What if CTF?

CTF stands for caputre-the-flag, and those playing video games like halo might know what this means. Well the CTF I’m going to talk about is pretty close to the CTF in games.

Here the CTF I’m going to talk about is a cybersecurity or cyberhacking related competition for those interested in becoming a ethical hacker or work in cybersecurity. There are two types of CTF (different games modes):

  • Jeopardy
  • Attack-Defence

To know more about CTF here is a geeksforgeeks source.

The problem

In this post I’ll talk about a Jeopardy style CTF challenge given by my college’s CS club that me and my team faced.

It was in a form of a webpage:

The webpage with text ohno

See anything??

Well let’s list out the only obvious thing out of this….oh no

Wait a sec? Did you press oh no? Well you are one step closer in solving this problem. For the rest of you who didn’t, don’t worry its nothing harmful and I’ll explain more about it below. Either way, when you press the oh no you will start downloading a file of .rar file (Compressed Archive file). When you try to open it you will be faced with a message telling you to enter a password in order to open its contents.

A password roadblock

Hmmmm…..let’s take a step back. How about we look at the site’s source code?

Inspecting source code

And then we see this:

The source code

Ok so far so good. Now what? There are two things that are “clickable”:

  • assets/css/phoebe.css
  • /images/secret.rar

If anyone knows a bit of HTML then this would solve the other part of the problem. That downloadable file by clicking that text oh no, its name is secret.rar. So one of them makes sense that the anchor part of the HTML (that oh no) downloads that file. Which leaves us with the other asset, a CSS file. CSS file is what ‘styles’ or we can say ‘designs’ the HTML page. So lets replace phoebe.html with assets/css/phoebe.css or simply clicking on it, leading us to a CSS file syntax (shown as below):

CSS file

And then we can see the background attribute with the path of that image /images/ohno.png. All we have to do this replace the URL with the background image path to get the full view of the image. “Whats the use of it?” you may ask….well bare with me its actually a part of the solution. Here is the full view of the background:

background UwU

Any difference?……nothing?…… :(

I had to look at this picture for more than 30 minutes…yes 30 mins to find the difference and man I tell you it was a facepalm moment. Lets start from the borders…..wait a sec…..whats that on the left corner?

password finally

You see it? A string of characters. “25w500f”. I wasn’t able to see it before since the website background was cropped in a manner hiding some portions along the borders. I wonder what this would be used for? Maybe, just maybe….if this is the password we needed? Cowabunga it is….

Yup and it worked. Finally……those 30 minutes felt like a whole lifespan of a dragon. Now we get to see the content of the secret file. Huh….an audio file named secret.

another secret

Lets open it (btw its not a harmful file…don’t worry)

Hmmm….a song at the start, and then beeping sounds? Oh wait a sec…isn’t that Morse Code? I’m glad that I realized it since I had the 26 english letters morse code by-hearted during my last 2 years of schooling (totally non-productive).

.-.. --- .-..

There is more audio even after the morse code? I wonder what tha………..moving on

Ok lets focus on the morse code audio. Now I used an online website which decodes the audio format of the morse code. Here it is. And here is the morse code part only for you to try.

And therefore this flag has been found, or you can say its captured.

the sussy flag flag{flag1rnar3llyc00lperson}

Well not quite, this contest had all letters in small caps and it was in the format of

  • flag{a string of chars here}

So the flag is: flag{flag1rnar3llyc00lperson}

And to the person who made that audio file, I hate you (jk…its a nice one 👌).

Closing thoughts

It was indeed a good challenge and I felt happy when me and my team solved it one way or another.

I had a conversation with one of my friends and he mentioned that 25w500f actually means something apart from being a password. Damn….apparently its the setting for the morse code audio decoder to decode the correct message of the sample given.

25w500f means 25 words per min 500 frequency. You can see those same attributes in the settings of that morse code audio decoder I had linked above.

Well then I guess this concludes this blog post. Thank you for your time.