From 1a7de28ca9b67a49bc0643ae1b7fe984d5e668cd Mon Sep 17 00:00:00 2001
From: Lorin Werthen <werthenlorin@gmail.com>
Date: Thu, 8 Mar 2018 22:19:52 +0100
Subject: [PATCH] Fixes

---
 .../assets/stylesheets/includes/general.scss  |   5 +++
 content/blog/17-18/cscbe.md                   |  39 +++++++++---------
 content/blog/17-18/radium.zip                 | Bin 11276 -> 0 bytes
 content/blog/17-18/solution.py                |  37 -----------------
 4 files changed, 24 insertions(+), 57 deletions(-)
 delete mode 100644 content/blog/17-18/radium.zip
 delete mode 100644 content/blog/17-18/solution.py

diff --git a/content/assets/stylesheets/includes/general.scss b/content/assets/stylesheets/includes/general.scss
index ef0d02e..b3c8a4d 100644
--- a/content/assets/stylesheets/includes/general.scss
+++ b/content/assets/stylesheets/includes/general.scss
@@ -3,6 +3,11 @@
   text-align: justify;
 }
 
+pre .line-numbers {
+  margin-right: 10px;
+  margin-left: -10px;
+}
+
 // Override box styling without round corners
 .box {
   margin-bottom:10px;
diff --git a/content/blog/17-18/cscbe.md b/content/blog/17-18/cscbe.md
index 993e292..14f1ebe 100644
--- a/content/blog/17-18/cscbe.md
+++ b/content/blog/17-18/cscbe.md
@@ -2,12 +2,11 @@
 author: David Vandorpe
 title: 'Cyber Security Challenge 2018: Radium'
 created_at: 08/03/2018
+toc: true
 ---
 
-# Cyber Security Challenge 2018: Radium
-
-**Category:** Network Security
-**Points:** 150
+**Category:** Network Security  
+**Points:** 150  
 
 **Description:**
 
@@ -19,7 +18,7 @@ See client.c for an example command to do this. Abuse the resulting man-in-the-m
 
 *Hint*: When is the authenticity of a packet verified? When is the data payload of a packet decrypted?
 
-[Source code](./radium.zip)
+[Source code](https://zeus.ugent.be/zeuswpi/jaWQQLqU.zip)
 
 ## Introduction
 
@@ -57,23 +56,23 @@ To understand the next step, let's see how the plaintext is formatted. It consis
 
 Let's dive back into the code. When trying to dump the flag through an error message (which never gets encrypted) on the client side, we stumbled across some interesting code.
 
-```
-	size_t pos = 0;
-	while (pos < len && len - pos >= 2)
-	{
-		// Assure there is enough length for the element
-		if (data[pos + 1] > len - pos - 2) {
-			send_error(session, "%s: not enough data left for element type %d (need %d bytes but only %d left)\n",
-				__FUNCTION__, data[pos], data[pos + 1], len - pos - 2);
-			return -1;
-		}
-```
+~~~ c
+size_t pos = 0;
+while (pos < len && len - pos >= 2)
+{
+	// Assure there is enough length for the element
+	if (data[pos + 1] > len - pos - 2) {
+		send_error(session, "%s: not enough data left for element type %d (need %d bytes but only %d left)\n",
+			__FUNCTION__, data[pos], data[pos + 1], len - pos - 2);
+		return -1;
+	}
+~~~
+
 This is were our attack will happen. We let the flow described earlier proceed as normal, except we intercept the final message returning the flag to the client. Assume we want to decrypt the fifth byte of the flag. If we manage to set the length of the first datablock to 3, the fifth byte of the flag will be interpreted as the length of the second data block. If this length is greater than the amount of remaining bytes, then our byte will get sent back to the server unencrypted! To do this, we need to know the original length of the flag, which is hardcoded and 39. So we replace the second byte with `C' = C XOR 0x27 XOR 0x3` and this should print the correct byte and the preceding byte.
 
 However, we're not there yet. All ciphertexts get signed with HMAC_SHA256. At this point, we got stuck for a bit. Around 2.5 hours before the competition ended a hint was posted (see challenge description) which led to the solution.
 
-
-```
+~~~ c
 static int radium_check_authenticity(struct radium_session *session, struct pkt_header *hdr)
 {
 	// Nothing to do if no encryption is used, or if it's not an authenticated message
@@ -90,8 +89,8 @@ static int radium_decrypt_data(struct radium_session *session, struct pkt_header
 	// Nothing to do if not encrypted
 	if (!hdr->encrypted)
 		return 0;
-```
+~~~
 
-Basically, the solution was to set the msgtype byte to 0x1 (ServerHello). This wasn't according to our protocol flow, but that didn't matter as we intended to already produce an error during the parsing of the message. Throwing this together revealed that the fifth byte was 'E', which matched our expectation of flag format "CSCBE{.................................}". Jackpot! Now we just had to repeat for all other bytes. A simple [python script](./solution.py) solved this.
+Basically, the solution was to set the msgtype byte to 0x1 (ServerHello). This wasn't according to our protocol flow, but that didn't matter as we intended to already produce an error during the parsing of the message. Throwing this together revealed that the fifth byte was 'E', which matched our expectation of flag format "CSCBE{.................................}". Jackpot! Now we just had to repeat for all other bytes. A simple [python script](https://zeus.ugent.be/zeuswpi/GotPD6yg.py) solved this.
 
 Flag: CSCBE{1FFCD19C964D3E5DF5B4CFF490583AC1}
diff --git a/content/blog/17-18/radium.zip b/content/blog/17-18/radium.zip
deleted file mode 100644
index f8f49da66400d83a8d91c85a2c91d6753d38c564..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11276
zcma)?b97x>yYP2xcE@%a+i29rwr$&JjK)c0+iudJv9n`ajcxYJdtaTNd%rWz*kkRn
z)*tIP=6dFX`9NL@0ul%S0AK-CaPrb;tCSXu-~fOWBmjT{zy~-Q7+bj5FdA7~nAkcq
z7^x`30U)SJLp1+!xws<$z##V_0D%Ab3s#b`OaFk%-&5`GG6hY8w=9vb>VRIVIL_a2
zP+D6t#?m=l6X}XYWt;wMP2=;s;y7F`K+otCE|<LKoQ^D)n}8Z+Im32fd%VhbZ{4GY
zEs(qyO?1Ve%DnL`b#$?kcHGrIeoP*R;*7m9r|~!dKTiXzjA>%W?u$<7?JxY$!J<0V
z0)A+C3+I6N=du#9@GAo3SNlB(B!;_Ah}UnjB8kElswSn(S%gq0o7q(4w1Jb<Vt9#X
zB39uK7X#M)d-&O=15}J$0#el+K_B<Sr{3vJ7ASb=PHUXUKJ)(CgyT24$2ya1-VeV8
zuB`4J&}tBDSk?Tb-JFDPp*&ll;%!}YblAh`Mt9s@(zJe0)YQ9=Q-!Fh`^_)O6xMnJ
zyJwY#k#+@JFSww<f-7W&gc-A=K5a1xf(#Fq%R=R-R=hri7C&W5q8Y6z(P&Uoy>0Jl
zY}^F*S2WoxIB$#A>u{XYusPzq7(V+9*X2-aE=zyZO^KdygfVsD0ckXu3NaiI|5*Ya
zIyz#F?%P8~1%c6ZPk8*@%^ZohQP~Pk%UnLQr$jx4kyu>e+N?1M<t}Fl4g5K0GJa4E
z1=g$X@!^5R<W=JlpDg-Oub)E_VNK6U#zG82!F_G+y_ZQ%tf`g7^qwvDRS~5(^E!^?
zOgG1n#hGKy$YW)dxKyi+5A3lamPWt*XnPTTYgak~zRq|wrd$F_s}9nfM-`TD+fK63
zrG7m}k<azO&Yi<Emi%veC!=2#c=D!65%9n3ouh}nv)y0oU7@Ot-I6%!Ym{GKqIl95
zN7OrK6^yim&)bwGL81Z5RGG4KhK%kQ^-XP7!c}8_KM1Pz0&-NpGG2h5_^w77sG^<}
zFy-&1gK|obL;Y~6lB5R{FEEC2ySZ|;!_4KM*Bf*sD`AHW#F{Bz4UksJ?Wm_3bVTOm
z^w4qcdTd3KB`|Y)v9CQhdXIv{oAl8V7|%zIVI6=Iz*FVXMQd<0tpair<qQ#O6H*XN
zpxJHjqZr6HqY63-#(7z;+n9-Ja@u3_aM7pL?<Y6OCM``4r#w4dS6i!FammY1fzf_9
zCA&v=UPq!0)(o2y)+fYYl$g)=U|>2dvJgyE+mnH<XNEY!Wm7)QE$z;HX0KS+!;CT0
zW=`+wJ6SsLGBwXe=(Rs+bft+Z9H)PNk=iZ{mmI;xC7?q`TG#2kc3`QElEvsU%8*db
z(~&euc9bv9y|7H|)1NCNwM$jBY`WaTI4SZ!8zc7>g&U7&kt?p?L{Wv+QyG3Y4AC^Y
zXZ`^N6615<idP<EnM9On*|^d^51HA{Qnr2((ndK;b5TZ7*+z;RniZi_c3E$fqeeEy
zBqv)VVusGzS5oNZoVH=(M`kQ^mi}ETIbp`}u&}bg$7pInb{<}iG2<i$rF{a2Y4($5
z3xiEnZnoiyV>}i%y`ghrF-=k7HdclO_{EaXfsV=?_30xhe%{wr{qv{Rr!p%CH_xW(
zswbi3!MdWDY>GuXX0FbVB0c*-&UnU0qT?0*$lv|+TJi^u{5FzdOPdsjTGeGORze(6
zdY0BF^T+6sMX4251M8!iMuJ^}z#D3pU}J3KzIrUWoSc61l3TTfC!6M(<s-tBjgk03
zJ}Y1fMQ=D)?>IWsW?Yt+@-X!HeqdYuSvc%lXNj=4L53)gaHP>$`p4PFqc4?ccGHeA
zG4zA%S`no`RLf6e2ggZgp;u_$)#cfz4#~R=KWE4vYN~Ozmk!tH3k4m@eFE!-5FeBR
zCgkW<H|m94olkb<F8-|jGWS)x8dljNvi_&cE|D3_&>{c)06yqft$VAMne%nM_1xy>
zmj5o}`JBM;QrX?d>Ck%xSHCFS8|^)kcQvEU*(l7p2Q0Gl;Fz_Z$?wOBoRl|!5Sj$6
zxxU_juB2S!lX`MxFH7C;tid=dJ~&;PwL<G#u!g65>|bI~S{3VL3XRgWXPd24c?_NV
z@A|7T4)gInnQ1ctd)H4ey+x>dwF;Jg){-71^jjOm4vL`r*M1*!#S(h@@SvEg@G@E?
zZL3#mDrI-~?12$6?uXCV)<&CBHrtE=Ta&-W)?yY4KCRt&>CiO!l{t8jfn@u}+&XHe
z;~dMLVSe`-!cF8l=Wnr#?k!^dF<Sl8YncC4wDM8pm4akOts1L_wRR#54b9A1SXg*(
zXoMlma)kVoQi=tx;>X%?;IU)3>w|8poiMKTkT9*DK*yTk`b@bwyzu8FRHS%^q0inC
z)^Yb$UYMj_4O7CMh%~}c`w}mm_Dor%Bg)n&5xceWR5%w{@YH57&gh(KgqOx2a6&(5
zk7+5M^pXZ4ZqjfhNL4^{u$TMwe7UtdwI%wx8|6yLJ(lx5l7q(e@wMjL*9^r0T@;X&
z)-05q$=s!YL-w4F8JB1OMIX5gwx?<w#C~K~M_`R$TSQ8Eh(|n!oIh0bH?o&<R)pP}
zM00<-rb};Kziy)61&3jBnAZvh04PEICO8=bD-%--Ym>hcT%+>3-82)bFX#osH-$1K
zQIwBiDVF$|S}{i{ve&(=?K)oF#b(4cp!UXZp!9_N9iKAPWo*XTbLNkyt=8RR8x^!W
z;5_*cBhnxFMS*qXuMTTXRk>~LK5FfrKaS_kP#hYm4zPw>ybw}phJwU0ap&OUaa%iV
z`%W*>H%ys-@iFerTDDN5z_IJpuX2<RfmlujBIfWK`ZXFm)KpDx!cyBcq?t1ZoFR%L
zQ*3*ciFAp=idF_P3=m-kZB4J_^bn?$s<;)wKr|Uc^6G~2ej-TrVZhjZdWrOnFJ6#K
zXNq><>G++Yku_r~_P0#*Zh|_kinp;`HyKYUFFrU=#g-#*BU$p~e$QP4$G^6_2x0Xn
z7m^I~=(8-}K}DixW+$8!8GMN%6tCkO#AfsdA{{8jm4n^BJ?{8$lj<Cr$3Uto=H4S<
zs*Up$SjEF%8V>J2geT(4{z{^xe{?R6ySMwEAv+>|`l$K}8qO7=R=NY=>RjO<t`?`e
zzsePTK1i)jMYa;R6k~W~MrCx(AW5iYLCnZK>E3w|=UiZl77@8yY-{f(axUk36hz;8
z$4!hQA#=Zr1^5B@T?eeQUC9^U4Ce?206_ikQP1AM$jZdo>91pMrizZ-G8528*0)aw
zO;Hg%@f#d9`jUPb8wT9)a>3x2%zn~^xb4K4F2D75*|d0$^kEtmN!zM3Zh<|n#RQrm
zT853b2JOTA<L-4Usib)IlerR^MOzu{{A<(nI7^{M6fskHSGuH{)yEwDp}?A51&;HV
zDHhsy)KU*Lh6o?YN4T(PKFEuEKuXbbBOYO(vFXrU`#tFf^XpyMa#bs0i%hJb^n8CB
zy;~}UTb-E?W~lXW{`s_~MCk+urUJ4k3Kii`*f1i)MuE-xNHmcK3&fui3(MzA75?zW
zh>H&{AQ|kn<gg(ZM(wL01C^4ySD=dpOXeym;wyS(g>q7kfv#qbI|q`y)$teo8oewY
z_*fR>L92+TY87|*K-jJON8d*qj+WGZhZ)67c<pi-ChTUdEu)}H#3_N?Zr)chU3hgT
zqF|YA{4T<haC_wbM%}X#c~-CyvsW)GOpooTvfyae0vg0APL<E#f)zAOqs<mFB5Ij7
zK{4~x-24+3A9M^V4Xe=+T6$fbN&DhdMIHt(GZ@50DdV#8!Pxg18%g34w)24v%v9Yp
zR&MoY2^QY`4<798;W@i)MYkp^^v*C%EMGFj8+oEQ4<T)&IfdJ%^7T02oyQY6mWi4s
zT)HNU7pc$piOM)8g>iJIUX^-m$S#_x%j@IA@OAA?apD$dbqf`+O)<fPre;Z<eCrGS
z8-&O4;=2Ss$@8FyCf2R<qx0X(qVshU;0Y2TuB=F$d4G)?KWSa}Z~4h+8+e69J8VA^
z?t9&liBDv<m8upaRs)~q&LC<CRoqT*9l~cTMk?=nx`w0m-j`)6LM7_S=n%c_%MADm
zT=05KaQgbrnx&L(l$$tGpZAMNja2eB%Rod$OG~y3iVc5ijwRMA_;q3Fuhj@qHEy>>
zr=EZ{Mp-{B!4Ve|H!k!V-}bqQR>Dr)2Iv_Jh~}FzH~-bI&qccgFu(p}BBi>ZAD`Y#
zWZ*3u`aewMF9VE=^4Xh-puVg;V^G~lX>~~k<Vvhky4Z-J<r8b7DhAVSYvV=sMq3w`
zq~EW*fnq3~x3o@IuUg&QT$daxg|&ND&As_`7#8Tvm8dZ|Vsq$|!s<~sTU~OMPo=Kw
z0}g;mjSlM{SEz2m@A8LcdyvxCK?6#+UOaZ0nS?)0IrAN|Ea^?jI9k4EFeD3fXoHYT
z)ncF=?9sd%xWM|Goj!ILBjX%7D>CRZAG-zuRFXUSQB0Eg@@f@n@9`Q00M-COeS7Dy
zEObxYHWaBZyo?9Qt-$sVXtfS>3N1MOwUoC*lLECL>cx~Opj`|r5`xMntmZdteol>|
zxvCl|88wjX<3IAddwPBzHH4K7RJO7~w?_jnW14M1++a)tQSsfr&)a?BMQHb3?POU~
zJv~SmYeZM~yt*Lxb}N%UoEmCbZAMYY>8T5zG*azBa3oEMpW+=o+NX6?4p&(b80GD2
zgzPztMF?F9KWK!RPZ}U%tC?mwLA#&uF7JGWOP)0Q++|H6P!|BzI;r${s2;>8x~+A1
zw~6&l@dMaw@wdKRi+u{$ZS&)v=LwM(5#{b<#U(tMuVxLBy9FD_7DI|Qou~1T2RsPw
zeVLVwJFYjI@A)_nMd7f@137QBm2a#Bi$XXUc-AhtL||LC^_75*GGc8c45Z={njJ#t
zzE+!4w5qHG+Nk?bmuM#zgc_OheRr2KQ^(J<Y-}W|D+97d)dB+Gw7-b^3T6m?9&?f%
zKz+Ub^=Um)SY$LuhEuO9z_Z*>;m-;w0ytPDLIwa5cz=uA|IE_=+GX$JS=cRqysf{c
zr9?KA(p^k$w29NKjbw93(^sMj%cR4!`4BY}*UK*E$X%fGZOm`|ZVew-mj}P~$sm$A
zH>AgHoz(}w-&Yy(Gk<~yX8-idqQqUT&N~fEs$B|(!okZ+O|(!JlwqqHRLaIe>b8o?
zi>R9KTy=>=LA8S;M_TXiszn*@%(Os;aiIzxedD&%eDAAq>Q)=0U<{ZC8f~%nq+hOC
zx**2owj{Vt0;J*BJK}_gnZg&Ve6g7pD4l+eyZ5_N8IT(aV7;6Yts=Mm(sAdG^hZ!9
zbmMJ+^Lu4^ylovfHNaAv;xih!Mozv7{n`hatxxbvf|B2RmB_6%Q_XHI3%m)aD-*BW
z%OB_tz_;m2mgO?w_x2kF33T`@n|+Woi~sC;1!oWRS2Q@XNT$FM0pz$8-J8Hhobbi*
zezLaer27P@Pk?{U`Gk7mMtMmZxwuC1d=GBCI(oiL`1VFXTj}7%Cp#@xZvEvndjHJZ
zr{f?b3>O%fWBgG@liKF4v6>+1*k;5we%E^(kEI9pwS%4z*&Z!-?iC>tlHNPMgwMOI
z2F*^yfrdtYS?D2PxXFo}5}5c9^XqqLBd7|*7N)$!xvR%^&D)dAPth+AR9-+y!a`O;
zET_2OSHsY)a-ma3d<nt0Pop`exyBCh5b9XOi<oy#aWA-P>{AEQ348_xSdTAIzrYn=
zuA7QwoX>hYiI}ADZ2Q|u!5`SfMc|1VyeMoH@I!l&E<5RoV}JNnQwY;tjfivM%_WD5
z*+PQr({~1Q?da?pY-$AnT-d{7ZIA@Xw9FN)z0zBxwwH#t321Y0BLy!%Y{GBH=aaO`
z4M$Pu0eMYqJE%EDwy0^y<~9}A`#*$q$dpiNuzcD<KEy;>&%;*ik4~ZTO%w+UfYP%%
zBZ_Wq*e!WrhlaTadSBdwy+Smf7w5lv$(07^81p4x$@d+oi5>5qcjhzwP-!I!iLDy-
zKn6u<h(>UoE9YsZ3S2*3)7+Wn(1AVZV;U!Z*jR5*u&Qx--b(QyM$MkFvtygX1J828
zurlK=$jfRK9|9i>#uSs*P=M4g^4llAALJ1u>5}JbhhfemTmFXn1)O_Zts4QINp{Y9
z*IZFQIYjDOzkwJk;eB{)rPo?{j2R=tS{v^bpUHtO1Bn*dCHg@CN1$;P7i=}manIFP
zJAv2Z_J^Hze*U9+vwn!Q(o}n<GeBudgt{>wmNb|#a<QF&jVRD(FJKEY`^kXkT`HdD
zepmiRo&>)jzu>2wUtBL(Q+)bkZHTD(vupl+9xUZ0N`6a^zJ*+aN(6Joh=NdKD<9!R
zON{GE<Gl$V#2^iCOr1`>^hrb05dyj9*^xB_MR#0J(c+-)9{2Vb2T?OTcPJ482v7WA
zqw}z!Tutt!?tCnqOc-OTb|w8VV;fT=M6te=>N|0dZLWg})f2+vPxnXer@4ZeuefmO
zLmhj;_YsjogyW}yPgk6EBLD{t5W*CYdP|Uc#gj_Q7PN!n(8SmELkF@J$9(PezAT{S
z7g*#9>u{o}_klcs6uxq_4VWA9t&#UL7Rdg9qF0LL6IycYxu1p%No&y7T>4cH*D}^K
z-JjBC5<Cnrz^ad(`11~_M9mh-L%|NOyKRXiI?=&vx1{J`qANd+ZRP5c*G7kXS4cD+
z?CxLrYqT%vaCmC@#F^!j6o${FO?6H_AE2#q?SDGuK|hceI+HXm;YVgBlNv3lmI55c
zi~5d{9ZRi<n(=+`nj(LfS3I+u2yv)H14jsB_}L`<$S_uGVhpph;)zas;M~-re&=?v
zT3?Pmru`iq3(dXAm@HYP!xW;Q4owI{1j~0#$jf~B-hJo|jVyXSHAphYGe^wETn&h*
zgas^)l&p4MF9%JDay(NN@P!QivemrTcI6kESWm{VrTIaANjQI@nJZ9QI8n_<hNtbK
z30-t+TnBd&UoDl!IDNdqY7NoMXH%Mj!5om1az%iaMPs9*QiRfUG~u-&VXx7dTO5V0
zDP@q&q1#Pkv@ZxQqdc1(V`oYTEkxnz<`e59#{<v4mQ!=~=$?Ka-WR89&bb)p5v$}y
zI6R-HRdmkOka_TB{w3tK_!?NLs<i}a`|k_BV>%_Y_RQ>$azoJ4k!NfbFC5Gq%O%3Q
z`$d+js+EzICNwZ1Dy>)T1bq9I?4D1^!mUkHsG8fo{4A4}5)yI6eTV%ZcJdpE+34#-
zNmj+D6kHGu>(-*Owf-mE>G_aNH%QZ9XN6{0Be<6jPE(xk0wUcQ*9mIB(lk2aKOfu%
zD$H^Os8VDHUxuc^&m<b=4_U{LamzRS_#tPRqhh^@8jmxe>%<7ZnP7!l-MfW=31Amh
z(8OVag6eapH!7!r>P>$0hIY3oz|M|t!1dke*_Q&pvYHQZ{-kq1qV(wPmp;W`>T$b2
z5PRq19{#XBbgXGzHfaTA%s13wJM>^<bpFh31G4(ch}cT@q4Vl25SY>-cK5>2+<}b-
zSeY+XC<YxHh`A3aMC;728(bG+O2?C^KEW>sM5$C(;>Ly8E*u1)s+Yo%?l*|Ixs~Z*
zN1sFyVr8M(;~P$$<A0USDV>-mkzaIr9~spP?-z=G__H7dWdFpLZE*)gE$PEIE(;~w
zHQnwFXn)IUryYD2VCBZ69Rq`U(ZVHU-Pw>au(BX4un<ZFH#aXiu;O)u-KDqoG1boT
z;Dgza8A3&tN$3f~K|;Z!$p)cqa87<r8yEFk1AF>jO>5lUb_!r#RLXPyD<iA3&2?Q`
z*J;VbOHQe9zU;1ODc*-0HD)kU6Dj<7`cns!LdL@>6z<o_NE0QZoBES2ws7c;M(oH_
z*zJzECT6r9b~P7V1|HBSNYDsu3`w;Yywv3rXX3k+m=#x81zGr>aPuFTx3D|Kr9_&V
zJ~q=Spp+8?Mbo}Y->VTa`X^xP3W-0ZEwYOLqzl-Qf`UOn=R*sB=VlIHM?>B;v5|Go
zGU_&?ffSQU@p(JQ1bP2n8Nu<Pt%a?@L$&nq5g}Ed7y|y+d+a_i-ApbKPE=W2oNIny
zF8WNB>X%~%S@#ap`*zTAx?W(%!6>{r=?jyZ;8Ej{d&GMdN#oN2+%*b!ML=!Ly|X<d
zx)ihq&SR`Ubi)tj{-W$mu&jG}40-V;+XmKh^j;N_#l94fH7>_#Yqk)JmRW?hp>rol
zPw-B+<Kf`?8GQ5E`C=&}dv6oJLijTLJod^%bGHq=WO%l2o4WxMVhj>#kb(7l->M`H
zd_GjZkUN_reMI^h6X-HU(*Wp4@$6AOsNbdA;LcmCarv48gmqE9#MqsVH{ThZcCjxd
za8d#9N4UgU@Fc?q2Ib*%6SA<V>o8J|D{t!Wf@h!ZL}W?gPhSRZe0QyIFBR-^_s9N@
z;$!S$N2Mx-T+x8vjWk|9*Eq)}<&7$Afql<3D?q(JpjBi`M8cVIfQGN5Kys~5^Xq+3
z5Fr#IfTbeA>BPeSJ%LN<nr+3vvAuOPeK`e{Xz}BUn~F~~lnpkkS>BLsv*dHplm)dl
zO$pwSl^5nDOTMc<n=~E$SETw=j2;j#J_&8uNXRPEDujO!><0JgoI6>cG@51gBYogW
z2w1t|mge!-kXl-Z0B$HtIRE~&mC}zMO_iYwHiXSx#LuUM?pcwE1gG`$AH2vV*(<Az
zYHM`Zjlb#Cfe*wiaL3pfP?p-X2Ne|Bu_}ni^sx<zBu!@Kx~vL~VBIYdDB>BSLXT=&
z>>x0@$XA#Yj{f}d6or9|f%2Ase(d;IQ4`VH3rFs0+8*@k=cqvzGb!Meq;K9D;L7H9
zHT44_T;}t6r1l6rANX^z^RU9LkJrATP7~>uzKV7VvT6^@tH#_;7acGCe91`5^(E!Y
zMxFrrr-%jRC5&?`Wd?+A)^gX&%N3e0RT8QES!ow5kHx`tXdX#Iad_RD2h>u5q&Vm~
zFx04HqtHIjxl{pG^F93~>$H)Eb>h?HPS?b%Wo2w#Jf`b8+DA6}7L2+CA$K1@oVUr=
zHw(k~I2xd7$PW8cirGFharf_pa7uAr31MV7a#F?{%m|N`=orS-LZpcixs%eQVV=|A
zrQJqD_Ik(lBZw<rDDhuWtbF(t=gIm<v<yG#V7kpx67dTYd=f5b@9{0%(w3%f6ygGF
z*WmHo=s{FcMi0e71*INFBT3IDsgkSXx(WZZ<oD{;t&(Yo<ef&EFFA5|uJ;?SsAS3y
z37U4CtxQdcxxnc4z-#@M7R@I^u6s3er3+C@2rVd&&mi<GJ9HDB{SGT?jL)Z1UArh3
zGh%yK;(Aqt85a}D6i)Zsn%jXB*sZaj+HBbDqMt_}zogB{>5o_8+pYkka_g8E(HDJV
z$Rf1K#E22vQUUWC?`Nrb?d+L?rIpJL;QdYB3$+fIpK>e28Y99|uzDKCGB=!NNHiC2
zPy95*oiGvm5YobEb9g_CP3MSFr%NXT$O&Tu`@0<<a6!o|#tW5(#HNwd8O4Uc8KOys
zxfsq$qm^vp^eIi1LNwYQ+%)*>Qj4G#zD?)1BwuE>v5M5m{d$qRupVxKigh5bqoc%?
ze_24i14foplv=P#<ru9#IP<1h0qCddO}4DN3Qk{3f9;xgK}O@;yX0wg4(0_mcXb-N
zJ*GPFvNY~9QX1aXRv3lNK4h~|LJEoRpd>M;seIerR~B5~D<F#hsV4*;%wfcPW6k(h
z*>343ljAa}inMBTgQiuV#{7clri`K&P!g!mH!}v5GceW}<8-|@Y!KDJNwNP6YPLn>
z!WPfhr?n+!o-zbkX*Oyac#(`!{0rgt+F(Sqz!}+FVO{v`LjP}V@ZWi+ovrC#m56D@
z=@=Ns86|6FAR(%@W_I#s;*Vz}wf6MQsOBw2z;luj{#0ivDRBywf2*-bBK==!?O&Ez
z`qXUfmN`&gtzRNUt_);Rd9}VH_e{B-Tjw$_Ed-ocBYgg#Uy>juTBIB&x!w43#v30$
zRv@cnw(t=$Omy{W#A%NpZV>xj$~AOPeZoH1LM|tXgAW@1F;opq^=T%;`S|tmP5~$P
zT{Xj*QyVGsM@1BON_oo-Y4Gtv(W=eB2@73|4?`m+xnc}=B#gO=!XP0MMui@BhTO{J
zNT@@_bDfwb1Q9s37FmfRVUq@?eJ%Qd6ccVHoF3o^9^L8_c#@$LWG=wYV|WMOXo4H|
zeS?1LJ%Uj2g1Q;|HToBdRdlJic+C9XsftVmaZC3O^;jO0-qf?<vXgF$_qL)TA15OU
zdhe2`<D%M03Yme@r6?X2GF@6bN&Qumtoms}6n#(dV^k`{Sm7HvU!iCQ-x==AmtZiV
z7cC$i=nwmz7*p@@oWy!>*^IBf$U2PJ3sII=Nex0Q@}GWzp59(tMt#KwMGu&<!hU)g
zdN{D=BD5K_r7wx*;q%tUrL!5xs-EBhmqIu%^*y;ywK?PXRvq4%Mf9C1w>fVLI8SOM
zY}q!e%b<2i$epbk#Awy03s;HZhAR=OOrBwsYqLf)@oe9D7WypPMg)KF_wI@p?Q6@<
ze%m^>(;{0@<+TgMnDkMKAPxd(biRC-v)J&4oP4}&p+Q=LK9R9A4Z>zVB#yP}sTa5|
zQM0!f0<^nySl^Nk7i((pZ(?!u;<T#9cjsFzx0~i1W`8w|oTG7M5+-&L3nX^UQYV)>
z5V)OimtqgnW=4lk+o7N+OB8)C=D=Fl<alZ&V=Q-Xwjh`uJV7+Ajf<3a^b4Ue=M447
z7}iB!huFjYRC4mVkdmGEN;aVp@1A;76`h@`wVv*ceZba8?)A*tL1*)nSmAQZ%QrMa
zs-rn35Vs`jkCmE6=;sj?0qM5(u1<wQrnS%oY4v)filwDWLc~OdIGg1zZQ%Q4WRxg7
zi6oPoSPspIc<aq9Ot=bCo>C|*&!Y~*D~4y&Z$w63$Q}U{tgkJy9eFks(3f+Xmod0!
z#IUZokiHU@1&WJco5GwvCq5pk)nu#J8uos<86nf}Wg7Nv+zHzeK2>5Owe?^LiUn?_
z+w-uh*_rBD=TfyF&}E?7`Jrp3&0X~n=Zq>h@Fde=&XQVcKVml^BkRY$i&`}KvXP?A
zu{w5W3$MwR@*XM9i@y$08B5sj6POhyk4_A2HQPaIs!EchN3aY^pHL(v07*cTOlqNg
zPkwCESS~$t7Cw(Zdihu#)<%OPwDj8dV*BoE^g&|Ft*klH+C&k%Q6M-LBW_1P*h_mu
z#Xwz4*)b^niQv2(A%woi+{Xt9Ss5YljBjyHbtIM<JLx`yB10NA6*57j8iTr|EY`n1
zX0oYN+`pQrV+7nokNG@qoKf2X;&m~T-b@Zp`NpZ%tNT)e;+uyKUt)}~!hcz4;-Sk&
z8iM_q;Im~MAlU1M_rUIVKWP06c}ViDPxkru2BVXSqpOMIU)S3T6-H!xm{9o!^lBw3
z#N{nUa*La^H&8a_RFlFv4<Z(#=VVcdUo&OWh2vtm?CaRqJSxmYt4g#2YY-=6vybg&
z_Yn;pXXPqf$P@T)k%}si8eQw;l1Q<-EFCrcCbcn)sBhCYB~Mp9)63nG!fdrfx$0cO
zM2OGy-&!NJ<`DhIh9CNw@I-PruT3~Ucy!3q<f7LJ1u3NKZ0bnN;+z31{KTEqyXjyq
z<gkrKkgM!^k0EN1VcX|A(;?}Mw{Z04>**_0?ORfH2*XXt1kouzvJKKfyTM2?8FxOw
z8Ujr`ChTVbXp7CtQ?C|F`>48n>3;6R`k&ZU%^@39c_FA~^+X1-WQ)(ktcMQ5y6-To
z5WYtZGM%}dgCGZS`;iOB`=#cJaW~flcW5RXP1DCvbTa00h=U!eo-wW|12^TBPJFIr
zW6sIDsea!Q=Mms6?AvzKzqKxr{u`QHoGq;XdPByPblw`5|Lj>6*-B{5B~pp1t)&Dh
zUxWnp5<9+2S9d%fbS<mw^jmMtY}C+Fxb0Uuesb_WZK3+Aot#%ry@Ffb^6a7H7slvT
zJ0;LG6AaBft7s9GqEM-48V_=GP@-}eErc4u3t|nL%*&NoY_KRTsGTsl)G;uivt$hp
zOmSuI`37YCJWThB@d;VlF3g`|Cz2~VWh(ZTeFf&i>1g<ZDb?5k_;9%{)k)QHadr;T
zAlPgxV^drRquuKVu3`c&V_cZ#{K<H=mW<RbTb0OQRMR_w8*R#1b#kl%p?wI5o@tCg
zK1%GOB6a_4(l`vzBAd%=PA=?MEx}7(Lt`+9QVj_FOfuzl&ZH2TBv~xceABx=dhxlf
zhc+#q=0-bi2l!J--v$~>Dka-zuCd#ES;!qY7n6*uj~fGH%y$p>u>v?OkAFk{18Y$r
z)oX||LQQ@;v}`%GJ2YcI>M-|o9QwUgp23Rc@O|KVpRa;A-jhAm_z0dEnAv3Hj9XV6
zCfRoA(bZlBd+PadVqX69i5krGJE3%_lAiBg2g*kT17GA48gr<C=kJhVP<|ApJ75!x
z9)x>sbn>uqo#kUyon0Lf_!SQ-U{+Oa<n1+#n^yVOd|$=g3*-(nw<2u~vDAJ2l#d#a
zq022P6hz&mT+UkL{RQk-mx66nyT=Ot!}_8C*zf9;Uf5aJ^>)hfe6#XDtJ7Z|Jc488
zta_Lb`_5j0pS72ml8<uo_mEvzK>dxon))MMev<pe)mq8&!WwdQS$@89j-Qf|H1A&?
z9+P1v8(En_mHT0h)zF))SR&eMtGZ#Tx$?vUCMF8dh&)kv1l(99Czm3a`|TrkHB(bE
zBhFoO?mH)^wixx&5i*GBP<*Pb;Nx+KTp7|jd8boIjVXi&+^W1uIYdg!=8utid_}6W
zliTkSpcH+bBdj__9|dJ;&UT@cyqOieh<S`fFhdMpmucmtz`zM1{(qx?*l#ic0N#WG
zC<yq+-TxW{g!<<o;Gc#7{|x<ouIrCb_ct5<H}pSKUVjhz``E`Hp;gd-hQ96L--G@>
z67fgq-dltGUn~9ZfW+T}{@!E%BlHOFKhQsP-2Wc+_qOC8smN~!=zlHs-_*Y?fZuyd
zf23xk{D=Ba_&*%&-&^YMiNqhFFogdL`afyK-{bzCG5nG1`oFk;TLQmF`#(Za-jbnz
z$@Ran|L?8z_jvV3Xdd~0p#P3ue-HV)&-x?sg7SCdUwk^$o2dW*h;P4_x4Fv)s((EF
EKcRZO!T<mO

diff --git a/content/blog/17-18/solution.py b/content/blog/17-18/solution.py
deleted file mode 100644
index 224fc13..0000000
--- a/content/blog/17-18/solution.py
+++ /dev/null
@@ -1,37 +0,0 @@
-import socket
-
-for i in range(256):
-    client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    client.connect(("52.210.242.66", 8024))
-
-    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    server.connect(("52.210.242.66", 8023))
-
-    # Forward client hello to server
-    hi = client.recv(1000);
-    server.send(hi)
-
-    # Forward server hello to client
-    hey = server.recv(1000);
-    client.send(hey)
-
-    # Forward get_flag command to server
-    getFlag = client.recv(1000)
-    server.send(getFlag)
-
-        
-    # Intercept the encrypted flag
-    flag = bytearray(server.recv(1000))
-
-    # Change message type to server hello to avoid HMAC check
-    flag[1] = 1
-    # Change length of first (and only data block) to result in error and printed flag bytes
-    flag[-41+1] = flag[-41+1]^0x27^i
-
-    client.send(flag)
-
-    # Read and print error
-    r = client.recv(1000)
-    print r[20:] 
-
-# TODO: task someone else with converting hex bytes to ascii chars