Capture The Stone (CTF3) 2019 Editorial

9 minute read

Editorials for Capture the stone (CTF3) 2019.

Crack The Code 2019 is available at https://iitmandictf3.herokuapp.com for practice.

There is a common username and password for everyone - email: guest@students.iitmandi.ac.in
password: guest

Level 0

Direct Key

Solution

The key was provided in the question itself. This question was to get you started with some free points. Key - ctf3iitmandi{level0_flag}

Level 1

This page has some hidden message which is one of the most fundamental truths of computer science [A web developer may disagree]. Find out the full key to move to the next level. All you have to do is read between the lines.

Author(s)

Akshat & Prakhar

Solution

One had to do inspect element(ctrl+shift+i) and look into the css and js files in the source section. The first half of the key could be searched by doing ctrl+F “ctf” and the rest was inside a conditional block whose condition was lang==”HTML” in the js file.

Level 2

Helen was fond of ciphers and puzzles. One day she came across a pattern in a book that her mother had gifted her. The pattern looked like this:

Apart from that, while giving her that book, her mother had also given her a string of jumbled letters which did not make any sense then but now Helen had figured them out. This is the string:

wnz3ccnguhxc{ZuwyNiNbyMohmbchy}

Can you figure out what her mother wanted to say?

Author(s)

Prakhar

Solution

It should be obvious that the pattern is a Braille language text which translates to something like “tr ‘A-Za-z’ ‘G-ZA-Fg-za-f’” which is the terminal command to encrypt a string using ROT6 cipher or decrypt a ROT20 encrypted cipher. However a big giveaway was the encrypted string itself as anybody with eyes(humor intended) can see that it is a ROT20 encrypted cipher.

Level 3

An easy one. The key is inside the file inside this zip file (I guess) at least that is the correct filename I’m not sure about the extension though. :P

Author(s)

Prakhar

Solution

The file inside the zip was a hexdump file whose content can be retrieved using the xxd -r command (reverse of what xxd does). This spits a bunch of weird characters on the screen which if stored in a new file turn out to be the content of a 7-zip archive(similar to a zip file). On extracting its contents, we get a new file “win” whose file type is xz(yet another format of compressed files). In this way many files that were compressed using various tools were kept one inside other (just like the russian dolls) with the innermost file being a text file with the key. More information on various compression utilities in ubuntu can be found here.

Level 4

Varun was very happy considering the fact that he got an internship in a renowned company called “Four-Square”. However in order to crack the selection interview he had to solve some really hard puzzles. Also he had to answer the questions without using the letter j as the interviewers hated that letter as well as the company that created j-phones, j-pads, j-pods etc. In one of the puzzles, they gave him a string SBSBQNQZMAOTLO, and 2 5X5 (i.e. 25 elements) arrays. They said that each of the first letters in the pairs was taken from the first array and the second ones from the other array. Also these letters represent something very abstract and pious. Can you find out what it is? The key would be ctf3iitmandi{ANSWER}.

A:
NMVFK
XWEGP
BDOAS
QTZRY
CILHU

B:
XBPDZ
KILRG
VUFWH
QENAS
YMOTC

Author(s)

Prakhar

Solution

The name of the company was the clue here as the string was encrypted using the four-square cipher which uses two 5x5 matrices of alphabets(like the ones given) to encrypt a string of alphabets, two at a time. You can headover to this page at practicalcryptography.com for trying out this and many other popular cipher techniques.

Level 5

This is an easy one. Follow the link for the question. Note that you have to enter the key in UPPERCASE LETTERS.

Author(s)

Prajjwal

Solution

Another problem where you were given a pretty much empty website and had to inspect the elements. In the html file of web page you will find a hidden audio file which contained a morse signal audio. You can use any morse audio decoding tools available on the internet like this one. Audio file.

Level 6

On a fine day in January of 1970 Dennis received a message from Ken. The message is in this file. It contains some data which is in the form of a scalar representation of a very special data type in computers. The 0th elements(or maybe the 1th or the -1th element, if you’re not in India) of the representation of these values in that data type has a secret message. Can you decode it? [Note: All the letters in the key would be upper-case.]

Author(s)

Prakhar

Solution

What the given file contains are called UNIX timestamps. They are a simple way of representing each instant of time since the first millisecond of 1/1/1970 and are used in computer architectures worldwide. Each timestamp in the given file corresponds to 0:00:00 time of a date in the month of October 2019. These dates were the A1Z26 cipher encryption of the key(1=A,2=B and so on).

Level 7

Have you seen the website of Akshat Malviya (students.iitmandi.ac.in/~b17003), one of the other authors have HIDDEN the key on his (the other author’s) website somewhere. Can you find it?

Author(s)

Akshat & Prakhar

Solution

The author of this problem was Prakhar Uniyal(B18128). You can find there is a subdirectory called box on his website. However, in that subdirectory there is only a txt file called hint. You open it and read some motivational(:P) text that gives you hope and hints you to look for ways to hide files in a website. The first google search result gives you the answer .htaccess. You open the .htaccess file and find the filename of the one containing the key. (The files of the problem have been moved from Prakhar’s website now, however you can try the 11th mission on this website as it was the inspiration for this problem.)

Level 8

You recently came to know about 2 malicious servers and hence decided to plant explosive viruses on one of them. You have 1.55 minutes to do so with the help of 4 other friends (or strangers). It takes 3 seconds to plant viruses. There are 5 sys-admins guarding the 2 servers, and viruses require a password to be planted. What password will you use? The viruses only accept numeric input in the standard flag format of this CTF.

Author(s)

Akshat

Solution

Look carefully at the given numbers. 2 malicious servers, 5 members in your team, 5 members in the opponent team, task is to “plant” a virus and the process takes 3 seconds. Still don’t get it? Okay сука блять, this is just a reference to the famous game “Counter Strike” in which a team of terrorists and counter-terrorists fight against each other. The mission of terrorists is to plant a bomb at one of the two bomb sites and counter terrorists have to stop them. In every version of the game, while planting the bomb, terrorist enters a numeric password. That password is the key to this level (This problem does not have much to do with the field of infosec, still most of us relate to this reference because for many people this is the first time they interact with the so called “hackers” while playing the game online, hence this reference deserved a mention in this ctf).

Level 9

A Poster is a great way to advertise an event! And seo machines resembling a human being which are able to replicate certain human movements and functions automatically are going to destroy this website soon.

Author(s)

Akshat

Solution

The poster referred here is the one with event description sent to you on the webmail(The one on facebook gets compromised because of facebook’s compression algorithms). The rest of the problem basically refers to robots.txt file of the given webpage as it contains the information of the linked web pages for search engine optimization. Half of the key was in the poster(open it with a text editor) while the other half in the robots.txt file.

Level 10

Someone has blocked Shreyas’ access to EinsteinPy Github repository. Fortunately, the hacker sent him a way to regain access. This image file has the key. Encryption has been done using OTP. Can you help Shreyas out?

Image

Author(s)

Rishi

Solution

Okay this was one of the two hardest problems of the event. First of all, a big round of applause to all the noobs who thought that the full form of OTP is one time password. Actually it is one time but not password, padding instead. If you google about image encryption using OTP, this page comes in the search results. It gives us an idea that we basically have to do XOR operation on the pixels of two images, one over the other. One of them is the secret image while the other is the key. Following the properties of XOR operation, doing the same with the key and the encrypted image will again yield the secret image. Now for starters, this process requires two images(encrypted image and the key) but we have only one. Well for those who don’t know, the first thing to do with an image file in ctf challenges is to look what’s inside it. Open it in a text editor and you will definitely get some clue to move ahead. Now the catch in this problem was that there was another image hidden inside the original one. How to retrieve it? There are many ways to do it, the easiest one being the use of binwalk utility. Run binwalk -e <filename> in your terminal and it extracts all the hidden files(mostly) from the original file. So now with the encrypted image and the key all we had to do was the xor operation. You can write a long python script to do this but a bit of smart googling saves the effort. Check out the first answer on this stackoverflow thread. The decrypted image was that of the key.

Level 11

This zip looks fishy. But it contains something useful for you. The key to this level. Not so easy though. Not so easy though. B1-B7 are in the South Campus. Many other B’s are in the North. But the solution lies in B64. I like hex.

Author(s)

Rishi

Solution

Yet another mind boggler by Rishi. This problem was a good test of github skills for everyone. Specially for the first yearites who had attended the introduction to Git session, courtesy of STAC. One had to look into the logs of commit history of the repository using the command git log. Then reverting back to each commit one by one, an old version of the .gitignore file contained a weird string ending with an equal sign. For those who don’t know, weird strings ending with an equal sign are base64 encoded strings. Hence the solution lies in B64. :P On decoding it using a website like this one we get yet another weird sequence of characters however this one looks familiar. Yes these are hexadecimal numbers and on decoding yield the key. Whew, that was a lot of work to do.

Thanks to

  • Prakhar Uniyal, Rishi Sharma, Prajjwal Jha and Akshat Malviya for setting up these amazing problems.
  • Prakhar for writing up the whole editorial! (You reduced others’ work by huge amount dude!)
  • Abhigyan Khaund for creating the decent platform for hosting the event.
  • Akshat for doing the necessary modifications and doing the other management and organization stuff for the event.

Feel free to contact Akshat or Prakhar for any further queries!

Updated: