2f:c8:c6:f4:ec:8d:17:67:
    ac:45:fc:41:5d:a8:ab:8d:1f:6f:6b:41:23:cd:17:
    7c:1c:92:0f:2e:ca:10:f7:46:6f:32:36:fc:a6:cf:
    68:56:63:a6:17:39:a8:d3:95:f4:16:a0:be:3a:85:
    98:d3:bc:0d:8c:91:1e:c4:84:9d:5c:93:b9:73:a5:
    91:b2:4f:bc:a2:11:36:78:8d:25:10:48:3f:48:85:
    b7:01:6d:2d:91:94:08:c1:fb:4c:af:bd:68:a8:c1:
    62:2c:cf:03:39:25:49:ff:7f:a6:87:86:96:eb:8a:
    9f:93:34:1b:89:af:08:26:55:b4:e1:70:ea:9d:90:
    ee:3d:63:5d:46:10:11:cb:3d:be:0c:a8:6c:07:d0:
    35:eb:ff:24:b3:23:78:68:da:69:76:95:ef:59:d3:
    79:ad
exponent1:
    00:be:88:18:de:20:fc:e6:b5:e1:f6:64:ee:a0:47:
    19:ea:f8:1b:61:4c:7a:b5:9d:2e:95:ca:fe:4d:33:
    51:23:0f:d4:4c:e6:30:82:07:c8:1b:a4:86:aa:d3:
    cc:b0:99:06:b5:99:4c:a7:da:98:c7:6c:5d:7d:a7:
    13:66:ec:03:0f:18:36:b7:2d:b2:7a:bd:14:d1:15:
    0d:ae:42:e2:02:af:54:aa:55:02:a9:e8:e8:14:bc:
    51:c6:26:5d:64:78:16:7a:b7:92:cd:2e:9e:cc:3f:
    f9:15:d3:15:85:d9:21:ef:4b:9d:43:f5:30:5c:68:
    7a:ed:0b:81:dd:90:0c:ca:22:66:ae:a7:3e:62:2b:
    eb:15:18:ff:40:aa:de:c4:70:2a:8c:eb:20:2a:c2:
    8d:aa:8e:42:18:89:b6:a5:b5:c6:ed:85:b5:96:b5:
    9a:a5:cf:64:6b:eb:4d:d3:18:9d:80:df:72:d1:25:
    06:4e:90:92:d7:b6:15:d7:c4:86:a3:d7:85:ed:d8:
    c4:b0:58:bd:78:8a:98:f4:e3:5f:a9:61:38:b5:9f:
    0d:56:ba:60:a5:d7:f5:26:f5:2f:2e:ed:d3:aa:e4:
    b3:f0:4f:28:d6:b1:58:be:a4:4c:e2:95:fb:90:1c:
    3e:29:6b:85:5b:8e:9b:bd:22:de:fe:e1:a3:53:66:
    85:01
exponent2:
    69:6e:8c:95:63:98:d8:b7:8c:a8:c0:ac:b0:af:98:
    62:eb:a5:e0:96:17:16:60:96:82:c0:94:74:51:06:
    ed:ee:53:47:99:c8:86:ae:61:90:4f:63:82:3f:12:
    3b:a3:5b:e9:c2:e1:70:86:6a:43:f0:45:29:2d:8f:
    4d:ca:2c:c1:da:ed:86:d1:a7:39:7c:4b:00:44:d7:
    b1:6f:57:77:21:8c:e6:d0:af:c3:87:c0:90:29:15:
    71:4e:ad:58:4f:02:fd:c1:4d:34:2f:9b:9f:7d:7a:
    f0:d2:e5:19:48:ff:90:00:1c:23:e8:93:50:3c:d4:
    82:21:e1:6c:31:c6:c0:54:ea:fa:9b:c0:07:f5:95:
    e5:c0:15:d8:9d:0b:c2:9b:64:d3:8e:f5:4d:b8:d4:
    79:a8:61:bf:74:db:25:ee:b5:05:0b:51:54:c3:37:
    df:6e:f4:71:0d:85:0d:de:b9:02:31:65:7b:16:50:
    4d:0b:b8:2d:79:3a:13:e5:e6:a5:25:2b:fd:15:4b:
    ab:62:b0:df:58:92:72:6c:70:9c:3a:da:b5:89:dd:
    a4:a8:c6:17:04:11:8c:64:be:08:bd:9d:a7:eb:eb:
    0a:25:13:f8:d9:26:89:b3:be:12:cf:cd:da:15:8c:
    e1:c6:11:4d:ca:22:c8:f7:c1:a3:bf:7c:fc:9a:2e:
    71
coefficient:
    70:d9:59:b6:09:46:d6:0b:52:25:80:75:36:ac:49:
    e0:07:51:75:73:a6:ac:c6:6a:48:9f:78:f8:12:28:
    a0:c0:ef:b6:ec:6f:5c:9a:94:39:e0:2b:d1:8e:9d:
    7c:17:0d:bf:64:00:68:93:c0:bc:79:d9:be:54:cb:
    56:45:de:60:5c:54:cf:2b:b9:66:58:99:c6:27:45:
    b6:78:67:23:74:e0:ab:1d:9c:77:b0:5c:68:7a:bd:
    15:77:2d:dd:41:b7:16:b4:04:09:86:a5:01:6c:8a:
    82:c0:b9:16:21:08:2b:b0:d7:65:09:08:9a:78:aa:
    81:cf:47:10:ae:3e:94:90:db:36:a9:77:e3:cd:38:
    3c:c4:f8:11:fd:86:a9:a6:ce:0e:f7:2a:09:50:aa:
    55:52:23:25:70:78:11:1a:2f:f0:b2:01:f1:32:af:
    c6:86:fc:fa:b5:83:16:ef:32:17:8e:06:30:e7:be:
    4d:77:d0:49:cb:eb:22:f5:d5:d2:86:c1:66:c0:54:
    34:32:85:34:b8:71:48:e6:81:93:1a:fa:9c:d3:b8:
    fc:79:51:4d:57:e7:66:e1:da:fd:22:bb:74:aa:14:
    87:c5:c6:95:0b:20:ec:df:a6:d7:cf:b4:b4:91:28:
    2f:10:25:75:42:18:2d:15:03:ce:ad:54:1d:82:c4:
    e7
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAmy27XroKLfED3q32/K7G+TnREe2ZkSgceDJH9X+Jf2I++kJH
xNxe5HbQBdTHW/tLTWxwMEpric9zGFlt1f76zdG2iocGw81BVznN/btVAYJBGbhJ
PYTeULSCv4WG+NTrss8NSl6WGS9NCOKEWTA/JjR1z8fXik5foTK18sLJloRFGmxc
KV6ZI0VFEi77U6PouOseaPBRYgVlPAjNM/plAuJotPjFYtNTQWCgpj+Vgt3cxm9e
rBl8G9K9rIsK6snNA1yEZT774CMLCnyovkd5i55/5mIjGOdmy+x3qCYC2J+Xmssx
56OebPyO8cAou8XQf5E/PMxBZ+8X5zuqnHza2oK9Lo4K2hYVGpCBmG8WhCstYVvf
xeb0cXifPOZnpiC4DrQ3q5atx7sH1V4OaAzeeJ+nWKTKVaT9NLKEC3ObUNtLLjoh
3AZr/RFh9OsYf3rmRFflJkswlVpfMQF6MAR4CrDITaTdL0M5RWzE2/1Mh98p2HvT
JXz0bFbcIfAvd3rAYku0P3OyO3EZ7KrpGXZa4Mdu10GKEllk9bwCmDFHK/HMVzZP
FK9RvKNpMyWchLCLO2gRxIHySn3lF/MHlBkq0+DH3YM5L0EW92Uzu/IkZJ4o3z7Y
nrMHdVVN14bGlBfspn+t7LT2xTx3sWYQLm6rxYeQDSkiY24IqAiQzwdPmi0CAwEA
AQKCAgEAj4nc0IGL2vUenEMUvKS6vlwhrNC4BRIyS2hPMaH4QJFTKdBXbJxfVjsk
rtAkXEv1Wrecir67/GyczQAj3heOTQXYMQk3U7Sv5Qw+I569wbiHmU/ix3n43nQq
oRfVQqRJJUvqwkj91GvxeO92dr1vHFrYQwtar79RK92pedV9/LF67jcfhNDRHFP9
0RUOO07ZfPtXVMA+t0nAW6jUj2jlOKbPLd8TThel4kqML1uPY87vYcowq0aji2UD
N/AheA6UibBxcumwuKIRm3C18dRRdLl3G1bZmjap2qVwBWSrq07sQC4GinrJl4yC
eNJDm3UeKHHlKcrSEV6TILwLU9cV5CnfADzGIKVvyU6O9OWs2bk2r0w2pZ3VUJjC
Wmm19S5gAWwAvgUEABnKODJGs28ttljaTOrgPlNMSEDVl56REyaD9Bl9Y7bjQop2
E7+F+9SiWYmb1sQz2/77zk3ZxtonAsVP7XixSW7hp0UZDur7Vo8XuzP5fnOP30c0
RWjlQwuixdtaYLavKP3W4HspTQL3jOa6Wq0zetcPv3rLYGXQ0L9fNhkA7AncO4Zi
FGMBs4J7ReuCQQmWWb80DhBAQ7NN7kiZo7uuHLIGD1cQcg7KHycCu2OOBWrolq6r
ZOY8I5tjjzEGGkmczcwkaArCVhiDBRW2m8TgqnYBEPsFgF/5FgECggEBANah1wjI
R36bynDfEF2XyxCZFmvXdu5xPyhAgjbVsDTy0p5eWS+fBuxr574lt5cxUv4Alzv0
fdtuCaL/fEOe/bv8ZlSXzLZPkqdOpTOQqAKKXB05rLBhGMNkZjQDFAQkjY+SppSl
5AtdbIuhdhlbeyX7NwczbFVVh6ZnOdnU3rMNkLZoxEJUztFrPJBownRbRm+QQUp9
wxrZqKPiLhhKnTXfAvM1jrdlOarKpldrBsYxdTeuOP2gsij/RsGI/dhxLueAlCvi
zsQzS94VgtLrJJ02ZEyZVqkGzGW+tYnvluydLFU9CXyC6jfw6eoZY+wTG3TRRbkR
M7hJaj1Ov5xZsoECggEBALkWZXYj661GctJ54R+n2Ulm1r9gMXVsdmiqOOwmsqtA
VKIks5ykhi0n05NJdan24+t5c9u8tP8Orq5qbhIBAUMQJtorRTntixJZa4oZ5lDC
csSLKvTHKqcAnUwlL2sydy/IxvTsjRdnrEX8QV2oq40fb2tBI80XfBySDy7KEPdG
bzI2/KbPaFZjphc5qNOV9BagvjqFmNO8DYyRHsSEnVyTuXOlkbJPvKIRNniNJRBI
P0iFtwFtLZGUCMH7TK+9aKjBYizPAzklSf9/poeGluuKn5M0G4mvCCZVtOFw6p2Q
7j1jXUYQEcs9vgyobAfQNev/JLMjeGjaaXaV71nTea0CggEBAL6IGN4g/Oa14fZk
7qBHGer4G2FMerWdLpXK/k0zUSMP1EzmMIIHyBukhqrTzLCZBrWZTKfamMdsXX2n
E2bsAw8YNrctsnq9FNEVDa5C4gKvVKpVAqno6BS8UcYmXWR4Fnq3ks0unsw/+RXT
FYXZIe9LnUP1MFxoeu0Lgd2QDMoiZq6nPmIr6xUY/0Cq3sRwKozrICrCjaqOQhiJ
tqW1xu2FtZa1mqXPZGvrTdMYnYDfctElBk6Qkte2FdfEhqPXhe3YxLBYvXiKmPTj
X6lhOLWfDVa6YKXX9Sb1Ly7t06rks/BPKNaxWL6kTOKV+5AcPilrhVuOm70i3v7h
o1NmhQECggEAaW6MlWOY2LeMqMCssK+YYuul4JYXFmCWgsCUdFEG7e5TR5nIhq5h
kE9jgj8SO6Nb6cLhcIZqQ/BFKS2PTcoswdrthtGnOXxLAETXsW9XdyGM5tCvw4fA
kCkVcU6tWE8C/cFNNC+bn3168NLlGUj/kAAcI+iTUDzUgiHhbDHGwFTq+pvAB/WV
5cAV2J0Lwptk0471TbjUeahhv3TbJe61BQtRVMM33270cQ2FDd65AjFlexZQTQu4
LXk6E+XmpSUr/RVLq2Kw31iScmxwnDratYndpKjGFwQRjGS+CL2dp+vrCiUT+Nkm
ibO+Es/N2hWM4cYRTcoiyPfBo798/JoucQKCAQBw2Vm2CUbWC1IlgHU2rEngB1F1
c6asxmpIn3j4EiigwO+27G9cmpQ54CvRjp18Fw2/ZABok8C8edm+VMtWRd5gXFTP
K7lmWJnGJ0W2eGcjdOCrHZx3sFxoer0Vdy3dQbcWtAQJhqUBbIqCwLkWIQgrsNdl
CQiaeKqBz0cQrj6UkNs2qXfjzTg8xPgR/Yapps4O9yoJUKpVUiMlcHgRGi/wsgHx
Mq/Ghvz6tYMW7zIXjgYw575Nd9BJy+si9dXShsFmwFQ0MoU0uHFI5oGTGvqc07j8
eVFNV+dm4dr9Irt0qhSHxcaVCyDs36bXz7S0kSgvECV1QhgtFQPOrVQdgsTn
-----END RSA PRIVATE KEY-----

(๑•̀ㅂ•́)و✧ヨシッ

問題文の最初のヒントがcipherだとすると、とりあえず公開鍵は使わずに復号できそう。

$ base64 -D cipher.txt > cipher
$ openssl rsautl -decrypt -inkey prikey -in cipher
unknown-123-246-470-726.herokuapp.com

なんか hostname っぽいのが出てきた!Web問になったぞ。とりあえずブラウザで覗いてみます。

f:id:kusuwada:20200126105857p:plain

おぉ、日本アニメ的空間…!

ページのソースコードを見てみると

   <p hidden>9 20 30 15 16 5 14 19 30 27 29 8 20 13 12 28</p>
   <p hidden>"abcdefghijklmnopqrstuvwxyz[]. "</p>

こんな行が。[index],[候補文字列]として解読を試みます。

#!/usr/bin/env python3

candidates = "abcdefghijklmnopqrstuvwxyz[]. "
arry = [9, 20, 30, 15, 16, 5, 14, 19, 30, 27, 29, 8, 20, 13, 12, 28]

flag = ''
for a in arry:
    flag += candidates[a-1]
print(flag)

実行結果

$ python solve.py 
it opens [.html]

意味のある言葉になったけど…。どうして良いのかわからない…。

ページのソースコードにもありましたが、conloseに会話が表示されます。

f:id:kusuwada:20200126105957p:plain

drawer(引き出し)の中にある…。

うーん、このgifを解析するのか?でもwebだしなぁ…。一応stringsコマンドくらいは打ってみたけどめぼしいものは出てこなかったし…。
さっきのもう一つのヒントit opens [.html]ってのも気になる。なにかワードをつけて、例えばflag.htmlみたいにして開くよってことかな…。

( ✧Д✧) カッ

drawer.html!
ということで http://unknown-123-246-470-726.herokuapp.com/drawer.htmlにアクセスすると、コードにflagが埋まってました!!!

f:id:kusuwada:20200126110023p:plain