For this challenge, we are given the following hint:
Going to the link give this page:
Looking at the source of the page, I see the images are named in sequential numbers:
Based on the hint “you are suppose to find the old person out them” on the page, I assume the image names (numbers) correspond to the order they were created. I look to see if there is a 0000.jpg file and there is!
I paste the name “Marie Collinsworth” into the text box and hit the enter key and get the flag as a response:
For this challenge, we are just given details for two server instances; one for US and one for EU.
Connecting via netcat, we are told that we will be given a number of problems and we have to solve them. It mentions that level 1 is tower of hanoi. A quick google search and I find more information about it. After some trial and error using different possibilities for the number of pegs.
A manual check confirms the formula is correct, but the server responds with another problem.
There are four disks listed, so n=4. 24 – 1 = 15
We will need to automate this 🙂
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
data = s.recv(1024).strip()
count = 0
data = str(data)
for i in data:
if i == ',':
count = count + 1
count = count + 1
n = pow(2, count) - 1
if '[' in data:
print('Client: ', n)
When I run this script, it iterates through quite a few problems, then the server reports that I’m in level 2: and have to give the number of inversions for the provided output.
When I went to register to compete in the 0x41414141 CTF I found that is was a little different from other CTFd based CTFs. Besides the normal registration information, it asks for a pin code (secret pin code for CTF registration).
Going back and looking through the site, I see on the About page that the secret pin code for CTF entry is hidden somewhere on the site:
After pouring through the source files for each page on the site, running curl POSTs, and looking at previous versions of the site on Archive.org, I considered the steganography approach.
Besides the normal social media link images, there are only two images on the site. One is the animated Offshift logo, which yielded no obvious results when running strings, binwalk, or other stego decoders:
The second image is a small Offshift logo that is used as the header logo:
After downloading this image, I ran strings on it to look for anything interesting:
Ahh! I see “secret: 100100100101” at the bottom of the results.
I convert the binary string to decimal:
echo "obase=10; ibase=2; 100100100101" | bc
Using the resulting decimal value as the pin, I am now able to register for the CTF.