Difference between revisions of "W4504 Capture the Flag IV"
(added jpg writeup) |
(added outer space writeup) |
||
| Line 30: | Line 30: | ||
When we attempt to open download.jpg, it is unable to be displayed. This implies that the file is broken in some way. We can open this file up in a hex editor such as HxD to analyze the raw hex. When we look at the end of the file, we see some plaintext. The plaintext reads '''ahsCTF{123ddd_7sf3bq4f}'''. | When we attempt to open download.jpg, it is unable to be displayed. This implies that the file is broken in some way. We can open this file up in a hex editor such as HxD to analyze the raw hex. When we look at the end of the file, we see some plaintext. The plaintext reads '''ahsCTF{123ddd_7sf3bq4f}'''. | ||
=== Outer Space === | |||
<pre> | |||
[75 Points] Zero width space... | |||
</pre> | |||
The challenge also provides a file called skinny_spaces.txt. | |||
When we open up this file in a text editor, it seems to be blank. However, we can select some text, so the text file seems to only be composed of spaces: | |||
<pre> | |||
| |||
</pre> | |||
Let's open this file up in a program that has a find and replace feature, such as Visual Studio Code. We can select a single character by holding shift and clicking the right or left arrow keys. This allows us to find similar characters to the one selected. Notice that some of the spaces have no width (hence the name zero width space). After some analysis, it seems that there are two different types of spaces in this file, seemingly randomly placed. Since there are only two spaces, the flag is likely encoded using binary. Let's use our text editor's find and replace feature to replace the first type of space with a 0, and the second with a 1: | |||
<pre> | |||
011000010110100001110011010000110101010001000110011110110111101000110011011100100011000001011111011101110011000101100100011101000110100001111101 | |||
</pre> | |||
Now let's plug this binary string into an online binary to ascii converter. Note that if you switched the spaces up (so 0s are 1s and vice versa) you will need to swap the bits. We get this result: '''ahsCTF{z3r0_w1dth}'''. | |||
Revision as of 17:03, 10 February 2021
 |
Coming Soon |
| This page will serve as a writeup for the problems from cybersecurity CTF 4 |
Cryptography[edit]
Base64[edit]
[25 Points] Vm0wd2QyUXlWa2hWV0doVVYwZG9jRlZ0TVc5V1JsbDNXa1JTVjFac2JETlhhMUpUVjBaS2RHVkVRbHBOTTBKSVZtcEdTMk15U2tWVWJHaG9UV3N3ZUZadGNFSmxSbVJJVm10a1dHSkdjRTlaYlRGdlZWWmtWMXBJY0d4U2JHdzBWa2MxVDFsV1NuUlZia0pYWVRGd2FGcFdXbUZqTVd0NllVWlNUbFpVVmtwV2JHUXdWakZrU0ZOcmJGSmhlbXhYV1d4b2IxWXhjRlpYYkhCc1VtMVNNRnBGV2s5VWJFcEhWMnBhVjJGcmEzaFdha3BIVWpGT2RWVnNXbWxTTW1oWFZtMTBWMU14VWtkVmJrNVlZbFZhV0ZsclpGTmxWbGw1WlVWT1YwMXJWak5aTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5
Based on the challenge name and the given encoded message, we can assume that this message is encoded using base 64. We can decode this message from base 64 using an online tool. When we decode the given message we get another string that looks like base 64. We can decode this new encoded message as well. We will repeat this process several times until we decode this message:
YWhzQ1RGe0JAczNfNjR9
The result of decoding this is ahsCTF{B@s3_64}.
Decimal to Ascii[edit]
[50 Points] Convert this to ascii. 971041156784701231005199105109641089511648959711599105105125 Hint: You need to figure out where to put spaces in the string
This challenge seems to expect us to convert this decimal number into Ascii. The Ascii protocol gives each character a corresponding number that can be expressed in decimal. However, the decimal number we are given is too big to represent any individual character, so we can guess that this decimal number is multiple decimal representations of Ascii characters combined. The hint also tells us this. We don't need to manually separate the different Ascii codes, however. Online decimal to Ascii converters often have a feature to guess where the spaces are supposed to be, and they are reasonably accurate. When we put the given decimal number into a decimal to Ascii converter, we get ahsCTF{d3cim@l_t0_ascii}.
Forensics[edit]
JPG or not JPG[edit]
[75 Points]
The challenge also provides a file called download.jpg.
When we attempt to open download.jpg, it is unable to be displayed. This implies that the file is broken in some way. We can open this file up in a hex editor such as HxD to analyze the raw hex. When we look at the end of the file, we see some plaintext. The plaintext reads ahsCTF{123ddd_7sf3bq4f}.
Outer Space[edit]
[75 Points] Zero width space...
The challenge also provides a file called skinny_spaces.txt.
When we open up this file in a text editor, it seems to be blank. However, we can select some text, so the text file seems to only be composed of spaces:
Let's open this file up in a program that has a find and replace feature, such as Visual Studio Code. We can select a single character by holding shift and clicking the right or left arrow keys. This allows us to find similar characters to the one selected. Notice that some of the spaces have no width (hence the name zero width space). After some analysis, it seems that there are two different types of spaces in this file, seemingly randomly placed. Since there are only two spaces, the flag is likely encoded using binary. Let's use our text editor's find and replace feature to replace the first type of space with a 0, and the second with a 1:
011000010110100001110011010000110101010001000110011110110111101000110011011100100011000001011111011101110011000101100100011101000110100001111101
Now let's plug this binary string into an online binary to ascii converter. Note that if you switched the spaces up (so 0s are 1s and vice versa) you will need to swap the bits. We get this result: ahsCTF{z3r0_w1dth}.
