This was a fun challenge, but puzzling at first to find the difference.
There was a pcap provided, and when loading it up in wireshark, there was hardly any traffic. Even more interesting was it was the Challenge's index page. So this was good - already had an idea of where it was going, diff against the index and follow the path of change.
So after checking the index.html file both on the local and remote, they're the same. Unfortunately that's not it.
Then I went ahead and pulled down all the resources to start running checksums against the local and remote copies.
The following is what I constructed after a few commands listed below, and some manual sorting. Some of the differences didn't matter too much such as the extra png, font and css files.
The real difference was this, the logo had the same name, but different checksums:
This became even more vivid when we display them side by side in an image editor:
The other thing I noticed was the file-size was wildly different between the two (Second is the one from the Capture):
So now that we have something to run towards, let's go capture that flag!
Loading it up in GIMP (Or any editor of your choice), we can boost the luminance values of the image. Once you reach a certain point the flag should pop out at you quite fast.
This part of the challenge was very fast, but probably the most rewarding, almost like magic where the flag appears before your eyes as you tinker with image settings.
There was a pcap provided, and when loading it up in wireshark, there was hardly any traffic. Even more interesting was it was the Challenge's index page. So this was good - already had an idea of where it was going, diff against the index and follow the path of change.
So after checking the index.html file both on the local and remote, they're the same. Unfortunately that's not it.
Then I went ahead and pulled down all the resources to start running checksums against the local and remote copies.
The following is what I constructed after a few commands listed below, and some manual sorting. Some of the differences didn't matter too much such as the extra png, font and css files.
logo.png = 4ecaa696709dc248d1d4071d2bbf9cce logo.png = de165b79df7cd7fe12b06e85bed15ffd css = e983eeea84148d0c571c11b529701ac4 style.css = 73d26f899e22eb341257dd3d53d9576d font_c3.png = 0221d77b2603febca0ed486a2ca0d0f1 scanlines.png = edca5d8b01f16f6ba3e98ada8aadc3af texture.png = f260b9a4820b8b0265654cf6ac88edf3 TopazPlus.woff = 65511cd888a5e496bafd47cd438f92c6 glyphicons-halflings-regular.woff = fa2772327f55d8198301fdb8bcfc8158 b2mod_orig.mod = d414da192602f53ae64ad96640c51f2c between2.mod = d414da192602f53ae64ad96640c51f2c bootstrap.min.css = 4290de58a6349c42f0619e74367febca bootstrap.min.js = 046ba2b5f4cff7d2eaaa1af55caa9fd8 bootstrap.min.js = 046ba2b5f4cff7d2eaaa1af55caa9fd8 cini.png = a0d29776f9993af49f8b40a9b03ff772 cini.png = a0d29776f9993af49f8b40a9b03ff772 codef_3d.js = 1b22193c83f02f9c35157ba104c11eb7 codef_3d.js = 1b22193c83f02f9c35157ba104c11eb7 codef_core.js = 3c5bf7d4912f28bfa3cd88f7aa303c08 codef_core.js = 3c5bf7d4912f28bfa3cd88f7aa303c08 codef_scrolltext.js = 0ea766951be956075162202f8e9bcb1a codef_scrolltext.js = 0ea766951be956075162202f8e9bcb1a codef_starfield.js = 3150b61d7a997725ee0a581825d31ba1 codef_starfield.js = 3150b61d7a997725ee0a581825d31ba1 countdown.js = 7fd3db6e157aaccc8ed991f2b2ce3aaa countdown.js = 7fd3db6e157aaccc8ed991f2b2ce3aaa demo.js = 146a5af7f596a4260327de11e98f7d9a demo.js = 146a5af7f596a4260327de11e98f7d9a glfx.js = 49c12481a323b23494a8ba93bf4586f2 glfx.js = 49c12481a323b23494a8ba93bf4586f2 jquery.js = 3c9137d88a00b1ae0b41ff6a70571615 jquery.js = 3c9137d88a00b1ae0b41ff6a70571615 obj.js = 78935b1ab6b9cde8033a844e158a0d3f obj.js = 78935b1ab6b9cde8033a844e158a0d3f pt.js = 8f0202ca82ae7868b86ce6b6a5e6e60b pt.js = 8f0202ca82ae7868b86ce6b6a5e6e60b reply_cv.png = 4ef9b46446074aeadbc8589075e1164f reply_cv.png = 4ef9b46446074aeadbc8589075e1164f scroller_text.js = 32247853fe63d0fb20bee3d3d529734f scroller_text.js = 32247853fe63d0fb20bee3d3d529734f
The real difference was this, the logo had the same name, but different checksums:
logo.png = 4ecaa696709dc248d1d4071d2bbf9cce logo.png = de165b79df7cd7fe12b06e85bed15ffd
This became even more vivid when we display them side by side in an image editor:
The other thing I noticed was the file-size was wildly different between the two (Second is the one from the Capture):
-rw-r----- 1 user staff 1.4K Jul 11 17:44 logo.png -rw-r--r-- 1 user staff 47K Jul 10 20:54 logo.png
So now that we have something to run towards, let's go capture that flag!
Loading it up in GIMP (Or any editor of your choice), we can boost the luminance values of the image. Once you reach a certain point the flag should pop out at you quite fast.
This part of the challenge was very fast, but probably the most rewarding, almost like magic where the flag appears before your eyes as you tinker with image settings.
