W4502 Capture the Flag II
This page will serve as a writeup for the CTF II competition problems.
Cryptography[edit]
Telegraph[edit]
[25 Points] -- .-. / -- --- .-. ... . / .... .- -.. / .- / .... --- .-. ... . / --- ..-. / -.-. --- ..- .-. ... . Hint: Your answer should have underscores separating the words.
By examining the challenge name and the dots and dashes, we can assume that the flag is encoded using morse code. When putting this in an online translator, we get "MR MORSE HAD A HORSE OF COURSE". If we format this, we get this flag: ahsCTF{mr_morse_had_a_horse_of_course}.
Racecar[edit]
[25 Points] ahsCTF{ti_esrev3r_t$uj} Hint: racecar is an interesting word
Since "racecar" is a palindrome (same forward and backward), we can guess that the flag is reversed. If we reverse "ti_esrev3r_t$uj", we get "ju$t_r3verse_it". When we format this in the flag format, we get ahsCTF{ju$t_r3verse_it}.
Base 2 to the 6th[edit]
[50 Points] I don’t know how to convert bases for my computer science class. Can you help me out and do this problem for me so I don’t fail?
We also receive a file with this text: "YWhzQ1RGe2lfbGlrZV9iaWdfYmFzZXNfYW5kX2lfY2Fubm90X2xpZX0=". The characters used in this encoded message appear to be base64, and the challenge name also hints at base64 (2^6 = 64). If we put this in an online base64 decoder, we get ahsCTF{i_like_big_bases_and_i_cannot_lie}.
Message Mayhem[edit]
[275 Points] I received this message over my unreliable Wi-Fi, but it doesn’t make any sense. Hint: The message seems to have been repeated on every line but some characters are corrupted.
We also get a file called message.txt which contains this:
ahsCTF{923fw3d2-3fw0ejdwoedpk3fe a_#}?}5nJgxbU4.StN~oi_qn3WbV~qjl [}ZCuR{8PAVW0XD~4Y8o9]X/P_'Uv9/S y#GC1Uwb:Ksb#nDl3pzow_>|7O|\{NsM Ofs6K*9b)[ndUcFrfX_4s*bXaYbo#0A* ]%sf#g{bag_{oZv%U/_UoFbIor#Y+ss< a.pdl){b!gM3=n_a3nJo]6Zt"(bj03 ( >p,_T5Ch&g"uirCh6F{bJt|z9| xexs0 B@.VqT{i!gXh[M&hb$_oMkwM2kk}BW@A ap$BB?ubL/t.UBOFNiRj;v: 0__Mw6B< a"\CT=.b?0Stind['J..$%z\(BbM@gs6 [hx|vB4[as_2!n~h3r_osZo@^%z#@38a RhVCTFeQ!}xn>numa=Qo4?ZO|nbjujI} J7'$wQFR!gBQ5ngOQ$_mfXMqg&bYiLqj }GyRmF2GRg_b 5Cg:C#j]k*@d*CY]3sH Fc^ag%?b!hy_={gh3I}Uf'~XR_Q{t3L< Eh4rrk-G{NS1UsCM3D6Z=Ik2k@bY^3O} 5[~Co,%q{gB&3F*XLh_hOdGL},~+pYdU ahcC~h!B#7aiUCCS%@=gp*D@o9,<kJ0} oysdLp{M2"_bUnCgr|>+>)~b\5\Yhn;K {iiF+X[G/e_b<\'T0TW7>y.zd,vYg$sg {%TSiCI_'x(sV[:ht]IofEb1,Pbkg}J; K\sCT$^bY)ZvhEX/7)fGf,]O'vb_YvFX an'AbBwbxs'b6nCZeg!g:as6N_KI3\lb m9cF/F/bonVbU;&0e@:Tf_F,dva+dmC' l>\.4{bNTAf>us]%gwo"rM<" bYmSf0 0:CCTB`"r+5AU)4j3.EqdbV@fETrrClA BDR(LFqb!@s4Q23^f$g~;S>)d{USyd0_ ;T,>TW)N=FUKYn6hp$_'3:b@PhxYtasC ~W:@MJf3zv_%UoCYa-etD`bF!Qq|_w^^ +B&{G\x!Xf_l87@"3k?oIS=HD0;)/3n} :4U3TFg:~7*%e#&kt?po2_HYd}?4$PWj I/ wDpKbDN:]UOk!f$IoSN!Kp4w[t3 C g<sATF<Y1AG<N7f13dn<D`s@d8bYt*H9 sS(}:FL1w?zl-~MNrHVp8_*ml_|Y5\0} ;gsjzF|'!KWsZW h$^H\3<{EdST}dO4& a\(YLFbr;K;bTU>Z)\_0C1byLc|'.P$^ qh*Cfs{a]Q_758i"3uBue*0{N^x7z&f) >$h4c\vb|!#bUuC5w$_oe}bC,/d;S3'= ayJ;#l{:!K+QUnH,@~PmfubIdT{Yt8B~ o+{Cqx=bnPCvy7Nh:$l0y_f^59?I;hHC 'W8f{%{68gHbq!Ci&9$o$:=0KG>%R;d} ,"6g&\-CiW^~^Z}_*(Hj#|bYh"bS_FD} #g@G\Y!b1$DB2n{?}Riu?wO0C!GY4zY} u&sopwP:7"L~xwCP:0M# db@7CbgP8@h >{6~[H?>6g_=rezs}#Af3~f@d3bYt3>K a,jCqMHCYgVo=nV9oxS/f/bBR_='S}RD a/sCm({r!A8bU.yh33_o {%2d4bJq3u- aJ=IT${b8[_hm;oNgm_q[ydU _ZXE6i{ -3s-eM{}V}JPUnCv{NPN*P8Qd_b8{ssy aM7(voyZk._lUn8>3"G'fya7gR8ot30y 7)j>THZP"EXA;Z`h8A1Gf=8^R%hYe=7a FFsRwI7bUg_yUA$wEp_w2_b!UmEbx56$ 8h+92B{Z#y]qXn@ @z#SKhwmqPI8MI&/ a;P]e>Dh(HH2W> hQizG'o+42`I}tWHn #ww<TC"bng*b" Cecy.aGSA@bObLJQs} adui#8{~,glb+@7lr$OoJ_0pm8`jsOTR 807ATFj0=WNb`^CNL|}Rc_ds&}YIP}3_ .IG;TsU]QS$ra+/k42:@=X\">Bt1tvsO ZD[dimMb`\I%Un\h.g_rUDy_d\;4zPi} a9k(T_@bDC*bEn%;B/A*<X8C'u?^[3Wa IU4 Ac^b! EbUmC_Q$9SOFdu./bTg3sq g-fCaF[[I*o9`{phOx_NBkm$dspqt'\} _#yU ;{bW$_b!nj2oW~)d_b'd_b;(vY* M;sUkNi>sgp|unCS3$pNLZMnz%#=tud^ Lhy"%r{hvg0DZ2fYGr}=ckV_#Xb\6z-W x#sRTFW,EABnU\s$3=Oeh_0KyJ/Y'K#I &AIWTfBbn%GUuluhx^5/&_5gd$b\t3Zv ah{yTF{b!g)`[M`D=6yof"Bj7_BS{as3 CN1FS_`bd.-d4T>,sD~?*a(JzJnCtQsW ^hL|A'(Z[:wQ-xr~V,^xf+b@meZaib]k tzZ516"!=F?bynPX'E_wrt~r0"Q(F[n} d.vnTF#K!<_eUnN[n0[of_bI9_(\,3s? ]RVYTFA/BZ-R]nCP5n@W*T?@dR$&q|}~ |S.t&F?yH2{bKQe0qK+$XWbtd$b3tJBi gOr>YFn1Jc:zGjCG/nU*fn2@`~JFp5*} a$n8ysFbqY_p2uCUcn4m}+S@rT{<tS7X c_sC|lXL!!~b_nWl.e\B]_wU[Wb)tkMq t?h,45~3qu=b@aB\Pt_*5Ub04_DY2@U' ahs\T,{btJ@b ncK3TD4#_mG9~FY{Ts! ahwC?"'`Sj__oNCl3V>oBXWsdq4Wtb]| Vp];!ar[j?tbAnOh3B'.GF:@eNN7#3%f N 2[TDHC\g/,>Jw>3{e:].A]s_:YtRF} dhXu-1{e.Y0vm72?3[8PfbO?NLb]xs[; $h-x0ASb-nE'cn383#4d;_|ma/pJt9mM j,]XmF{@%'_&}bXUzN|oZ^i.nsP4t6vL U"2GT:{KMrKjxnCh{F#uU7bWd_yBtbh} ma=DTB0w!0_nUnc|3Unv0\^A|V-On3Pm 1bb5OSW&cgi=fle=UYQH>li1RxdJt*N, yhz84FKx9g5epISh3fuZH_p@d_bYQ7_e seqB4x{]xlBAl|zv3$foa:!,S3b=txLo Kh8CWV]3]gP3*aiSpjFTP_b!q,+,~3SQ \A`Cootb0Uo(4YwhD\::!I>dOP_Yt3bT a\9kDF{j;Ik|8skb2[(DA_Q%A_bYw|q} zh/C~t+Gx[@NTP|kkm_oS/k@Bae~vyGY ahp"B:#d{g/zMnUg3^jzfqv@d= R>3>} `h0}Tbk3^ge@2"%:Gzw9LF"|R_6z2_s3 phr5Sn/-!g__u[^KzJk* _Rm-Cbws8`2 $ru]OG{G5g^GlnC9E$3Xf^inMrcs%{X< eXHGe<1y!Pqo8rRPn$GvV_&ldAM3]gH} 1dZL$FPh!h"x4LC?30#oEk]z-]}YAeaa
By viewing the hint and looking very closely at the characters on each line of the message we realize that the message was repeated 101 times but some characters were incorrect. We find that there seems to be similar characters in the same positions of each line (lots of "a"s in the 0th indexes, "h"s in the 1st index, etc.). We can write a simple Python script to decode this:
import statistics
f = open("message.txt", "r")
arr = [""] *32
for _ in range(0, 101):
msg = f.readline()
for j in range(0, 32):
arr[j] += msg[j]
flag = ""
for i in arr:
flag += statistics.mode(i)
print(flag)
This script starts by opening message.txt and creating an array of 32 empty strings because there are 32 characters per line. The script then loops through every line and for every line it loops through every character and adds that character to the corresponding position in the array. The array will now have 32 strings that each have a length of 101. The last loop in the script loops through the array and uses the statistics import to find the most common character and append it to the flag. This program outputs ahsCTF{b!g_bUnCh3$_of_b@d_bYt3s}.
Forensics[edit]
Plumbing[edit]
[75 Points] I haven't cleaned up my computer in a while, but I need to find the flag. The problem is, there's way too much junk. https://github.com/markamirkan/temprevshell/raw/main/plumbing.zip
The download link provides a zip file called plumbing.zip.
We can start by unzipping this file so we can work with it. We get a folder called plumbing which contains many folders within it and each of those folders has many files within it. The names and contents of the folders and files seem to be random. We can use the grep command to search the contents of files.
john-williams@codermerlin:~/plumbing$ grep -r ahsCTF .
The -r option is used to search recursively through all of the folders for "ahsCTF" in the current directory (represented by "."). After running this command we get an output containing ahsCTF{itsAMe_mario}.
Exif Exists[edit]
Don’t take the image at face value Hint: What’s exif?
The challenge also provides this image:
Let's start by downloading this image into the Merlin shell. We can use the wget command with the download URL.
john-williams@codermerlin:~$ wget [URL]
Once the image is in the shell, we can start examining it. The challenge hints at something called exif. If we google this, we find that exif is the metadata of files. To view the exif data, we can use the following command:
john-williams@codermerlin:~$ exiftool exif_exists.jpg
We see that one of the metadata entries is ahsCTF{very_nice_meta_data}.