Bsides Boston Capture The Flag was a free to play competition which was held on 26th September which ran for 8hrs from 9:00 AM EST — 5:00 PM EST. John Hammond hosted the CTF by making crazy challenges.

I will share my experience with this CTF competition and the challenges that I had solved

Warm Up

Open the image with image quick on right side you will see the options

And you’ll get the flag

flag {whirlpool_in_a_cinch}

This challenge was part of Warmup and it was difficult . I send like an hour to figure out what to do with it. Anyways

Now we see Magic Cookies is fishy here

But as you can see it’s gonna take forever to timeout. So I looked at the dev tools

Thought about modifying the cookie , You can see that it is base64 encoded text by looking at= on the end.

Modify the cookie by changing a date way back so timer ends.

Take the modified cookie’s base64 encoded text and replace it with the cookie in the dev tools then refresh the page

You are given a picture of harp

Run the command strings on image file and pipe it to less as to navigate while you are looking at for some strings.

strings harp.jpg | less

HDNR6GFf
6LLIJK9l
18NL1HWa
GCU85U5g
RQ9CGTH{
T47Y9SUt
2SKZJOBh
H06K09Ze
3BWV54X_
C1VY4EIh
GO0DK9Ua
ZZLVBMZr
8CK8FTGp
TNDQURH_
CEHGS41i
ONSNNRTn
DYAKGQMs
AX9CNZ7t
CS5R3KQr
U4A6BBVu
F2RULTOm
D2NLIUPe
KYKGKGVn
AN98O3Ht
G9STPVD_
ETGMLPCh
TFUFSALa
PK4CD5Ss
6EDFJ45_
CIOL1S0v
VIJP3WFe
OU3CPSBr
O0F6WTWt
NKIWW0Ri
QPFWGVNc
CJUPZL9a
CEC4YQ8l
YC23ZR6_
DTUT5VJs
113O5FVt
VY2QV4Br
C498PXFi
NO6EMR1n
ND8JBSNg
OQJOHJUs
8IOJ9LD}

You will see this block of strings now looking at the extreme right side try to read it vertically you’ll find the flag

`flag {the_harp_instrument_has_vertical_strings}

Run strings on the file

you will get this base64 decoded text

TzRaVUNVMlRNRTRIQTZMSFBGWkdTNVpTSzVZVU1ZSllIQk5ER00zREdKTkhBVTJWSkJHVkNWMllPRlVFSzMyRE9GTUVNMkNaR0Y1RU1VUlpNUlNHS1JSWE9CQ1VVU1pZSk4ySEFWVFVPVTJGQzJDV000WlUyUVNHSlpBVFNNUT0=

Then decode it

O4ZUCU2TME4HA6LHPFZGS5ZSK5YUMYJYHBNDGM3DGJNHAU2VJBGVCV2YOFUEK32DOFMEM2CZGF5EMURZMRSGKRRXOBCUUSZYJN2HAVTUOU2FC2CWM4ZU2QSGJZATSMQ=

Now this is base32 decoded text

w3ASSa8pygyriw2WqFa88Z33c2ZpSUHMQWXqhEoCqXFhY1zFR9ddeF7pEJK8KtpVtu4QhVg3MBFNA92

And this is base58 decoded text

flag{wow_you_hit_a_homerun_and_really_ran_the_bases_there}

Forensics

This is a forensics category challenge and in this we are provided with a zip file

root@kali:~/BsidesCTF/Forensics/Mercury# unzip mercury.zip

After extracting it

root@kali:~/BsidesCTF/Forensics/Mercury/mercury# cd .hg
root@kali:~/BsidesCTF/Forensics/Mercury/mercury/.hg# ls -la
total 88
drwxrwxr-x 5 root root 4096 Sep 5 04:24 .
drwxrwxr-x 3 root root 4096 Sep 5 04:24 ..
-rw-rw-r-- 1 root root 57 Sep 5 04:23 00changelog.i
drwxrwxr-x 2 root root 4096 Sep 5 04:24 cache
-rw-rw-r-- 1 root root 12301 Sep 5 04:24 dirstate
-rw-rw-r-- 1 root root 44 Sep 5 04:24 last-message.txt
-rw-rw-r-- 1 root root 59 Sep 5 04:23 requires
drwxrwxr-x 3 root root 4096 Sep 5 04:24 store
-rw-rw-r-- 1 root root 12301 Sep 5 04:24 undo.backup.dirstate
-rw-rw-r-- 1 root root 0 Sep 5 04:24 undo.bookmarks
-rw-rw-r-- 1 root root 7 Sep 5 04:24 undo.branch
-rw-rw-r-- 1 root root 11 Sep 5 04:24 undo.desc
-rw-rw-r-- 1 root root 12301 Sep 5 04:24 undo.dirstate
drwxrwxr-x 2 root root 4096 Sep 5 04:24 wcache

We find last-message.txt and on reading the file

Y2U1ZmYzMWVhY2EyNWMwMzg1OTJhNGI3YjAxNGVjNDcK

It looked like hex text so after converting it : !....

root@kali:~/BsidesCTF/Forensics/Mercury/mercury/.hg/store# ls -la
total 152
drwxrwxr-x 3 root root 4096 Sep 5 04:24 .
drwxrwxr-x 5 root root 4096 Sep 5 04:24 ..
-rw-rw-r-- 1 root root 42269 Sep 5 04:24 00changelog.i
-rw-rw-r-- 1 root root 32533 Sep 5 04:24 00manifest.i
drwxrwxr-x 2 root root 28672 Sep 5 04:24 data
-rw-rw-r-- 1 root root 10452 Sep 5 04:24 fncache
-rw-rw-r-- 1 root root 43 Sep 5 04:23 phaseroots
-rw-rw-r-- 1 root root 93 Sep 5 04:24 undo
-rw-rw-r-- 1 root root 71 Sep 5 04:24 undo.backupfiles
-rw-rw-r-- 1 root root 10400 Sep 5 04:24 undo.backup.fncache
-rw-rw-r-- 1 root root 43 Sep 5 04:24 undo.phaseroots
root@kali:~/BsidesCTF/Forensics/Mercury/mercury/.hg/store# cat phaseroots
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ File: phaseroots
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ 1 d84fea9fd7bdd1bc08362adbba38a07443ce748d
───────┴────────────────────────────────────────────────────────────────────────────

This is SHA-1 Hash on cracking it 960cb04d1905bac1b33870f7c3ff0f2c53510619

Now there is directory named data and there are bunch of files maybe binary files.

Run this command ls | xargs strings

This command will first list all files since we are piping it to xargs which can run operation on multiple files so I just ran strings to check any strings are there in file and boom

flag{version_control_for_the_solar_system}

I only managed to do 5 challenges. Overall the CTF was hard if you were a beginner. For me this was my second time participation in any CTF by far this was the most exciting and the one in which I was able to solve few challenges. It was really fun to play and learned a lot from this competition. Kudos to John Hammond.

BS CS undergraduate | CTF Player