CTF Writeups by @fazledyn

CTF Super League (2021)

CTF Super League (2021)

by IEEE CS BUET Student Branch Chapter

Ataf Fazledin Ahamed's photo
Ataf Fazledin Ahamed
·

2 min read

Website: https://ieee-buet-ctf.web.app/

Yesterday, I had participated in CTF Super League: CTF Competition for Beginners- the first CTF competition of my life. During the competition, I could solve around 5 problems. The solution writeup are given below:

Basic Problems

Problem B

Description

You have to find the flag from the file linked below.

Downloadable File Link

Solution

A basic string search for "IEEE_BUET{" gives out the flag IEEE_BUET{WHO_COULD_HAVE_DONE_THIS}

Problem C

Description

You have to find the flag from the image linked below.

Downloadable Image Link

Solution

After downloading the file, a basic cat command prints out the img.png file content. At the bottom, we can see the flag IEEE_BUET{I_AM_BEAN}

Cryptography

Problem C

Description

Decode the following while rome was burning.

guvf vf fvzcyr

Solution

A simple ROT-13 encryption gives us the message

this is simple.

Reverse Engineering

Problem A

Description

You have to investigate following file and find the flag.

Downloadable File Link

Solution

A simple file command on the file gives us the following output:

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=e842fd921c0649de7bdceb6461c0bf52471ae3ba, for GNU/Linux 3.2.0, not stripped

Meaning it's an object file built for GNU/Linux platform. Let's try executing the file.

chmod +x revme
./revme

>> capture{>49?x1+x67,x,09,x+15(4=}

And thus it gives out the flag.

Problem E

Description

You have to investigate following file and find the flag.

Downloadable File Link

Solution

Since it's a JAR file, let's extract it. Extracting the JAR file and going inside the com/khabib97 folder shows the compiled JAVA bytecode. Opening those .class files using a Java decompiler or even with IntelliJ gives us the source code.

// Deadend.class

public class DeadEnd {
    String value;

    public DeadEnd() {
        this.value = Plug.three + Plug.one + Plug.two;
    }
}

// Plug.class

public final class Plug {
    public static String one = "asewd";
    public static String two = "sfgrr";
    public static String three = "$4qe123";

    public Plug() {
    }
}

From these two source codes, we can now easily construct the string $4qe123asewdsfgrr. That's our flag.

General Programming