CSAW CTF 2016 Quals WriteUp: Gametime, Kill, and Clams Don't Dance
Hey All! CSAW Quals were this weekend and I had a moment to poke at some CTF challenges and was able to solve a few quickly. I'm going to cover them in reverse order, so first Clams Don't Dance then we can work backwards to Gametime.
Next, looking through the powerpoint didn't reveal anything immediately, so unzipping the pptx and going through the files comprising the pptx quickly surfaced a file which had a different modification date and wasn't included in the presentation:
This image turns out to be a Maxicode, which was something new to me, but grabbing a quick mobile app and scanning it reveals the flag to be: flag{TH1NK ABOUT 1T B1LL. 1F U D13D, WOULD ANY1 CARE??}
Clams Don't Dance
In this challenge you were provided an image of a USB drive. You can use the fls tool from The Sleuth Kit to view the files on the image, and if you use supply the -d flag you can see the deleted files. We can then recover this file using icat:
Kill
Solving this challenge was silly simple, I pulled down the pcap, and ran it through a quick strings and the flag just fell out:
Gametime
This challenge was pretty fun, but ultimately simple to solve without too much hacking. It was a game where you had to press a certain key quickly after it appeared on screen. I used multiple tools to step through this game, mostly immunity debugger using breakpoints at each input prompt, as well as using sysinternals tool pssuspend to pause the game at inputs. The real trick is that the game keys are static and don't change, so if you run the game from an existing cmd window you can see the patern at your own pace and get further each time, making this a pretty simple static combo of charcters to beat the game and get the flag (where you see key is: ).
