Another day, another challenge…
Today’s challenge will be on Challenge #10 from the InfoSec Institute CTF program.
Going to the following link we’re provided with the following page.
Doing a right click view page source we see the following:
There’s a listen button. If we click on that button we’re presented with a flag.nav file. Maybe the flag is in there? Let’s see.
Opening the file we noticed that the file is one second, and we can’t hear the audio.
Going back to the original page and doing a right click save link as… allows us to save the audio.
There’s a GREAT application called Audacity that can be used to change the pitch and speed of an audio file.
Going here you will be presented with the Audacity webpage.
Downloading Audacity and opening the flag.wav file we see the following:
Playing the file it’s still inaudible.
Like I wrote above, with Audacity you can change the speed of sound of the audio without changing the pitch.
Going to the toolbar and selecting effects there’s a “changing speed” option. Clicking this option we can specify different speeds. After playing with the different speeds (.75x, .50x) and making it .22x and playing the audio again we can hear the flag.
The flag is:
infosecflag_is_sound.
We found the flag!
Lessons learned:
Our trick of doing the right click view source helped a little bit. When doing this we noticed that there is a file we needed to download. After downloading the file and playing the audio it was inaudible. Going to Google we downloaded an application that aided us to in interpreting the audio. After adjusting the speed we were able to get the flag.
Do you mind if I quote a few of your posts as long as I provide credit and sources back to your weblog? My blog is in the exact same niche as yours and my users would really benefit from a lot of the information you provide here. Please let me know if this okay with you. Thanks a lot!
Yes – you can post my blog as long as credit is provided. Thanks!