K17_AutumnCTF Writeup: Part 1

This weekend, UNSW’s Security Society hosted a friendly Capture The Flag (CTF) event. For those who are not familiar with what a CTF is, they are competitions where teams are presented with security-related challenges which they need to solve in order to win points. The security challenges are usually separated into different categories, which may include Cryptography, Exploits, Web, Forensics, Recon, VM and Miscellaneous challenges. The team that obtains the most points by the end of the competition would win prizes… or just the joy of knowing that you have some great hacking skills.

This CTF is the second in-person CTF event that I have been to and I found it more challenging than last year’s competition but more opportunities to learn new tools / methods for solving security problems.

I have separated the writeups for this CTF in a few parts, as the combined explanations are too long for one read. So, let’s start off with one of the most difficult categories…

Cryptography | Script (50 points)

Someone encrypted my favourite movie script, can you please get it back for me? The flag is the name of the movie from it’s wikipedia page.

We are given a .txt file which I assume represented an entire mystery movie script. Crypto challenges are always quite time-consuming to do and require a lot of patience. This one was no different.

After some blank staring and attempting to discover some sort of pattern, I guessed that the script was encrypted with a polyalphabetic substitution cipher since there was frequent repetition of some strings. I won’t go into detail about cryptanalysis techniques (maybe I’ll write an article on this later), but from figuring out a key length of 4 letters and using frequency analysis on each 1st, 2nd, 3rd and 4th occurrence of characters in the script, I could decrypt some of the text within the script which was enough to perform a search with.

Two lines in the script which made it obvious that the key length = 4

Using an online search engine for movie scripts (QuoDB), I put in a line from the script which I assumed would be unique enough.

This returned several movie names but following the exact script given, the flag would be the name of the first movie in the search results.


SEE PART 2: Exploits and Web