Over the past week, I participated in an online jeopardy-based CTF competition hosted by sCTF. While sCTF is primarily aimed at high school students interested in hacking and infosec, they allowed other competitors to participate for fun. I was surprised at the overall level of difficulty that the challenges offered! Below are a few quick write-ups for the challenges I completed.
This was the first reverse engineering problem. You were given a binary file, called rev1. Running the binary gives you this:
What is the magic password?
I decided to run strings against the binary, and was given this output:
[email protected]:~/Downloads$ strings rev1 | less ... GLIBC_2.2.5 UH- fffff. h4x0r!!!H A\A]A^A_ What is the magic password? Correct! Your flag is: %s ;*3$" GCC: (Debian 4.9.2-10) 4.9.2 GCC: (Debian 4.8.4-1) 4.8.4 ...
Seeing that “h4x0r!!!” looks a bit out of place, I tested that as the flag. Lo and behold, it worked!
This was the first forensics challenge. You were given a rather curious image of a toddler eating a banana, called carter.jpeg.
The first thing I checked was the metadata. Unfortunately, EXIF data did not turn up anything interesting. From this point I could conclude that a steganographic technique was used to hide teh flag within this iamge. After some research, I stumbled upon a image analysis program called Stegsolve. I loaded up our image and played around with some of the analysis tools provided.
After messing around with the program, I used the “Frame Browser” utility. To my surprise, there were 2 frames! The second frame (shown below) reveals the flag, and Michael Cera.