Here are my some of my writeups for the BlueHens CTF. I got 83/376, which isn’t great, but I did have a good time. I also learned a lot from the pwn section, which was really well made and a wonderful introduction to pwn (at least for me, it was probably way too easy for anyone with more pwn experience). So special thanks to Professor Ninja for writing the intro pwn challenges!
Antman needs to hack the mainframe and save the world from YellowJacket’s terror. But it looks like the key to the computer has been scattered across the quantum realm. Can you help Antman save the day?
Note from the admins:
We apologise again for the fault in the subtitles flag format. Those responsible for sacking the people who have just been sacked have been sacked. The directors of the firm hired to continue the credits after the other people had been sacked, wish it to be known that they have just been sacked.
I started this challenge by runnings strings on the
image, which reveals the name of a text file
could_this_be_it.txt.
$ strings Antman.jpeg | tail
a.G~
sXE'
{=0Oq
ogD>~K
:+/1
wg$}
0000000000000000000000J
Ubn00
fOL{
could_this_be_it.txtI then ran binwalk to see if
could_this_be_it.txt it could be embedded in the image.
$ binwalk -e Antman.jpeg
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, EXIF standard
12 0xC TIFF image data, big-endian, offset of first image directory: 8
9519 0x252F Zip archive data, at least v2.0 to extract, compressed size: 10115, uncompressed size: 506796, name: could_this_be_it.txt
19786 0x4D4A End of Zip archive, footer length: 22
And it is! There is a zip file containing
could_this_be_it.txt.
Looking at the file, it seems to contain two base64 encoded strings.
After decoding the strings, we can see that there is a number (I’m
assuming the dimensions), and some RGB pixel values.
$ cat could_this_be_it.txt | base64 -di | head
45754(218, 116, 208)
(218, 116, 208)
(218, 116, 208)
(218, 116, 208)
(218, 116, 208)
(218, 116, 208)
(218, 116, 208)
(218, 116, 208)
(218, 116, 208)
(218, 116, 208)The original file had the first base64 string split across 2 lines, so we know the dimensions are 457x54.
$ cat could_this_be_it.txt | head -n 2
NDU3
NTQ=Counting the number of pixels with wc -l we can see
there are 22400 pixels. This is an issue, as there should be
456*54=24624 pixels. So either we are missing some pixels,
or the dimensions are wrong.
Written: 2022-11-2 Last Updated: 2022-11-2