Google beginners CTF 2018 (first 3 challenges) writeup.

Balaji S
3 min readJun 25, 2018

--

I was bored this weekend, scrolling through feeds in twitter and found out that google’s CTF for beginners is open. So I decided to give it a try. I have attended some CTFs before but haven’t completed any challenges. Those were not beginner friendly. I was able to complete only three challenges in this CTF.

LETTER:

The file `5a0fad5699f75dee39434cc26587411b948e0574a545ef4157e5bf4700e9d62a.txt` was downloaded when I clicked the Attachment link.

When I opened it I noticed it was not a valid text file. So i guessed it would be a zip file and changed the extension and extracted the contents. there was a pdf file inside. with password hidden.

I just selected the password and it revealed. It was that easy.

OCR IS COOL:

I downloaded the attachment and again changed it to zip and extracted there was this OCR_is_cool.png file. It was a screenshot of an email with gibberish words. I spent some time to figure out what it could be. Then it strike my mind after taking a deeper look at the first word. I found out that the first word used was substitution for ‘Dear’ then I realized it is a Caesar cipher with key 19. I didn’t notice that the hint ‘Caesar’ given in the challenge description until I have found the flag.

Read the challenge description properly before proceeding to get the flag.

For those who aren’t familiar with Caesar cipher. It is a simple encryption method to convert plaintext to ciphertext. For more info watch this video

https://www.youtube.com/watch?v=ergRKv3DglI

I uploaded the image to this website and got the text and i decrypted the ciphertext with key 19 with this online Caesar decryption tool and got this.

the flag was CTF{caesarcipherisasubstitutioncipher}.

FLOPPY:

I downloaded and extracted the attachment and found a foo.ico file.

foo.ico

There was no information to get from this ico file. I fired up the hexeditor to find out if there was any file hidden in it.

hex for foo.ico

You can find the letters PK and driver.txt. PK means that there is a .zip file embedded in it.

I extracted the contents using foremost. you can also use binwalk to extract the embedded files.

and the driver.txt file had the flag CTF{qeY80sU6Ktko8BJW}.

I was able to complete only three challenges.

This is my first post. Thank you for reading till the end.

--

--

Balaji S

Passionate about Mechatronics, Full Stack development & InfoSec.