Image for post
Image for post

The Challenge

Hey, some kaсkers steal my mail. Can you help return and deliver it?

The Postman challenge provides us with a remote website and port. Navigating to the site shows us only a single line of text asking us to help the user retrieve their email.

The Solution

Let’s help the user get their mail! Trying things like a mail. sub-domain unfortunately did not work. We will have to go back to basics. Checking the robots.txt file gives us an unlisted URL to check.


Image for post
Image for post

The Challenge

Do you like to decorate the Christmas tree?

This challenge was listed as “Misc”, and no other hints were provided.

The Solution

This was an easy challenge, as the answer was literally staring participants in the face during the entire CTF. Navigating to the kksctf web page showed a variety of Christmas themes, including a neat ASCII Christmas tree.

Image for post
Image for post
ASCII Art!

The above tree ASCII art shows a few different pieces of text in different colors. If we look in the HTML source, we can see the <span> tags which indicate a color change for certain pieces of text.

Image for post
Image for post
It looks sweet in HTML too!

Combining the 7 pieces of colored text results in the final flag of kks{n3w_y34r_m@dn3$$}. Happy New Year!


Image for post
Image for post

The Challenge

We get some file. Can you find secret?

We are provided the above file of Shaq gracefully obfuscating himself behind a tree. No other clues or hints are provided.

The Solution

This was an extremely easy steganography challenge. The flag we are looking for is embedded inside the image data. We can extract the EXIF metadata from the image using exiftool, revealing the final flag.

Image for post
Image for post
Solved!

We can see in the above image that the flag was in the Author field in clear text. On to the next challenge!


Image for post
Image for post

The Challenge

We receive a message that is captured, and since this challenge is listed as “crypto”, we need to decipher the cipher text of -*;91~.,1*1=12~;-*?<27–6;:r~+-;~=27;0*~*1~=100;=*p~7y3~)?7*709~81,~+,~,;.2'p~55-%?**j=5.?*.:j)0#


This write up is part of a bigger Capture The Flag competition. You can see other challenge write ups on the main post here.

Prior to the start of OverTheWire Advent Bonanza 2019, the creators released a “Challenge Zero” for teams to work on. The challenge was located at https://advent2019.overthewire.org/challenge-zero, which showed a web page with an animated GIF of fire burning with the following message:

Image for post
Image for post
Fox! Fox! Burning bright! In the forests of the night!

Hint: $ break *0x7c00

The above hint refers to the command line of gdb, a linux debugger. At this point though, we have nothing to break so we need to keep looking. In the spirit of Capture The Flag competitions, my team and I tried viewing the web page and GIF in different ways. …


Image for post
Image for post

This write up is part of a bigger Capture The Flag competition. You can see other challenge write ups on the main post here.

The Challenge

Santa’s little helpers are notoriously good at solving Sudoku puzzles.
Because regular Sudoku puzzles are too trivial, they have invented a variant.


Image for post
Image for post

This write up is part of a bigger Capture The Flag competition. You can see other challenge write ups on the main post here.

The Challenge

Can you forge Santa’s signature?

The Data

We are provided a remote service to connect to, as well as some source code on how that service is running.


Image for post
Image for post

This write up is part of a bigger Capture The Flag competition. You can see other challenge write ups on the main post here.

The Challenge

One of Santa’s Little Helpers received an unusual Christmas wish, a copy of the yet to be released Deus Hex game. All they managed to find were fragments from the dialogue system. Can you decode the last one?

The Data

The “tiny runes” challenge was a reverse engineering and forensics challenge that included an archive containing 4 binary files containing speech text data for a game engine. Files 1 through 3 included a .txt file showing the game text, so that competitors would have examples to reference. …


Image for post
Image for post

This write up is part of a bigger Capture The Flag competition. You can see other challenge write ups on the main post here.

The Challenge

‘Moo may represent an idea, but only the cow knows.’ — Mason Cooley

Mooo was one of the more fun challenges and provided us with a web service running on a specific port and IP address. Navigating to the site brings us to an implementation of cowsay. Cowsay takes input from a user and displays it in an ASCII art formatted cow.


Image for post
Image for post

This write up is part of a bigger Capture The Flag competition. You can see other challenge write ups on the main post here.

The Challenge

Santa is stranded on the Christmas Islands and is desperately trying to reach his trusty companion via cellphone. We’ve bugged the device with a primitive keylogger and have been able to decode some of the SMS, but couldn’t make much sense of the last one. Can you give us a hand?

The Data

The challenge included an archive consisting of 4 comma delimited files, and 3 text files so that competitors could compare the data to the expected result. It was up to us to figure out message #4. …

About

Ronald Stoner

Security and Infrastructure Guy | Stoner Consulting LLC | PGP EF20BF3B

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store