DefCamp CTF Qualifiers

EagleEye - Stego [1 pt]

Do you see it?

I opened the file in StegSolve and clicking through the Greyscale version showed the flag in the top left corner.

Flag: DCTF{912c07726142de12943b76a89d40847028330f0a1a0be1ac24503c57242404ab}

Robot VS Humans - Web [1 pt]

Find your flag on this website. Target: https://robots-vs-humans.dctfq18.def.camp/

As this challenge suggests it is most likely the robots.txt file. We check and that request returned the message Did you know that robots.txt is not the only .txt file in a website? BTW: I am against humans!

On a hunch, I tried humans.txt which returned

/* TEAM */ Your title: RobotsVSHumans Location: Bucharest, Romania /* THANKS */ Name: DCTF{1091d2144edbffaf5dd265cb7c93e799c4659eb16ee79735b3bd6e09dd6e791f}

Flag: DCTF{1091d2144edbffaf5dd265cb7c93e799c4659eb16ee79735b3bd6e09dd6e791f}

Multiple Flags - Stego [1 pt]

Look flags everywhere

My search history was the first man with flag meaning to signalman letter signs to get this beautiful image

Given this image # # # # # # # > JDCTFSP # # # # # # # > ECIALFL # # # # # # # > AG???JA # # # # # # # > A???JAA # # # # # # # > ??????? # # # # # # # > ??JDCTF So that is JDCTFSPECIALFLAG???JAA???JAA?????????JDCTF... UM So I am missing something and after doing a reverse image search I found a Wikipedia article that made numbers into the play. With that making more sense it probably also meant that J was a delimiter for letters and not the actual letter.

Flag: DCTFSPECIALFLAG00AA00AA00991337DCTF

Message - Misc [50 pts]

Description
I just typed this secret message.txt with my new encoding algorithm. Author: Lucian Nitescu

Solution

We look at the file and while scrolling, I have no clue what I am going to do. I found that "qwerty", "asdfg", and "zxcvbn" appeared a lot so I split up the document using those phrases. That left me with 1220 segments. Next, I thought about which of those segments are unique which brought me down to 144 unique segments. Printing out the segments I had an "Ahaa" moment and knew exactly where the flag is. I did this through the code below.

Code

f = open("message.txt")
line = f.readline()
newLine = line.replace("qwerty", "#").replace("asdfg", "#").replace("zxcvbn","#")
flagStart = newLine.index("{")
flagEnd = newLine.index("}")
print(str(flagStart) , str(flagEnd))
print(newLine[flagStart - 100:flagEnd + 20])
splits = newLine.split("#")
options = []
for s in splits:
	if s not in options:
		options.append(s)
print("Letters: " , str(len(splits)))
print("Options: " , str(len(options)))
print(options)
----------------------------------------------------------
Output:
4058 4338
ghu#wsxcde#xsweftynh#h #rfv#hnbvcxswerf#iuyhnbv#hedcvbgt#xsweftyhn#.# #wsxcfe#htrfvb#hrtyuihn#redcf#{#rfvbhg#6#6#hedcvrf#redcv#hzsefvcx#hxcvbgrd#hgrdxcvb#9#0#zsefvcx#edcvgr#h0#h5#yhnmku#hredcf#h5#wsxcfe#zsefvcx#hwsxcfd#3#3#edcvgr#7#1#grdxcvb#8#htrfvg#7#0#9#3#4#4#0#8#redcf#3#zsefvcx#5#8#4#h7#zsefvcx#h4#hewsxc#5#trfvb#3#h8#edcvgr#qazxds#h7#5#8#h9#h1#rfvbhg#h0#trfvg#h0#wsxcde#3#2#}#wsxcv#rfvbnhyt#mnb
Letters:  1220
Options:  144
['wsxcv', 'hrfvbnhyt', 'mnbvcdrtghu', 'wsxcde', 'hzaqwdrtgb', ' ', 'wsx', 'nbvcxswefr', 'iuyhnbv', 'wsxcvfr', 'hiuyhnbv', 'h ', 'ytrfvcx', 'mnbvccdertg', 'edcvb', 'hefvt', 'hwsxcfe', 'edcvbgt', 'xsweftynh', 'jmyi', 'rtyuihn', 'hrgnygc', 'qazxcdew', 'redcf', 'wertyfv', 'rfvgyhn', 'hwsxcde', 'rfv', 'xsweftgb', 'hxsweftgb', 'cvgred', 'hgrdxcvb', 'xsweftbg', 'hwertyfv', 'efvt', 'edcvrf', 'tgbnhy', 'zaqwdvfr', 'hedc', 'hyhnmku', 'hmnbvcdrtghu', 'h.', 'hrfvbn', 'wsxcvfre', 'hwsx', 'nbvcxswerf', 'xsweftyhn', 'hzsefvcx', 'rfvbhg', 'hedcvrf', 'htgbnhy', 'hrtyuihn', 'edcftgb', 'hzaqwdvfr', "'", 'zsefvcx', 'yhnmku', 'edcvgr', 'wsxcfe', 'hxsweftynh', 'hxsweftyhn', 'wdvtdz', 'wdcft', 'ewsxc', 'h1', '5', '0', 'h0', ',', 'efvgywdcft', 'grdxcvb', 'hwsxcvfr', 'hedcfby', 'hxsweftbg', 'hnbvcxswerf', 'edc', 'edcfby', 'xcvbgrd', 'trfvg', 'redcv', 'qazsce', 'hxcvbgrd', 'wsxcfd', 'hwsxcvfre', 'hwsxdrfv', 'efvgy', 'rfvbn', 'ewsxd', 'hedcvbgt', 'hwsxcv', 'trfvb', 'rfvbnhyt', 'hcvrged', 'cvrged', 'hnbvcxswefr', '1', '9', '6', 'hytrfvcx', 'hefvgywdcft', 'wsxdrfv', 'hqazxcdew', 'hrfv', 'hedcftgb', 'hqazsce', 'hrfvbhg', 'hcvgred', 'wsxdvr', 'hredcvg', '.', 'htrfvb', '{', 'h5', 'hredcf', 'hwsxcfd', '3', '7', '8', 'htrfvg', '4', 'h7', 'h4', 'hewsxc', 'h8', 'qazxds', 'h9', '2', '}', 'hmnbvccdertg', 'zaqwdrtgb', 'hwdvtdz', 'hedcvgr', 'hjmyi', 'hrfvgyhn', "h'", 'h,', 'hwsxdvr', 'redcvg', 'hefvgy', 'hwdcft', 'hredcv', 'hedcvb', 'h6', 'h']

I used that segment and brushed it down to only be the section of the flag.

#wsxcfe#htrfvb#hrtyuihn#redcf#{#rfvbhg#6#6#hedcvrf#redcv#hzsefvcx#hxcvbgrd#hgrdxcvb#9#0#zsefvcx#edcvgr#h0#h5#yhnmku#hredcf#h5#wsxcfe#zsefvcx#hwsxcfd#3#3#edcvgr#7#1#grdxcvb#8#htrfvg#7#0#9#3#4#4#0#8#redcf#3#zsefvcx#5#8#4#h7#zsefvcx#h4#hewsxc#5#trfvb#3#h8#edcvgr#qazxds#h7#5#8#h9#h1#rfvbhg#h0#trfvg#h0#wsxcde#3#2#}

I was so thrown off until I typed it and noticed that the "rtyuihn" was looking like a "T" on the keyboard. All we did from there was hardcode the phrases in the brackets and you get the flag. By having the flag is a hash, it cut down on time only having to do max of 7 letters.

newLine = line.replace("qwerty", "#").replace("asdfgh", "#").replace("zxcvbn","#")
letter = ["d","c","t","f", "v", "b", "e" , "c" , "a", "a", "a", "d", "d", "b", "f", "c", "b", "e"]
match = ["wsxcfe", "trfvb", "rtyuihn", "redcf","wdcft","rfvbhg","edcvrf", "redcv", "zsefvcx", "grdxcvb", "xcvbgrd", "edcvgr", "yhnmku", "wsxcfd", "trfvg", "ewsxc", "qazxds", "wsxcde"]

for i in range(0, len(match)):
	newLine = newLine.replace(match[i], letter[i])