This is for the 2021 Line CTF.
For this challenge, we are given he following link and information:
The link: https://linectf.me/2e5ef7f070966b1a50e811692bf1d362
Being cautious, I check out what appears to be a hex string in the link:
2e5ef7f070966b1a50e811692bf1d362
Thinking this could be an MD5 hash, I run hashid:
This confirmed my suspicions. Now I run hashcat on the hash with the popular rockyou wordlist:
After about 16 hours, the wordlist was exhausted and I still didn’t have an answer.
I then paid a Russian hacker to get the flag for me. We settled on a nominal $9,000 USD service fee.
Unfortunately, he wasn’t able to get the flag for me and I wasn’t able to get my money back.
I then broke out my Ouija board and attempted to contact the spirits for help:
To my surprise, the spirits were very active and willing to help point me in the right direction.
They pointed me to the letters:
L I T T L E E A R L
Combining the letters I got “LITTLEEARL”, which I refined to “Little Earl”
This made me think for a while and I realized they were trying to get me to remember that my long lost 4-th great cousin Earl, who was very small (only 2’3″) used to rave about his favorite website: tinyurl.com
I know that TinyURL is great for shortening long URLs to make it easier to hide links to flags or other information. The problem was I needed the rest of the URL to get to what I needed.
After looking through the Line corporate website (the purveyors of the CTF), I found some interesting information on this page: https://careers.linecorp.com/
I realized that the following letters and numbers were used more than any other letters and numbers on the page and they ranked in the following order ( I repeated letters based on whimsy):
P A S S W O R D S G E N E R A T O R N E T
I realized this was a website! https://passwordgenerator.net
I went to that website and set the parameters on the page to what I would expect to see for the unique ID of a TinyURL link (combination of 8 numbers and lowercase letters):
I added the generated password the the TinyURL link that Cousin Earl loved and come up with this:
https://tinyurl.com/2hp3hf84
Browsing to the URL, I am directed to a GitHub repo (https://github.com/GMKdotUS/unwelcomeLineCTF):
Clicking the only file in the repo, I see a hint:
It took me a while, but I realized this was a Back to the Future reference… Time Travel!
I saw that this file had been edited so I looked at the previous file version to see if it had any information… like going back in time:
I see that the file originally contained a link!
https://linectf.me/2e5ef7f070966b1a50e811692bf1d362
At this point, I realize I should do a WGET of the link to see what it contains:
wget https://linectf.me/2e5ef7f070966b1a50e811692bf1d362
I performed the strings command on the downloaded file to see if there is anything interesting:
This resulted in a lot of cryptic code looking strings, so I grepped the command looking for a flag as follows:
strings 2e5ef7f070966b1a50e811692bf1d362 | grep LINECTF
Boom! I got the flag!!!
LINECTF{welcome_to_linectf}
I later learned that I could have just clicked on the link provided in the challenge description and would have got the flag as such:
In case you missed it, I was being a smartass. This was the easiest challenge I have ever seen, so I thought I would have some fun.
It’s the best writeup I’ve ever seen! It’s really awesome bro!