Week_2
I spent a good 10 minutes trying to figure out the challenges before reaching for help. Eventually was told that the challenge location was “on the end of our slide deck is a link to katacode, thats where Olliver is doing his Challenges https://www.katacoda.com/0xollie/scenarios/0x01"
Signed up for Katacoda and nativated to the URL.
WARNING: Like all my CTF notes, this contains spoilers.
Challenge 1 - Normal files - 10pts
These are just regular files flag syntax: flag{insert_flag_here}
- Started the scenario
- Listed directory contents
ls
- Checked content of welcome file
cat welcome
- Submitted:
flag{happy_files}
Challenge 2 - Hidden files - 20pts
These files are a little bit harder to find flag syntax: flag{insert_flag_here}
- Listed all files (including hidden files)
ls -a
- Manually reviewed the contents of the .here file
cat .here
- Submitted:
flah{secret_files}
Challenge 3 - Searching for files - 30pts
You might need to find this flag flag syntax: flag{insert_flag_here}
- Tried to find any files starting with the pattern flag
find / -name flag*
- Found file /var/log/flag/log
- Manually reviewed the content of the file
cat /var/log/flag.log
- Submitted: `flag{fido_the_dog}
Challenge 4 - Tar is sticky - 30pts
Eww sticky, cats won’t help you here. flag syntax: flag{insert_flag_here}
- We already found sticky.tar.gz in /root (Challenge 1)
- Uncompressed and extracted files from the archive
tar zxvf sticky.tar.gz
- Manually reviewed the root/flag4.txt file
cat root/flag4.txt
- Submitted: falg{tar_untar_sticky}
Challenge 5 - I got a new job - 50pts
Work is pretty stressful, you should check my system logs flag syntax: flag{insert_flag_here}
- Searched in /var/log/syslog for flag
grep -i flag /var/log/syslog
- Found my_JOB_is_to_hide_flags
- Attempted submitting that as a flag but failed, the realised that JOB was capitalised
- Checked cron jobs for self using
crontab e
- Submitted:
flag{what_a_cron_job}
Challenge 6 - Hey man checkout my code - 30pts
Like any good developer I use version control flag syntax: flag{insert_flag_here}
- Unsure of how to progress and decided to checl the
- Cloned the repo https://github.com/oliverjcollins/flag
git clone https://github.com/oliverjcollins/flag
- Checked files in the repo
cd flag/; ls -l
- Manually reviewed the contents of clever.txt
- Submitted:
flag{git_lost}
Challenge 7 - Let’s get scripty - 10pts
This one isn’t hard to find but you can get a pretty looking shell flag syntax: flag{insert_flag_here}
- We found ch7.sh already (Challenge 1)
- Manually reviewed the contents of the script
cat ch7.sh
- Submitted:
flag{cool_shell}
Challenge 8 - There’s somebody else here - 100pts
There’s somebody else here, I might be chasing shadows flag syntax: flag{insert_flag_here}
- Searched for flag in shadow file
grep flag /etc/shadow
- Submitted: flag{shadows_reflect}
After spending a bunch of time typing to find flags to challenges 9 through to 11, realised that flags might not be related to the katacode environment. Found out that the slides for the week 2 session had been released, so started to manually review these, until i found the flag on the elevator and realised that the flags were in the slides
Challenge 9 - Can I Get In Please - 150pts
This ones hidden in plain sight, Amazing what you can uncover in photos! flag syntax: flag{insert_flag_here}
- Examined all the photos in the slide could not find anything
- Gave up for a while
- I had tried to help Lazarus97 with ParrotOS Sec update issue, so Lazarus97 helped me out with saying the hint was similar to “TAFE rooms are easy to get in to” and that zooming and panning is required
- Found flag in top picture on slide 20
- Submitted:
flag-{let_me_in_let_me_in}
Challenge 10 - Up And Down - 90pts
Going Up and Down is fun when someone does all the work
- Manually reviewed the week 2 slides
- Found flag on elevator screen on slide 26
- Submitted:
FLAG{Open_Doors}
Challenge 11 - Rick And Morty - 50pts
Amazing how art can captivate, this will be an exclusive one night flag enjoy :) flag-{flag_syntax_like_this} It is case insensitive for this flag
- This flag was written on the whiteboard, and thus only available to those who attended the workshop
- I had helped NinjaGoat out with a couple of challenges, so NinjaGoat helped me out with FLAG{ITS_CLOCK_MORTRY}
- Submitted:
flag-{its_time_morty}