Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
I know it is a bit late, but I’m finally getting around to posting my LASACTF write-ups.
This was an online CTF that took place my last full week in Belgium (19-26 March).
I wound up competing by myself, and ended up 74th on the unranked scoreboard in spite of having to pack and leave the country.
The problems are available on their GitHub, but I’ll go over the ones that I was able to solve during the competition.
Input:
Kyle got his letters confused. Help him out: Dayq ymk rmxx, ngf yk oubtqd iuxx dqymuz. Fmwq ftue rxms uz dqyqyndmzoq: xmemofr{nq_eturfqp_za_yadq}
I ran this through an online Caesar Cipher solver a few times, and it ended up being a shift of 14.
Output:
Rome may fall, but my cipher will remain. Take this flag in remembrance: lasactf{be_shifted_no_more}
“We were trying to make an introductory web problem, but messed up somewhere along the way. http://web.lasactf.com:45025”
This was just a matter of going to the fake 404 page and viewing the source.
lasactf{welc0m3_to_web_dev}
“Force, course, horse, norse, source, torse. What does EZ.txt mean?
Note: Flag not in LASACTF{} format
Based on the simple rhyme, as well as the file data, I figured this was Morse code. After throwing it into an online solver, I got the flag ‘morsewascool’.
morsewascool
“Find the flag in easy.exe”
Running this application through strings and grep got the flag that we were supposed to be looking for.
root@kali:~/lasactf# strings easy.exe | grep lasactf lasactf{th1s_fl4g_i5_3asy}
“The flag is in the eyeofthetiger.png of the beholder.”
After reading a bit more about file carving, I realized that this was two files concatenated together.
Using a hex editor, I split apart the JPEG and the PNG files.
Once the files were split, I was able to open the newly created PNG file and get my flag.
lasactf{rip_my_curly_braces}
“Locate the flag in all the words at /grepy-words/”
This was another grep challenge on their virtual host.
doyler@shell:~$ cat /problems/grep-quest_0/grepy-words/* | grep "lasactf{" m)Q9s`]U9\0yg5cj{<4^VtFxs:pU8Bx3{d&[email protected] oh#DN}xkAq]!h- < ...snip... > m'qsA7CUlasactf{1_am_a_h1dd3n_p0tat0}DeC`R
lasactf{1_am_a_h1dd3n_p0tat0}
This "Extensions" file got sad and threw away its extension! Maybe you can figure out what it's supposed to be?
Running the file on this file showed that it was a zip archive, which I was then able to extract.
root@kali:~/lasactf# file Extensions Extensions: Zip archive data, at least v2.0 to extract root@kali:~/lasactf# mv Extensions Extensions.zip root@kali:~/lasactf# unzip Extensions.zip Archive: Extensions.zip inflating: I'mLost ;( root@kali:~/lasactf# file I\'mLost\ \;\( I'mLost ;(: ASCII text
Inside of the new file was a bunch of line separated numbers (possibly coordinates).
root@kali:~/lasactf# cat I\'mLost\ \;\( o asqwerd v 7.517223 0.217741 0.144000 v 7.500482 0.214009 0.144000 v 7.486061 0.207875 0.144000 v 7.473806 0.199407 0.144000 v 7.463565 0.188676 0.144000 v 7.455185 0.175750 0.144000 v 7.448514 0.160699 0.144000 v 7.443399 0.143593 0.144000 v 7.439686 0.124500 0.144000 v 7.437223 0.103491 0.144000 v 7.435857 0.080634 0.144000 v 7.435436 0.056000 0.144000 < ... snip ... >
After a bit of research, these appeared to be vertices for the OBJ file format.
Once I downloaded
root@kali:~/lasactf# mv I\'mLost\ \;\( ext.obj
root@kali:~/lasactf# ls
easy.exe Extensions.zip ext.obj eyeofthetiger.png
root@kali:~/lasactf# g3dviewer ext.obj
D: setting open path to '/root/lasactf/.'
lasactf{wh0_n33ds_3xt3nsions} "Kyle made a super secure website only accessible by the Google Ultron browser. Figure out how to login to his site." Well, upon first glance the site was expecting the request to come from the "Google Ultron" browser. First of all, for those of you unfamiliar with this, I highly recommend you read up on the meme. After changing my user-agent, I got an error that the SpecialAuth header wasn't set properly. Once I set the SpecialAuth header, there was still an error about where I was accessing the site from. Changing the header finally got me to the page, and the flag I was looking for. lasactf{h3aders_ar3_c00l} Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification! He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks. This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.Postman - 50 XP
Solution