BsidesBOS CTF 2020
Bsides Boston Capture The Flag was a free to play competition which was held on 26th September which ran for 8hrs from 9:00 AM EST — 5:00 PM EST. John Hammond hosted the CTF by making crazy challenges.
I will share my experience with this CTF competition and the challenges that I had solved
Open the image with
image quick on right side you will see the options
And you’ll get the flag
EZ Bake Oven
This challenge was part of Warmup and it was difficult . I send like an hour to figure out what to do with it. Anyways
Now we see
Magic Cookies is fishy here
But as you can see it’s gonna take forever to timeout. So I looked at the dev tools
Thought about modifying the cookie , You can see that it is base64 encoded text by looking at
= on the end.
Modify the cookie by changing a date way back so timer ends.
Take the modified cookie’s base64 encoded text and replace it with the cookie in the dev tools then refresh the page
Play The Harp
You are given a picture of harp
Run the command
strings on image file and pipe it to
less as to navigate while you are looking at for some strings.
strings harp.jpg | less
You will see this block of strings now looking at the extreme right side try to read it vertically you’ll find the flag
Run strings on the file
you will get this base64 decoded text
Then decode it
Now this is base32 decoded text
And this is base58 decoded text
This is a forensics category challenge and in this we are provided with a zip file
root@kali:~/BsidesCTF/Forensics/Mercury# unzip mercury.zip
After extracting it
root@kali:~/BsidesCTF/Forensics/Mercury/mercury# cd .hg
root@kali:~/BsidesCTF/Forensics/Mercury/mercury/.hg# ls -la
drwxrwxr-x 5 root root 4096 Sep 5 04:24 .
drwxrwxr-x 3 root root 4096 Sep 5 04:24 ..
-rw-rw-r-- 1 root root 57 Sep 5 04:23 00changelog.i
drwxrwxr-x 2 root root 4096 Sep 5 04:24 cache
-rw-rw-r-- 1 root root 12301 Sep 5 04:24 dirstate
-rw-rw-r-- 1 root root 44 Sep 5 04:24 last-message.txt
-rw-rw-r-- 1 root root 59 Sep 5 04:23 requires
drwxrwxr-x 3 root root 4096 Sep 5 04:24 store
-rw-rw-r-- 1 root root 12301 Sep 5 04:24 undo.backup.dirstate
-rw-rw-r-- 1 root root 0 Sep 5 04:24 undo.bookmarks
-rw-rw-r-- 1 root root 7 Sep 5 04:24 undo.branch
-rw-rw-r-- 1 root root 11 Sep 5 04:24 undo.desc
-rw-rw-r-- 1 root root 12301 Sep 5 04:24 undo.dirstate
drwxrwxr-x 2 root root 4096 Sep 5 04:24 wcache
last-message.txt and on reading the file
It looked like hex text so after converting it :
root@kali:~/BsidesCTF/Forensics/Mercury/mercury/.hg/store# ls -la
drwxrwxr-x 3 root root 4096 Sep 5 04:24 .
drwxrwxr-x 5 root root 4096 Sep 5 04:24 ..
-rw-rw-r-- 1 root root 42269 Sep 5 04:24 00changelog.i
-rw-rw-r-- 1 root root 32533 Sep 5 04:24 00manifest.i
drwxrwxr-x 2 root root 28672 Sep 5 04:24 data
-rw-rw-r-- 1 root root 10452 Sep 5 04:24 fncache
-rw-rw-r-- 1 root root 43 Sep 5 04:23 phaseroots
-rw-rw-r-- 1 root root 93 Sep 5 04:24 undo
-rw-rw-r-- 1 root root 71 Sep 5 04:24 undo.backupfiles
-rw-rw-r-- 1 root root 10400 Sep 5 04:24 undo.backup.fncache
-rw-rw-r-- 1 root root 43 Sep 5 04:24 undo.phaseroots
root@kali:~/BsidesCTF/Forensics/Mercury/mercury/.hg/store# cat phaseroots
│ File: phaseroots
1 │ 1 d84fea9fd7bdd1bc08362adbba38a07443ce748d
This is SHA-1 Hash on cracking it
Now there is directory named
data and there are bunch of files maybe
Run this command
ls | xargs strings
This command will first list all files since we are piping it to xargs which can run operation on multiple files so I just ran strings to check any strings are there in file and boom
I only managed to do 5 challenges. Overall the CTF was hard if you were a beginner. For me this was my second time participation in any CTF by far this was the most exciting and the one in which I was able to solve few challenges. It was really fun to play and learned a lot from this competition. Kudos to John Hammond.