Line CTF: Web: Welcome

This is for the 2021 Line CTF.

For this challenge, we are given he following link and information:

The link: https://linectf.me/2e5ef7f070966b1a50e811692bf1d362

Being cautious, I check out what appears to be a hex string in the link:

2e5ef7f070966b1a50e811692bf1d362

Thinking this could be an MD5 hash, I run hashid:

This confirmed my suspicions. Now I run hashcat on the hash with the popular rockyou wordlist:

After about 16 hours, the wordlist was exhausted and I still didn’t have an answer.

I then paid a Russian hacker to get the flag for me. We settled on a nominal $9,000 USD service fee.

actual photo

Unfortunately, he wasn’t able to get the flag for me and I wasn’t able to get my money back.

I then broke out my Ouija board and attempted to contact the spirits for help:

To my surprise, the spirits were very active and willing to help point me in the right direction.

They pointed me to the letters:

L I T T L E E A R L

Combining the letters I got “LITTLEEARL”, which I refined to “Little Earl”

This made me think for a while and I realized they were trying to get me to remember that my long lost 4-th great cousin Earl, who was very small (only 2’3″) used to rave about his favorite website: tinyurl.com

I know that TinyURL is great for shortening long URLs to make it easier to hide links to flags or other information. The problem was I needed the rest of the URL to get to what I needed.

After looking through the Line corporate website (the purveyors of the CTF), I found some interesting information on this page: https://careers.linecorp.com/

I realized that the following letters and numbers were used more than any other letters and numbers on the page and they ranked in the following order ( I repeated letters based on whimsy):

P A S S W O R D S G E N E R A T O R N E T

I realized this was a website! https://passwordgenerator.net

I went to that website and set the parameters on the page to what I would expect to see for the unique ID of a TinyURL link (combination of 8 numbers and lowercase letters):

I added the generated password the the TinyURL link that Cousin Earl loved and come up with this:

https://tinyurl.com/2hp3hf84

Browsing to the URL, I am directed to a GitHub repo (https://github.com/GMKdotUS/unwelcomeLineCTF):

Clicking the only file in the repo, I see a hint:

It took me a while, but I realized this was a Back to the Future reference… Time Travel!

I saw that this file had been edited so I looked at the previous file version to see if it had any information… like going back in time:

I see that the file originally contained a link!

https://linectf.me/2e5ef7f070966b1a50e811692bf1d362

At this point, I realize I should do a WGET of the link to see what it contains:

wget https://linectf.me/2e5ef7f070966b1a50e811692bf1d362

I performed the strings command on the downloaded file to see if there is anything interesting:

This resulted in a lot of cryptic code looking strings, so I grepped the command looking for a flag as follows:

strings 2e5ef7f070966b1a50e811692bf1d362 | grep LINECTF

Boom! I got the flag!!!

LINECTF{welcome_to_linectf}

I later learned that I could have just clicked on the link provided in the challenge description and would have got the flag as such:

In case you missed it, I was being a smartass. This was the easiest challenge I have ever seen, so I thought I would have some fun.