Friday, April 15, 2016

sCTF 2016 Q1 CTF Write-Ups

Over the past week, I participated in an online jeopardy-based CTF competition hosted by sCTF. While sCTF is primarily aimed at high school students interested in hacking and infosec, they allowed other competitors to participate for fun. I was surprised at the overall level of difficulty that the challenges offered! Below are a few quick write-ups for the challenges I completed.

rev1

This was the first reverse engineering problem. You were given a binary file, called rev1. Running the binary gives you this:

What is the magic password?

I decided to run strings against the binary, and was given this output:

aaron@ubuntu:~/Downloads$ strings rev1 | less
... GLIBC_2.2.5 
UH- 
fffff. 
h4x0r!!!H 
[]A\A]A^A_ 
What is the magic password? 
Correct! Your flag is: %s 
;*3$" 
GCC: (Debian 4.9.2-10) 4.9.2
GCC: (Debian 4.8.4-1) 4.8.4
...
Seeing that "h4x0r!!!" looks a bit out of place, I tested that as the flag. Lo and behold, it worked!

Flag: sctf{h4x0r!!!}



Banana Boy

This was the first forensics challenge. You were given a rather curious image of a toddler eating a banana, called carter.jpeg.


The first thing I checked was the metadata. Unfortunately, EXIF data did not turn up anything interesting. From this point I could conclude that a steganographic technique was used to hide teh flag within this iamge. After some research, I stumbled upon a image analysis program called Stegsolve. I loaded up our image and played around with some of the analysis tools provided.

After messing around with the program, I used the "Frame Browser" utility. To my surprise, there were 2 frames! The second frame (shown below) reveals the flag, and Michael Cera.


Flag: sctf{twf_d4nk_m3m3s_w1ll_a1w4y5_pr3v4il}