|    |    |    | Today: 29-Apr-2017 |

[Write-ups] EKOPARTY CTF 2016

October 30, 2016 | Posted in How to

image




Hidden inside EKO - Misc (50)


Find the hidden flag in the EKO pixels!

looking background image and found the flag in the top left-hand corner.


image

flag is EKO{th3_fl4g}




Mr. Robot - Web (25)


Disallow it!


It’s Web category, so let’s check the ctf.ekoparty.org/robots.txt


image

Voila ~


The “Disallow: /static/wIMti7Z27b.txt” tells the robot that it should not visit any pages on the site, but we can view it by opening in the web browser.


So don’t try to use /robots.txt to hide information.



flag is EKO{robot_is_following_us}




RFC 7230 - Web (50)


Get just basic information from this server (ctf.ekoparty.org).


You can read about RFC 7230 over here. There is many ways to get basic information from the server, the simple way is using curl command.


$ curl -I -X GET ctf.ekoparty.org

image

flag is EKO{this_is_my_great_server}




Welcome to the dark side - FBI (25)


At Silk Road, every precaution is made to ensure your anonymity and security, from connecting to the site, to making your transactions, to receiving your items.


https://silkroadzpvwzxxv.onion


This one was so easy that I overlooked it at first. After connecting to https://silkroadzpvwzxxv.onion page, open and view page source.


image

flag is EKO{buy_me_some_b0ts}




Metadata - FBI (50)


Help me to find some metadata!

https://silkroadzpvwzxxv.onion


Tor services usually not have a SSL certificate, so this additional security measure stood out and one had to acccept the self-signed certificate.


image

flag is EKO{is_this_just_real_life_is_this_just_fantasy}




Certified Excel Hacker - Forensics (50)


Can you wait for the answer?



Hint

Do not wait for it, it is already there :)


Attachment

for50_ed4b8625b6be1bd0.zip


After downloading and extracting the zip archive we see a CALCULATOR.xlsm file. Libreoffice warns us that it might contain malicious macros.


image
image

Trying to modify a cell resulted in a Can't modify protected cells error. The next logical step was to remove this protection by un-ticking Tools->[ ] Protect Sheet.


image

After that right-clicked the first FORM-sheet and chose Show sheets


image

selected the ANSWER as hidden sheet, click OK.


image

This revealed a quite big sheet with huge cells.


image
image

Voila ~

Lets remove this protection by un-ticking Tools->[ ] Protect Sheet.


image

After all, we can read the hidden message at the final result.


image

flag is EKO{HIDDEN_SHEET_123}




JVM - Reversing (25)



Bytecodes everywhere, reverse them.



Attachment

rev25_3100aa76fca4432f.zip


Got EKO.class after extract the zip file, it seems java class file.


image

Recompiling the source


C:\>type EKO.java



public class EKO
{
public static void main(String[] paramArrayOfString)
{
int i = 0;
for (int j = 0; j < 1337; j++) {
i += j;
}
String str = “EKO{” + i + “}”;
System.out.println(str);
}
}


then running the source


C:\>javac EKO.java && java EKO EKO.java

EKO{893116}


flag is EKO{893116}




Old but gold - Misc (250)


These QR codes look weird



Hint
Flag on UPPERCASE!


Attachment
misc250_100ff979353dd452.zip



After extracting the zip and opened the file, it is not a QR codes but it is punch card.


image

Decoding the message inside punch card using emulator.


image

The cards in alphabetical order by file name produces the following text.


image

Reading through each line to determine the follow of the story is needed.



UPON A TEME, THERE WAS A YOUNG HACKER CALLED MJ
IT WAS THE SIXTIES, HE WAS TRYKNG TO FIGURE OUT HOW TO
USE THOSE PONCHED CARDS, HE LIKES TO PROGRAM IN FORTRAN
AND COBOL, B(T EVEN AFTER ALL THOSE YEARS HE DOESNT KNOW
HOW TO PROPERLY MRITE SECURE CODE IN THOSE LANGUAGES
IN THOSE DAYS YOUR ONLY OPTION W4S READ LARGE BOOKS AND
MANUALS TRY1NG TO LEARN HOW TO PROGRAM AND SPEND A LOT
OF TIME PUNCHING THOSE NARDS, CAN YOU IMAGINE WHAT COULD
HAPPEN IF YOU FAKE A SMALL MISTAKE IN ON OF THOSE PUNCHED
CARDS? AFTER THOSE HOURS WAITING ROR A RESULT, THEN IT SAYS
ERROR DUE TO A SMALL AND ALMOST INSIGNIFICANT MIST4KE BUT
THAT WILL TAKE MORE TIME TO MEBUG AND FIGURE OUT WHERE WAS
THE BUG, BUT THOSE WER3 THE OLD DAYS. CAN YOU FIND THE FLAG
USING THIS OLD TECHNOLOGY? GOOD LUCK, YOU WILL NEED IT)



There are also some mistakes in the story which matches the flag pattern.



flag is EKO{M41NFR4M3}

Taged in: ctf, ekoparty, write, writeups