PACTF 2018

A Picture is worth a thousand words - Category [10 pts]

Apparently there is something hidden in this image… Hint: You’re looking for text—how might you look at the text of the image?

In the Exif data of the file, the artist tag contains the text flag_is_DjKVIXXQRZZrrAd

Flag: DjKVIXXQRZZrrAd

Let Me In - Category [20 pts]

You received this account.rar file, but it is ‘protected’ under a password. Can you break in?
Hint: Something tells me the user might not be using complex passwords…

When you try and open the rar file it is locked so I went to use John the ripper to create a hash of the file rar2john rarfile > output.hash then cracked the password with the default wordlist of rockyou john --format=rar output.hash It cracked it very quick as the password was just 123456 and inside was a file "flag.txt"

Flag: rgSueiMYehWJSZPZr

Bad Melody - Category [30 pts]

Our musician friend Martin recently bought a melody pack containing different melodies recorded in MIDI format. He hoped to use them in his electronic music tracks and then pretend that he was the person who actually wrote them. He spent a solid hundred dollars, but the website selling sample packs fooled him! Instead of 10 wonderful melodies, he only received one MIDI file. It sounded awful, and Martin quickly noticed why!
Can you notice why?
See for yourself: melody.mid

As it says in the description that it is an midi file, I found Audacity and just opened it up which showed the flag.

Flag: WRITE YOUR OWN MUSIC

PreviousDefCamp CTF Qualifiers NextCSAW CTF Qualifiers 2018

Last updated 3 years ago