W4502 Capture the Flag II
This page will serve as a writeup for the CTF II competition problems.
Cryptography[edit]
Telegraph[edit]
[25 Points] -- .-. / -- --- .-. ... . / .... .- -.. / .- / .... --- .-. ... . / --- ..-. / -.-. --- ..- .-. ... . Hint: Your answer should have underscores separating the words.
By examining the challenge name and the dots and dashes, we can assume that the flag is encoded using morse code. When putting this in an online translator, we get "MR MORSE HAD A HORSE OF COURSE". If we format this, we get this flag: ahsCTF{mr_morse_had_a_horse_of_course}.
Racecar[edit]
[25 Points] ahsCTF{ti_esrev3r_t$uj}
Hint: racecar is an interesting word
Since "racecar" is a palindrome (same forward and backward), we can guess that the flag is reversed. If we reverse "ti_esrev3r_t$uj", we get "ju$t_r3verse_it". When we format this in the flag format, we get ahsCTF{ju$t_r3verse_it}.
Base 2 to the 6th[edit]
[50 Points] I don’t know how to convert bases for my computer science class. Can you help me out and do this problem for me so I don’t fail?
We also receive a file with this text: "YWhzQ1RGe2lfbGlrZV9iaWdfYmFzZXNfYW5kX2lfY2Fubm90X2xpZX0=". The characters used in this encoded message appear to be base64, and the challenge name also hints at base64 (2^6 = 64). If we put this in an online base64 decoder, we get ahsCTF{i_like_big_bases_and_i_cannot_lie}.
Message Mayhem[edit]
[275 Points] I received this message over my unreliable Wi-Fi, but it doesn’t make any sense. Hint: The message seems to have been repeated on every line but some characters are corrupted.
We also get a file called message.txt which contains this:
ahsCTF{923fw3d2-3fw0ejdwoedpk3fe
a_#}?}5nJgxbU4.StN~oi_qn3WbV~qjl
[}ZCuR{8PAVW0XD~4Y8o9]X/P_'Uv9/S
y#GC1Uwb:Ksb#nDl3pzow_>|7O|\{NsM
Ofs6K*9b)[ndUcFrfX_4s*bXaYbo#0A*
]%sf#g{bag_{oZv%U/_UoFbIor#Y+ss<
a.pdl){b!gM3=n_a3nJo]6Zt"(bj03 (
>p,_T5Ch&g"uirCh6F{bJt|z9| xexs0
B@.VqT{i!gXh[M&hb$_oMkwM2kk}BW@A
ap$BB?ubL/t.UBOFNiRj;v: 0__Mw6B<
a"\CT=.b?0Stind['J..$%z\(BbM@gs6
[hx|vB4[as_2!n~h3r_osZo@^%z#@38a
RhVCTFeQ!}xn>numa=Qo4?ZO|nbjujI}
J7'$wQFR!gBQ5ngOQ$_mfXMqg&bYiLqj
}GyRmF2GRg_b 5Cg:C#j]k*@d*CY]3sH
Fc^ag%?b!hy_={gh3I}Uf'~XR_Q{t3L<
Eh4rrk-G{NS1UsCM3D6Z=Ik2k@bY^3O}
5[~Co,%q{gB&3F*XLh_hOdGL},~+pYdU
ahcC~h!B#7aiUCCS%@=gp*D@o9,<kJ0}
oysdLp{M2"_bUnCgr|>+>)~b\5\Yhn;K
{iiF+X[G/e_b<\'T0TW7>y.zd,vYg$sg
{%TSiCI_'x(sV[:ht]IofEb1,Pbkg}J;
K\sCT$^bY)ZvhEX/7)fGf,]O'vb_YvFX
an'AbBwbxs'b6nCZeg!g:as6N_KI3\lb
m9cF/F/bonVbU;&0e@:Tf_F,dva+dmC'
l>\.4{bNTAf>us]%gwo"rM<" bYmSf0
0:CCTB`"r+5AU)4j3.EqdbV@fETrrClA
BDR(LFqb!@s4Q23^f$g~;S>)d{USyd0_
;T,>TW)N=FUKYn6hp$_'3:b@PhxYtasC
~W:@MJf3zv_%UoCYa-etD`bF!Qq|_w^^
+B&{G\x!Xf_l87@"3k?oIS=HD0;)/3n}
:4U3TFg:~7*%e#&kt?po2_HYd}?4$PWj
I/ wDpKbDN:]UOk!f$IoSN!Kp4w[t3 C
g<sATF<Y1AG<N7f13dn<D`s@d8bYt*H9
sS(}:FL1w?zl-~MNrHVp8_*ml_|Y5\0}
;gsjzF|'!KWsZW h$^H\3<{EdST}dO4&
a\(YLFbr;K;bTU>Z)\_0C1byLc|'.P$^
qh*Cfs{a]Q_758i"3uBue*0{N^x7z&f)
>$h4c\vb|!#bUuC5w$_oe}bC,/d;S3'=
ayJ;#l{:!K+QUnH,@~PmfubIdT{Yt8B~
o+{Cqx=bnPCvy7Nh:$l0y_f^59?I;hHC
'W8f{%{68gHbq!Ci&9$o$:=0KG>%R;d}
,"6g&\-CiW^~^Z}_*(Hj#|bYh"bS_FD}
#g@G\Y!b1$DB2n{?}Riu?wO0C!GY4zY}
u&sopwP:7"L~xwCP:0M# db@7CbgP8@h
>{6~[H?>6g_=rezs}#Af3~f@d3bYt3>K
a,jCqMHCYgVo=nV9oxS/f/bBR_='S}RD
a/sCm({r!A8bU.yh33_o {%2d4bJq3u-
aJ=IT${b8[_hm;oNgm_q[ydU _ZXE6i{
-3s-eM{}V}JPUnCv{NPN*P8Qd_b8{ssy
aM7(voyZk._lUn8>3"G'fya7gR8ot30y
7)j>THZP"EXA;Z`h8A1Gf=8^R%hYe=7a
FFsRwI7bUg_yUA$wEp_w2_b!UmEbx56$
8h+92B{Z#y]qXn@ @z#SKhwmqPI8MI&/
a;P]e>Dh(HH2W> hQizG'o+42`I}tWHn
#ww<TC"bng*b" Cecy.aGSA@bObLJQs}
adui#8{~,glb+@7lr$OoJ_0pm8`jsOTR
807ATFj0=WNb`^CNL|}Rc_ds&}YIP}3_
.IG;TsU]QS$ra+/k42:@=X\">Bt1tvsO
ZD[dimMb`\I%Un\h.g_rUDy_d\;4zPi}
a9k(T_@bDC*bEn%;B/A*<X8C'u?^[3Wa
IU4 Ac^b! EbUmC_Q$9SOFdu./bTg3sq
g-fCaF[[I*o9`{phOx_NBkm$dspqt'\}
_#yU ;{bW$_b!nj2oW~)d_b'd_b;(vY*
M;sUkNi>sgp|unCS3$pNLZMnz%#=tud^
Lhy"%r{hvg0DZ2fYGr}=ckV_#Xb\6z-W
x#sRTFW,EABnU\s$3=Oeh_0KyJ/Y'K#I
&AIWTfBbn%GUuluhx^5/&_5gd$b\t3Zv
ah{yTF{b!g)`[M`D=6yof"Bj7_BS{as3
CN1FS_`bd.-d4T>,sD~?*a(JzJnCtQsW
^hL|A'(Z[:wQ-xr~V,^xf+b@meZaib]k
tzZ516"!=F?bynPX'E_wrt~r0"Q(F[n}
d.vnTF#K!<_eUnN[n0[of_bI9_(\,3s?
]RVYTFA/BZ-R]nCP5n@W*T?@dR$&q|}~
|S.t&F?yH2{bKQe0qK+$XWbtd$b3tJBi
gOr>YFn1Jc:zGjCG/nU*fn2@`~JFp5*}
a$n8ysFbqY_p2uCUcn4m}+S@rT{<tS7X
c_sC|lXL!!~b_nWl.e\B]_wU[Wb)tkMq
t?h,45~3qu=b@aB\Pt_*5Ub04_DY2@U'
ahs\T,{btJ@b ncK3TD4#_mG9~FY{Ts!
ahwC?"'`Sj__oNCl3V>oBXWsdq4Wtb]|
Vp];!ar[j?tbAnOh3B'.GF:@eNN7#3%f
N 2[TDHC\g/,>Jw>3{e:].A]s_:YtRF}
dhXu-1{e.Y0vm72?3[8PfbO?NLb]xs[;
$h-x0ASb-nE'cn383#4d;_|ma/pJt9mM
j,]XmF{@%'_&}bXUzN|oZ^i.nsP4t6vL
U"2GT:{KMrKjxnCh{F#uU7bWd_yBtbh}
ma=DTB0w!0_nUnc|3Unv0\^A|V-On3Pm
1bb5OSW&cgi=fle=UYQH>li1RxdJt*N,
yhz84FKx9g5epISh3fuZH_p@d_bYQ7_e
seqB4x{]xlBAl|zv3$foa:!,S3b=txLo
Kh8CWV]3]gP3*aiSpjFTP_b!q,+,~3SQ
\A`Cootb0Uo(4YwhD\::!I>dOP_Yt3bT
a\9kDF{j;Ik|8skb2[(DA_Q%A_bYw|q}
zh/C~t+Gx[@NTP|kkm_oS/k@Bae~vyGY
ahp"B:#d{g/zMnUg3^jzfqv@d= R>3>}
`h0}Tbk3^ge@2"%:Gzw9LF"|R_6z2_s3
phr5Sn/-!g__u[^KzJk* _Rm-Cbws8`2
$ru]OG{G5g^GlnC9E$3Xf^inMrcs%{X<
eXHGe<1y!Pqo8rRPn$GvV_&ldAM3]gH}
1dZL$FPh!h"x4LC?30#oEk]z-]}YAeaa
By viewing the hint and looking very closely at the characters on each line of the message we realize that the message was repeated 101 times but some characters were incorrect. We find that there seems to be similar characters in the same positions of each line (lots of "a"s in the 0th indexes, "h"s in the 1st index, etc.). We can write a simple Python script to decode this:
import statistics
f = open("message.txt", "r")
arr = [""] *32
for _ in range(0, 101):
msg = f.readline()
for j in range(0, 32):
arr[j] += msg[j]
flag = ""
for i in arr:
flag += statistics.mode(i)
print(flag)
This script starts by opening message.txt and creating an array of 32 empty strings because there are 32 characters per line. The script then loops through every line and for every line it loops through every character and adds that character to the corresponding position in the array. The array will now have 32 strings that each have a length of 101. The last loop in the script loops through the array and uses the statistics import to find the most common character and append it to the flag. This program outputs ahsCTF{b!g_bUnCh3$_of_b@d_bYt3s}.
Forensics[edit]
Plumbing[edit]
[75 Points] I haven't cleaned up my computer in a while, but I need to find the flag. The problem is, there's way too much junk. https://github.com/markamirkan/temprevshell/raw/main/plumbing.zip
The download link provides a zip file called plumbing.zip.
We can start by unzipping this file so we can work with it. We get a folder called plumbing which contains many folders within it and each of those folders has many files within it. The names and contents of the folders and files seem to be random. We can use the grep command to search the contents of files.
john-williams@codermerlin:~/plumbing$ grep -r ahsCTF .
The -r option is used to search recursively through all of the folders for "ahsCTF" in the current directory (represented by "."). After running this command we get an output containing ahsCTF{itsAMe_mario}.
