Newark Academy CTF 2019

Vyom's Soggy Croutons - Crypto [50 pts]

Vyom was eating a CAESAR salad with a bunch of wet croutons when he sent me this: ertkw{vk_kl_silkv}. Can you help me decipher his message? Hint: You don't have to decode it by hand -- Google is your friend!

Using the website we can easily find the flag

Flag: nactf{et_tu_brute}

Loony Tunes - Crypto [50 pts]

Ruthie is very inhumane. She keeps her precious pigs locked up in a pen. I heard that this secret message is the password to unlocking the gate to her PIGPEN. Unfortunately, Ruthie does not want people unlocking the gate so she encoded the password. Please help decrypt this code so that we can free the pigs! P.S. "_" , "{" , and "}" are not part of the cipher and should not be changed. P.P.S the flag is all lowercase

Referring to the pigpen cipher you can decode the message.

Flag: nactf{th_th_th_thats_all_folks}

Intro to Flags - General [10 pts]

Your flag is nactf{w3lc0m3_t0_th3_m4tr1x}

Flag: nactf{1nsp3ct_b3tter_7han_c10us3au}

Join the Discord - General [25 pts]

Go to the NACTF home page and find the link to the Discord server. A flag will be waiting for you once you join. So will Austin.

Flag: nactf{g00d_luck_h4v3_fun}

What the HEX? - General [25 pts]

What the HEX man! My friend Elon just posted this message and I have no idea what it means >:( Please help me decode it: https://twitter.com/kevinmitnick/status/1028080089592815618?lang=en. Leave the text format: no need to add nactf{} or change punctuation/capitalization Hint: online converters are pretty useful

Cipher is

49 20 77 61 73 2e 20 53 6f 72 72 79 20 74 6f 20 68 61 76 65 20 6d 69 73 73 65 64 20 79 6f 75 2e

Using an online decoder the hex converted to

Flag: I was. Sorry to have missed you.

Off-base - General [25 pts]

It seems my friend Rohan won't stop sending cryptic messages and he keeps mumbling something about base 64. Quick! We need to figure out what he is trying to say before he loses his mind... bmFjdGZ7YV9jaDRuZzNfMGZfYmE1ZX0=

Doing a simple base64 decoding to get the flag

Flag: nactf{a_ch4ng3_0f_ba5e}

Cat over the wire - General [50 pts]

Open up a terminal and connect to the server at shell.2019.nactf.com on port 31242 and get the flag! Use this netcat command in terminal. nc shell.2019.nactf.com 31242

Flag: nactf{th3_c4ts_0ut_0f_th3_b4g}

Grace's HashBrowns - General [50 pts]

Grace was trying to make some food for her family but she really messed it up. She was trying to make some hashbrowns but instead, she made this: f5525fc4fc5fdd42a7cf4f65dc27571c. I guess Grace is a really bad cook. But at least she tried to add some md5 sauce. remember to put the flag in nactf{....}

Doing a quick google search to get to this website which decrypted the MD5

Flag: nactf{grak}

Get a GREP #0 - General [100 pts]

Vikram was climbing a chunky tree when he decided to hide a flag on one of the leaves. There are 10,000 leaves so there's no way you can find the right one in time... Can you open up a terminal window and get a grep on the flag? Hint: You'll need to add an option to the grep command: look up recursive search!

$ grep -r nactf .
./branch8/branch3/branch5/leaf8351.txt:nactf{v1kram_and_h1s_10000_l3av3s}

Flag: nactf{v1kram_and_h1s_10000_l3av3s}

Get a GREP #1 - General [125 pts]

Juliet hid a flag among 100,000 dummy ones so I don't know which one is real! But maybe the format of her flag is predictable? I know sometimes people add random characters to the end of flags... I think she put 7 random vowels at the end of hers. Can you get a GREP on this flag? Hint: Look up regular expressions (regex) and the regex option in grep!

grep -e [aeiou][aeiou][aeiou][aeiou][aeiou][aeiou][aeiou]} flag.txt

Flag: nactf{r3gul4r_3xpr3ss10ns_ar3_m0r3_th4n_r3gul4r_euaiooa}

BufferOverflow #0 - Binary [100 pts]

The close cousin of a website for "Question marked as duplicate". Can you cause a segfault and get the flag? shell.2019.nactf.com:31475 Hint: What does it mean to overflow the buffer?

Looking at the code we have a buffer overflow gets(buf); The target calls the function win() Looking again whenever a SIGSEGV error occurs the signal calls win(); signal(SIGSEGV, win); To get to that we just need a very very long input.

$ python -c "print 'A'*100" | nc shell.2019.nactf.com 31475
Type something>You typed AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
You win!
flag: nactf{0v3rfl0w_th4at_buff3r_18ghKusB}

Flag: nactf{0v3rfl0w_th4at_buff3r_18ghKusB}

Least Significant Avenger - Forensics [50 pts]

I hate to say it but I think that Hawkeye is probably the Least Significant avenger. Can you find the flag hidden in this picture? Hint: Hiding messages in pictures is called stenography. I wonder what the least significant type of stenography is.

Using this website to decode the image.

Flag: nactf{h4wk3y3_15_th3_l34st_51gn1f1c4nt_b1t}

The MetaMeme - Forensics [75 pts]

Phil sent me this meme and its a little but suspicious. The meme is super meta and it may be even more meta than you think. Wouldn't it be really cool if it also had a flag hidden somewhere in it? Well you are in luck because it certainly does! Hint: Hmm how can find some Meta info about a file type? Google is your friend :)

strings metametametameta.pdf | grep nactf

Flag: nactf{d4mn_th15_1s_s0_m3t4}

Unzip Me - Forensics [150 pts]

I stole these files off of The20thDucks' computer, but it seems he was smart enough to put a password on them. Can you unzip them for me? Hint: There are many tools that can crack zip files for you Hint 2: All the passwords are real words and all lowercase

fcrackzip -u -D -p '/usr/share/wordlists/rockyou.txt' zip1.zip
fcrackzip -u -D -p '/usr/share/wordlists/rockyou.txt' zip2.zip
fcrackzip -u -D -p '/usr/share/wordlists/rockyou.txt' zip3.zip

Flag: nactf{dictionaryrockdog}

Kellen's Broken File - Forensics [150 pts]

Kellen gave in to the temptation and started playing World of Tanks again. He turned the graphics up so high that something broke on his computer! Kellen is going to lose his HEAD if he can't open this file. Please help him fix this broken file. Hint: A hex editor might be useful

Open the file

Flag: nactf{kn0w_y0ur_f1l3_h34d3rsjeklwf}

Kellen's PDF sandwich - Forensics [150 pts]

Kellen was playing some more World of Tanks.... He played so much WOT that he worked up an appetite. Kellen ripped a PDF in half. He then treated these two halves as bread and placed a different PDF on the inside (yummy PDF meat!). That sounds like one good PDF sandwich. PDF on the outside and inside! YUM! Hint: You are going to have to find a way to remove the PDF from inside the other PDF file.

You get the first part of the file by opening it. Then when you run foremost MeltedFile.pdf it will show a pdf with the second part of the flag.

Flag: nacntf{w3_l0lcv_rd_0f_t4nk5ejwjfae}

Filesystem Image - Forensics [200 pts]

Put the path to flag.txt together to get the flag! for example, if it was located at ab/cd/ef/gh/ij/flag.txt, your flag would be nactf{abcdefghij} Hint: Check out loop devices on Linux

Extract to file fsimage.iso. Right-click Open With Disk Image Mounter. Go to the mounted folder. Run find -name 'flag.txt'

Flag: nactf{lqwkzopyhu}

Phuzzy Photo - Forensics [250 pts] [Not Solved]

Joyce's friend just sent her this photo, but it's really fuzzy. She has no idea what the message says but she thinks she can make out some black text in the middle. She gave the photo to Oligar, but even his super eyes couldn't read the text. Maybe you can write some code to find the message? Also, you might have to look at your screen from an angle to see the blurry hidden text P.S. Joyce's friend said that part of the message is hidden in every 6th pixel

from PIL import Image

im = Image.open('The_phuzzy_photo.png')
im2 = Image.new('RGB', (300, 300))
im2.putdata(list(im.getdata())[::6])
im2.save("phuzzy6.png")

From this point, I couldn't solve but see the forming of words on the left side. I tried and modified all parts of it but it seemed that was the best I could get.

Pink Panther - Web [50 pts]

Rahul loves the Pink Panther. He even made this website: http://pinkpanther.web.2019.nactf.com. I think he hid a message somewhere on the webpage, but I don't know where... can you INSPECT and find the message? https://www.youtube.com/watch?v=2HMSnfeNf8c Hint: This might be slightly more difficult on some browsers than on others. Chrome works well.

Just view the source code

Flag: nactf{1nsp3ct_b3tter_7han_c10us3au}

Scooby Doo - Web [100 pts]

Kira loves to watch Scooby Doo so much that she made a website about it! She also added a clicker game which looks impossible. Can you use your inspector skills from Pink Panther to reveal the flag?http://scoobydoo.web.2019.nactf.com

View the source code and from their change the opacity to 1 to display the flag.

<div id="flagContainer">
        <img class="letter" src="a.png" style="opacity: 0; left:860px;">
        <img class="letter" src="b.png" style="opacity: 0.2; top: 5px; left:240px;">
        ...
        <img class="letter" src="v.png" style="opacity: 0; top: 5px; left:480px;">
</div>

Flag: nactf{ult1m4T3_sh4ggY}

Dexter's Lab - Web [125 pts]

Dee Dee, Please check in on your brother's lab at http://dexterslab.web.2019.nactf.com We know his username is Dexter, but we don't know his password! Maybe you can use a SQL injection? Mom + Dad

Use a basic SQL Injection ' or 1=1# to get the flag

Flag: nactf{1nj3c7ion5_ar3_saf3_in_th3_l4b}

Sesame Street - Web [125 pts]

Surprisingly, The20thDuck loves cookies! He also has no idea how to use php. He accidentally messed up a cookie so it's only available on the countdown page... Also why use cookies in the first place?http://sesamestreet.web.2019.nactf.com Hint: The20thDuck's web development skills are not on the right PATH...

Go to http://sesamestreet.web.2019.nactf.com/countdown.php. From their edit the cookie named session-time and change the path to flag.php, and change the value to a large number like 99999999999. Finally, go to http://sesamestreet.web.2019.nactf.com/flag.php, where the flag is at

Flag: nactf{c000000000ki3s}

Previous2019NextCrypto CTF 2019

Last updated