Volga CTF 2015 Quals WriteUp: Homework, FindHim, and Intersteller
Hey all! This was the first CTF playing on a new team, Team Sportsball (who competed in the Shadow Cats hosted CTF). During this CTF I was only able to play during the last 6 hours, very late Saturday night / Sunday morning, so had to get some super-quick solves.
Homework (100): This simple challenge was a photo of a 4x4 QR code which had been cut into 12 pieces and dropped on the ground. This challenge was simple enough, one just had to get an image editing software (we used photoshop), then cut out and put each piece on a separate layer. After that, it's easy to start finding pairs by finding two pieces that have the same split alignment marks. When this is all said and done, one adds the 3 corners (the bottom right is the only one missing in the QR format). Now that you have a rough outline of the QR code, it's easy to rotate and start placing the middle pieces. Finally, make sure all of your edges are flush, and scan the QR to get:
"It was night, in the lonesome October
Of my most immemorial year:
It was hard by the dim lake of Auber,
In the misty mid region of Weir-
It was down by the dank tarn of Auber,
In the ghoul-haunted woodland of Weir.
Here once, through an alley Titanic,
Of cypress, I roamed with my Soul-
flag is: of_cypress_with_psyche_my_soul"
FindHim (250): This was a recon challenge, our only hints are his name is Greg Medichi, he's from Sydney, and it's his code we are looking for. After some google searching (search his name with no spaces), we stumble on his github and only application. Then going through each commit individually, it quickly becomes obvious he has deleted some sensitive content. Revealing the flag: Fl@g={LURK1NG_G1T_1S_PHUN}
Intersteller (200): The challenge is a single 64bit ELF file that you are supposed to reverse and crack, but this was essentially another recon challenge the way we solved it. Searching Google for some of the strings in the binary, revealed some interesting pastebin posts, most notably one named "We got the flag", written in python. After running the script, it produces the flag: flag = W@ke_up_@nd_s0lv3_an0ther_ch@113nge! I've included that code below, with a shoutout to the orginal author, calixte.melly@heig-vd.ch:
Boom, 500+ points without reversing, exploiting, or really getting off the couch. Next time I'll play longer and take a more serious approach, but those are just some quick and easy ways to pick up points. Biggest lessons learned? Don't share live / sensitive content via pastebin!
Homework (100): This simple challenge was a photo of a 4x4 QR code which had been cut into 12 pieces and dropped on the ground. This challenge was simple enough, one just had to get an image editing software (we used photoshop), then cut out and put each piece on a separate layer. After that, it's easy to start finding pairs by finding two pieces that have the same split alignment marks. When this is all said and done, one adds the 3 corners (the bottom right is the only one missing in the QR format). Now that you have a rough outline of the QR code, it's easy to rotate and start placing the middle pieces. Finally, make sure all of your edges are flush, and scan the QR to get:
"It was night, in the lonesome October
Of my most immemorial year:
It was hard by the dim lake of Auber,
In the misty mid region of Weir-
It was down by the dank tarn of Auber,
In the ghoul-haunted woodland of Weir.
Here once, through an alley Titanic,
Of cypress, I roamed with my Soul-
flag is: of_cypress_with_psyche_my_soul"
FindHim (250): This was a recon challenge, our only hints are his name is Greg Medichi, he's from Sydney, and it's his code we are looking for. After some google searching (search his name with no spaces), we stumble on his github and only application. Then going through each commit individually, it quickly becomes obvious he has deleted some sensitive content. Revealing the flag: Fl@g={LURK1NG_G1T_1S_PHUN}
Intersteller (200): The challenge is a single 64bit ELF file that you are supposed to reverse and crack, but this was essentially another recon challenge the way we solved it. Searching Google for some of the strings in the binary, revealed some interesting pastebin posts, most notably one named "We got the flag", written in python. After running the script, it produces the flag: flag = W@ke_up_@nd_s0lv3_an0ther_ch@113nge! I've included that code below, with a shoutout to the orginal author, calixte.melly@heig-vd.ch:
Boom, 500+ points without reversing, exploiting, or really getting off the couch. Next time I'll play longer and take a more serious approach, but those are just some quick and easy ways to pick up points. Biggest lessons learned? Don't share live / sensitive content via pastebin!