PicoCTF 2017 – Yarn #appsec #infosec #ctf

Another day, another challenge…

Today’s blog post we will solve the, “Yarn” challenge from PicoCTF.

Let’s get started.

Clicking on the challenge we see:

PicoCTF_Yarn_1

OK, we need to find a flag inside of a file, but we do not know what the file is.

Let’s look at the hints and see if that provides any clues.

PicoCTF_Yarn_2

Looking at the hints we’re provided with two questions. Possibly answering these questions will leads us to the flag.

Answer question #1 – “what does the string command use to determine if something is a string?” We decide to do a Google search to answer just that.

Doing this Google search we’re provided with the following link.

Reading the article we determine that the strings command prints the printable characters from a file.

Doing that we’re provided with the following screenshot:

PicoCTF_Yarn_3

We’ve answered question #1. Let’s answer question #2.

Question #2 – is there a way to change the length that the strings command look for?

Going back to the link we see that there is a way we can specify that there is a way to determine the length of strings we want to print.

How do we use this?

By adding the “-n <length you want to use>”

Doing this we get the following:

PicoCTF_Yarn_4

Scrolling down we see:

PicoCTF_Yarn_5

Hmm… I think we found the flag! “Submit_me_for_I_am_the_flag”

Putting this string as the flag we have acquired 55 points!

InfoSec Institute CTF Challenge #8

Another day, another challenge…

Today’s challenge will be on CTF Challenge #8 from InfoSec Institute.

Going to the following link

We see the following page.

infosec_8_intro

We’re introduced with the downloading a file.

Doing our trick of right click, view page source we see the following:

infosec_8_pagesource

We see the file that we need to download called “app.exe”

Downloading and opening the file we noticed that the application is the netstat command listing our network information.

Since our tricks does not work, we need to find a way to view the source of the application.

One option is to use the linux strings command.

The strings command allows you to find English words in file.

If you are working on a Windows machine (like I am) you can download the cygwin emulator which allows you to do simple Linux commands on a Windows machine.

To download cygwin go here.

Note: Make sure when downloading that you add the binutils package to import the strings command.

Copy the app.exe file into the cygwin directory (that you specified in your installation) so you navigate to that file.

After downloading cygwin, and using the strings command we see the following:

infosec_8_flag

We found the flag – infosec_flagis_0x1a!

Lessons learned:

Again, our normal tricks of viewing the page source did not work. We noticed that when we executed the program that it was the netstat command getting information on our network. From there we decided that we would need to see the source of the application to see if the flag was hidden in there. Turns out it was. Overall lesson, be flexible with your tool belt and think outside of the box!