Capture the Flag Lab PDF

Title Capture the Flag Lab
Course Advanced Penetration Testing
Institution National University (US)
Pages 5
File Size 246 KB
File Type PDF
Total Downloads 54
Total Views 169
Preview
CLICK TO PREVIEW PDF
Summary

Instructions
• In this lab you will create a question/puzzle for a CTF Competition. In the first part of the lab you will try the Pico CTF Competition to get some ideas on good questions and then create one of your own. See attached PDF for instructions and deliverables....

Description

CYB 634 7/11/2021 Capture the Flag Lab – Week 1 I decided to make a steganography problem. I remember first learning about the concept of hiding files within files back in junior college. I know this might throw people off since the first thing most people will do is look at the metadata, and so I would say this is medium difficulty. All that has to be done in the end is the image needs to be unzipped. This can be done directly from the command-line in Linux. After that, the resulting file shows a base 64 code that needs to be decoded to get the flag. The flag is “flag{cats>dogs}” (without the quotes). I first tried to do this with Linux, but the image was not rendering outside of the directory it was created in for some reason. I ended up using Command Prompt to hide the file. Linux can still be used to extract it. Here are the steps I did: 1. 2. 3. 4. 5. 6.

Get a generic cat a picture off the internet. Encode the flag in base 64. Put it in a text file and name it secret.txt. Zip the text file into a file called secret.zip. Open Command Prompt and navigate to the directory these files are in. Command: copy /b hidden_cat.jpg + secret.zip cat.jpg

I reversed this to make sure I was able to retrieve my own flag, and I was. I do not know if there is going to be any problems with the image attachment being processed as it is submitted to Brightspace. Please let me know if there is any problem and I can email you the image. Title: Steg-cat-nography Difficulty: Medium Hint #1: Maybe there is something hidden in the image. Hint #2: Metadata does not always show everything. Flag: flag{cats>dogs}

There were two different CTF assignments instructions for the week for the same assignment. One said to do five of the challenges on picoGym and the other said to do 10. I was not sure which was the latest and so I did 10. The following two screenshots are proof of me having completed 10 challenges. I also included a short write-up afterward with the flags I acquired.

General Skills -> Obedient Cat I displayed the contents of the file using the cat command. Flag: picoCTF{s4n1ty_v3r1f13d_4a2b35fd} Cryptography -> Mod 26 I used a ROT13 converter online to obtain the flag. Flag: picoCTF{next_time_I'll_try_2_rounds_of_rot13_hWqFsgzu} General Skills -> Python Wrangling I used Python3 and the -d parameter to decode the password. python3 ende.py -d flag.txt.en 68f88f9368f88f9368f88f9368f88f93 picoCTF{4p0110_1n_7h3_h0us3_68f88f93} General Skills -> Wave a flag

It is never a good idea to execute a binary you do not trust. I searched it using the “strings” command which helped me find the flag. strings warm Flag: picoCTF{b1scu1ts_4nd_gr4vy_6635aa47} Forensics -> Information I used a free online forensics tool that could analyze the JPG file. I looked at strings extracted from the file and a base 64 string stood out. I decoded that and got the flag. echo cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9 > temp.txt base64 -d temp.txt Flag: picoCTF{the_m3tadata_1s_modified} General Skills -> Nice netcat… nc mercury.picoctf.net 49039 I plugged the set of numbers into an online ASCII-to-text converter to come up with the flag. picoCTF{g00d_k1tty!_n1c3_k1tty!_3d84edc8} Web Exploitation -> GET aHEAD Looking at the source code of the page, I noticed a GET and POST method. The hint was in “HEAD”, and so I used curl to find a header on the site with that name. curl -I HEAD -i http://mercury.picoctf.net:28916/index.php Flag: picoCTF{r3j3ct_th3_du4l1ty_70bc61c4} General Skills -> Static ain’t always noise I did not need the bash script that was provided for this one. I just used the strings command to list the strings in the binary. strings static Flag: picoCTF{d15a5m_t34s3r_ae0b3ef2} General Skills -> Tab, Tab, Attack To get this flag, I had to run an ELF binary file this was nested in multiple subdirectories in a zip file. ./fang-of-haynekhtnamet Flag: picoCTF{l3v3l_up!_t4k3_4_r35t!_a00cae70} Forensics -> Matryoshka doll

I did not find any useful information in the file using online image forensics tools. I then remembered in junior college how we were taught that files could hide within files. I attempted to unzip the image. unzip dolls.jpg cd base_images unzip 2_c.jpg cd base_images unzip 3_c.jpg cd base_images unzip 4_c.jpg cat flag.txt Flag: picoCTF{bf6acf878dcbd752f4721e41b1b1b66b}...

Similar Free PDFs
Capture the Flag Lab
  • 5 Pages
Capture the flag challenges 1
  • 5 Pages
The American Flag- poetry analysis
  • 1 Pages
THE FLAG Heraldic CODE OF THE Philippines
  • 9 Pages
Capturethe Flag CTFWrite-Up
  • 5 Pages
The March of the Flag by Albert Beveridge,1898
  • 5 Pages
Contactless Fingerprint Capture
  • 4 Pages
Système nerveux et Capture insecte
  • 6 Pages
Capture Theory and regulation
  • 3 Pages
Domina los Conceptos Básicos de la Fotografía - Capture the Atlas
  • 84 Pages
Module 2 The National Flag Law (R.A. 8491)
  • 6 Pages
Chapter 04 - Flag Quiz App
  • 60 Pages
9.2.3.5 Lab - Using Wireshark to Examine a UDP DNS Capture
  • 7 Pages
GIS Data Capture and editing
  • 6 Pages
mod 7 graphic organizer - confederate flag
  • 1 Pages
Kami Export - Specialized Animal Cells Capture Sheet.docx
  • 2 Pages
Popular Institutions