1.Sandbox
Given an nc connection “readme.ctfcompetition.com 1337” Which gives a shell.Contains ORME.flag and README.flag.Though we’ve flag in-front of us we can’t do anything…! 😦
The Commands which we use to display in Linux are sand boxed (Commands:cat,tac,cat *,%00,grep…!)Everything failed.
Then I tried for cat –help command which returned nothing..!But When I used ls –help I got to know that they were actually using busy box to block some of the commands…!
Later I tried /bin/busybox to unblock the commands,then It returned a warning stating that it is an alien action
And then I chose to find all accessible command in /bin/ directory
None of the commands worked for me -_-
Then one of my friend suggested to look for /usr/bin commands
Tried every command finally Fold command worked for me : )
2.Satellite
We’ve given with two files “init_sat” an ELF executable file and “PDF”
Tried to running the file ,initially asks for satellite name.Actually it is OSMIUM
Then we’ll have list of choices
There I’ve a link to Google docs,redirecting to that link gives u a base64 string decoding the string gives u some unknown credentials,I don’t know what to do with those,but the password tells us to sniff the network with wireshark
I ran the file and started sniffing then I got the flag : )
3.Forensics
We’ve given an NTFS file system then I mounted the filesystem.I’ve gone through each and every folder but I could only find empty files except a file in documents containing “I keep pictures of my credentials in extended attributes” which exposes that the flag is an image.
Then I focused on Pictures folder where I could absolutely several images with no data =_=.
Then I thought of restoring the file system.I used “Test Disk” to restore the file system.I’ve found an extra file in documents folder.
Finally copied it to my system and opened.It is a PNG with flag : )
Leave a comment