• Donald Ashdown

NA CTF - Forensics/Web & General


Newark Academy CTF (NACTF) is an online jeopardy-style cybersecurity competition hosted by Newark Academy's Computer Science Club. Form teams with up to 5 members and win awesome prizes! Teams compete to decrypt, hack, or reverse engineer challenges in topics like cryptography, forensics, and binary exploitation.



Survey - 1 point

Summary: Fill out the survey


Join the Discord - 10 points

Summary: Join Discord


Intro to Flags - 10 points

Summary: Confirm flag entry process


Basics - 30 points

Summary:











  • base64 decode string


Walk through


  1. Copy the base64 and decode within Linux or in an online decoder and we receive the flag. The lesson here can be a reminder of the differences between encoding, hashing and encryption.


Grep 0 - 50 points

Summary











  • Print out all strings within the binary and grep for the "CTF" string.


Walk through:

  1. Run strings and Grep for 'ctf' on the flag.zip file


Numbers - 50 points

Summary:










  • Our string of numbers is shifted by a count of 1 on the ascii table.

Walk through


  1. We receive a file with the following string - 111 98 100 117 103 124 98 116 100 50 50 96 89 67 53 83 68 83 54 126

  2. Reviewing this string on the asci table initially shows nothing but upon further observation we noticed that the characters spell nactf when shifted by -1.


3. Re-writing the characters with a shift of -1 and because we had identified this string as decimal/ascii we run it through a dec to text converter.



Hashbrowns - 50 points










  • This challenge requires that we crack the md5 hash, which is done with rainbow tables.


  1. Copying and pasting the hash into a crack station yields the password.





Inspect - 50 points














Walkthrough:


  1. Visit the website and inspect the page. The page suggests HTML and CSS so the first place I went was to the CSS where I found the flag.





Missing Image - 75 points


Walk through:

We inspect the website with the hint in mind, which suggests images. Looking through the HTML showed nothing, but when I reviewed the network tab I noticed a .png and appended the directory and found the flag.









Forms - 125 points


We are presented with a website and upon visiting we seem tons of login forms.



Inspecting the web page we see a script at the bottom which shows us the script with plain text credentials. We still need to figure out which one of the many forms the credentials need to be entered. We notice the function that holds these credentials is called verify. Searching for the string verify on the webpage we find the function verify specified in the form 673.



We login and find our flag.

Calculator - 150


We are offered a hint about a flag variable that will come in handy.

We see the website not only calculates our numbers that we input, but it actually reflects what ever you input. So after some time and payload testing I thought to enter $flag as a variable and it output the contained string within the variable.



Cookie recipe - 150 points

We simple visit the web page and check our existing cookies of which there are none. Upon inspecting the website further, we see that a cookie is referenced.


If we just add that cookie to our browser we can login with any account and gain access to the flag.



Login - 175 points


We are given a login page, and trying standard payloads from a list eventually by passes the login page.



Gummies - 50 points


This challenge is a basic steganography challenge where the flag can be retrieved with the use of zsteg.



Metamorphizes - 75 points


This was an easy challenge that I solved on first instinct which was to run exif to exfiltrate attribute data and there was the flag.





Turnips - 100 points


This was another easy one and the flag was found within strings.


Turnips 2 - 150 points


This was a classic challenge that involved repairing a corrupted PNG.


Utilizing zsteg we are able to identify that the file is corrupted and has signs on PNG headers.


I opened the file with ghex and noticed the bottom of the file displayed IEND which suggests this png file uses IHDR chunking format. We can also see the G of the PNG header, and the I and D of the IHDR header in the initial Hex view.


Simply changing this provides our desired results.



10 views0 comments