I was very excited when learning that there would be a CTF (Capture The Flag) around the campus. Upon the event went live, I registered and started to look at the challenges.
Oh, decoding binaries given some instruction opcode? Easy. Then there appears some -,+], which turns out to be an esoteric programming language called well, Brainfuck. Grab a compiler, and there you go.
Then, I was stuck when facing with a new language along with a sample function. It asked for the output for another function. Not enough information, or maybe I was not working hard enough (though it turns out nobody worked out that one).
Since I was stuck, I skipped several questions and jumped to the part that I had been looking forward to – Web Exploitation.
Web Exploitation
I was given a OVA for VirtualBox which serves as a http server. However, it needs username and password to login.
Also, when the server is running, I could get access to a webpage which also requires username and password to login in. Will the password be the same?
I was very excited, trying to find useful information on the webpage. Then, I came across this comment line hidden in the html file.
There is a room. In this room, there are two doors. One door leads to destruction, one to paradise. You have no way of knowing which is which. Also in this room are two robots. One robot always tells the truth, one always lies. There is no way to tell the robots apart. You are given a chance to ask either robot one question. What question can you ask either one that will tell you how to get to paradise?
The answer, after googling, turns out to be to ask either one, “If I were to ask the other robot which is the paradise, what would it tell me?” It got me thinking and I came up with hundreds of “smart” guessing. After an hour or so blindly guessing, I almost gave up. Suddenly, I came to this realization: the entire server is given to me and all the source files are just in the server so why don’t I just focus on the virtual server?
So, I tried to go into recovery mode, get the root permission and get whatever files I want. But, no luck… Since it also asks for the password.
Then I came across this article. Following the instruction, I opened up the boot option and appended init=/bin/bash
.
Bingo! It worked! Here is the beautiful rooted bash:
The rest was just a piece of cake: locate the flag file and get the answer. There were even instructions on where to find the flags in the .hint.txt
.
After captured all the five flags, I suddenly came to #2 on the scoreboard. WOW. I told myself, “I am gonna win this.” and went to sleep.
The rest of the story, well was not as thrilling. It turned out that the rest of challenge was closely related to crypto. And there was even a bunch of physical challenges, which also asks you to solve a puzzle.
I was not really into solving puzzles, well that kind of puzzle. Also, I was pretty busy with my schoolwork. So, yes, I gave up at that point. But I started to wonder if every CTF has such a large portion of crypto. It was a bit unexpected.
Cover image by AIR Worldwide.