×

@abiramen

Projects Posts
14 January 2022 ·
schedule
19 min read
CompClub CTF 2022
Another year, another high school security workshop!
Tags:
keyboard_arrow_down

After running CompClub’s Intro to Security workshop for some eager high schoolers last year, I just had to come back to redevelop the workshop and present again.

Behind the Scenes

Setting up infrastructure was much easier this year - being CSESoc’s Technical Director meant I had access to a server to host a CTF. The only other challenge that required hosting was lightweight enough for me to run on my spare VPS.

One thing that was a bit challenging was deciding which challenges I wanted to use for this CTF, as opposed to stockpiling them for the SecSoc O-Week CTF happening in a month (stay tuned!).

Between Felix, Paula and I, we managed to write up 23 challenges, much more than last year’s 14. Despite that, one team managed to solve all the challenges with an hour remaining, forcing me to release two more challenges which I was planning on saving for the aforementioned SecSoc CTF for a grand total of 25.

Huge shoutout to Felix and Paula again for their help with writing up challenges this year!

Challenges and solutions

Here are all the challenges! The solutions are hidden until you click on them, so that you can try challenges without spoilers.

Crypto

substitute (40 points)

Use this link to help solve a substitution cipher!

link

Format: Enter the sentence you find, without wrapping it in COMPCLUB{}. For example, if you found out that the sentence is ‘never gonna give you up’, then that would be the flag!

Author

@abiramen

Walkthrough

This challenge just required classic substitution cipher cracking techniques, as well as a bit of trial and error.

Flag

i think there is no substitute for quality when it comes to choosing a good cipher

Witch’s Secret (50 points)

It’s a simple spell but quite unbreakable. Paula the witch has a confidential message for her coven but wishing for it to be unreadable to man, she enchants it with a special HEX.

Her message may contain plans to destroy humankind so it is important to unenchant this message. It is up to you to decrypt her message and determine what actions we need to take!

Message:

43 4f 4d 50 43 4c 55 42 7b 77 68 45 52 45 5f 64 30 5f 21 5f 62 75 59 5f 40 5f 6e 33 77 5f 62 52 30 30 6d 53 74 21 63 6b 3f 7d
Author

@felixc90

Walkthrough

Reverse the hexadecimal message into their ASCII representation using online tools.

Flag

COMPCLUB{whERE_d0_!_buY_@_n3w_bR00mSt!ck?}

Musical Sheets (70 points)

Abiram is getting sick of listening to music in general. He’s invented a new way to create music using spreadsheets which involves two sounds. One is a simple tap while the other is a hold. As monotonous as it is, he’s found that it’s a pretty cool way to hide messages. He calls it ‘Morszart’ - a play on ‘Morse’.

He has hid a secret message in a translated of his favourite Coldplay song ‘Viva La Vida’ into Morszart but it accidentally ripped into three pieces. Can you find the secret message?

Format: Wrap your answer with COMPCLUB{}.

link

Author

@felixc90

Walkthrough
  1. Observe that where each sheet never has cells filled in the same position. Combine all sheets in a single sheet.
  2. Translate the message using morse code.
Flag

COMPCLUB{sH33t5.!s.k3wl}

Outside Person (80 points)

Paula has always been an outside person. She loves the beaches, city, the bush but her favourite place has always been the parks. Sometimes she tells us about a park but instead of saying the actual name, she gives us three words that sound random and expects us to know where it is.

She also says there’s a website that can convert locations to a few words but we’ve never seen it.

We have recently lost her and we know she’s at a park but we don’t know which one. All we’ve found is this piece of text on her laptop:

ixxmit.lyebyd.jywgle

but this gibberish doesn’t look like the few words she normally gives us.

Can you help us find her? The flag is the park name, with spaces replaced with underscores, and wrapped in COMPCLUB{} e.g. COMPCLUB{central_park}.

Author

@felixc90

Walkthrough
  1. Use multiple caesar ciphers to reveal the words appeal.violin.laying
  2. Get location from ‘what 3 words’ (search up ‘convert location to few words’)
Flag

COMPCLUB{tumbalong_park}

fave song (90 points)

now’s your chance to find out about my favourite song!

i even have some top-secret extra info about the song for you to find out!

Format: Enter the info you find, without wrapping it in COMPCLUB{}. For example, if you found out that the secret is ‘thesongwasreleasedin1066’, then that would be the flag!

Files

Author

@abiramen

Walkthrough

Another year, another book cipher!

We can see the numbers occur in pairs, (a, b). The a values can get pretty big, while b is always relatively small (at most, 6). This suggests that the second number could be some way of indexing a character within a word. Maybe the first number could be the index of the word we’re using?

We can also see a couple of 0s occurring in the index, for example, the a pair is (0, 0). This suggests that both words and characters are zero-indexed, just like lists and arrays in most programming languages start counting from 0.

This is what is known as a book cipher. You could either try manually calculating each of the letters, writing a script to do it, or using a website like this one to decode it. You’ll need to convert all the index pairs to match the format on that site. Make sure you select the correct options (word number, character number, none), and set the numbering start to 0. Once you do this, you should get your flag.

Flag

thelinkisdQw4w9WgXcQ

Forensics

smoothie (20 points)

Put these ingredients through the SHA256 blender for a delicious beverage and tell me what you get 😋

Format: Type your answer in as-is. You should not wrap your answer with COMPCLUB{}.

Files

Author

@abiramen

Walkthrough

There’s a few ways you could do this. If you had access to a Linux or macOS command line, you could run sha256sum smoothie.jpg, and there’s also Get-FileHash for Windows Powershell.

There are also online tools to get you the hashes of files!

Flag

e2338ea881b3732b5965283c310ddb2db1a632ac27d487dce0bf45b29bfdb034

smoothie (20 points)

Put these ingredients through the SHA256 blender for a delicious beverage and tell me what you get 😋

Format: Type your answer in as-is. You should not wrap your answer with COMPCLUB{}.

Files

Author

@abiramen

Walkthrough

There’s a few ways you could do this. If you had access to a Linux or macOS command line, you could run sha256sum smoothie.jpg, and there’s also Get-FileHash for Windows Powershell.

There are also online tools to get you the hashes of files!

Flag

e2338ea881b3732b5965283c310ddb2db1a632ac27d487dce0bf45b29bfdb034

classic file extension challenge (30 points)

What file extension would we expect this file to have?

Format: Wrap your answer with COMPCLUB{}. For example, if this was a PNG file, we might expect the file to be called file.png, and thus the answer would be COMPCLUB{png}.

Files

Author

@abiramen

Walkthrough

There’s a few ways you could check what type of file this is meant to be:

Flag

COMPCLUB{class}

sicc views (30 points)

Files

Author

@abiramen

Walkthrough

sicc views! what park was this taken at?

Format: Remember to wrap your answer with COMPCLUB{}, and replace any spaces with underscores.

For example, if this were at Pitt Street Reserve, the flag would be COMPCLUB{pitt_street_reserve}.

Flag

COMPCLUB{diamond_bay_reserve}

i have no words (40 points)

I have a geography essay due tomorrow and I’ve only written about 965 words but it needs to be 1100 words.

Luckily, my friend told me a trick that lets my essay look like it has the correct number of words (including the question). You can even check yourself by pressing Tools at the top and then Word Count.

I’ve also found this trick is a nice way to hide secrets including CTF flags…

link

Author

@felixc90

Walkthrough

The flag, and other text have been written in white. Any sort of highlighting will expose the hidden text. The last chunk of white text contains the flag.

Flag

COMPCLUB{d0nt_tUrN_@_bL!nD_3y3}

Paula’s Pizzeria (50 points)

I’m hungry and Paula owns one of the best pizza places in Australia. I want to go but I forgot where it was! No worries though because I put the phone number somewhere…

Okay, I may have lost it but I remember that I was working on the slides when I wrote it down. Can you help me find the suburb of where her pizza place is located?

Format: Wrap your answer with COMPCLUB{}. For example, if the suburb is Randwick, the answer would be COMPCLUB{randwick}. link

Author

@felixc90

Walkthrough
  1. Look at the speaker notes to get the digits 9413 1120
  2. Search up 9413 1120 to get the Domino’s in Balcatta
Flag

COMPCLUB{Balcatta}

going broke (80 points)

i’ve lost track of my accounting for this month i am going to go broke.

respectfully,

i am in tears.

Files

Author

@abiramen

Walkthrough

We’re provided with a PNG file, but it doesn’t appear to be a regular PNG file which we’re able to open.

We could use the file command to determine that this is an Excel file, or look at the magic bytes, and note that it shares the same magic bytes as a zip, apk, docx, pptx, xlsx and many more. (All of the other file types can be treated just like zip files, and unzipped!)

However, in the context of accounting, xlsx makes the most sense, so we can change the file extension and open the file in Excel or Google Sheets.

Doing so reveals two spreadsheets. We want to go to the sheet called ‘definitely accounting’, where the flag is spread horizontally across the sheet.

Flag

COMPCLUB{d1dNt_aCcount_f0R_tHi5}

Steve the Dinosaur (90 points)

Steve’s a cheeky fella. He’s a stegosaurus who won’t shut up about it and because he’s vegetarian, he loves to eat noodles but never tells us his favourite type of noodles. Instead he has just sent us a selfie of his best fit and expects us to find his favourite noodle. He tells us this image is hidden inside a flag within the image. Find the flag!

Files

Author

@felixc90

Walkthrough

The text has been camouflaged in with the white background.

There are a couple tools that can be used to find the text:

Flag

COMPCLUB{r9men.!s.the.b3st.n00dle} - surprisingly, I (@abiramen) didn’t write this flag.

Misc

Slides (20 points)

Here are the slides for today’s workshop. I wonder if there’s anything handy in there.

Author

@abiramen

Walkthrough

The flag is on the slide about… flags!

Flag

COMPCLUB{y0ur_f1rSt_fLaG}

Sneaky Folders (70 points)

Felix has come up with an amazing way to organise his files and folders. He has used ascii and binary to hide messages that he doesn’t want others to see and he only needs to remember a letter to find his hidden files.

He has hidden a flag within in his folders and has been kind enough to give us his personal key that he uses to remember where it is: c. See if you can find the flag!

Files

not suspicious folder.zip

Author

@felixc90

Walkthrough
  1. The letter ‘c’ is represented as 01100011 as an ASCII/UTF-8 byte.
  2. By corresponding ‘flag-in-here’ folders to 1 and ‘flag-not-in-here’ folders to 0, we can traverse and find the flag.

An unintended solution by @abiramen:

Flag

COMPCLUB{n!cE_b!N@rY_s3@RcH!n9_th3r3!!!}

CompClub Does Countdown (75 points)

Abiram, Felix and Paula have decided to host a new show called ‘CompClub does Countdown’ and you have been invited to take part in the first episode. There are two sections which you must complete:

Numbers section

Using the following numbers 25, 1, 1, 3, 4, 2 once each, get as close as you can to the number 560 with the operations of addition, subtraction, multiplication and division.

Letters section

Find the English word that uses the most number of letters in the list [L, N, T, E, I, E, R, H, A] where each letter is only used once.

Format: COMPCLUB{[WORD][NUMBER]} For example, if the correct word was ‘example’ and the closest number was 570, then the flag would be COMPCLUB{example570}.

Author

@felixc90

Walkthrough

Use an anagram solver to find the word heartline, and do some maths to get: (25 * 2 + 1) * (3 * 4 - 1) = 561

Flag

COMPCLUB{heartline561}

Not A Reliable Source (80 points)

Whenever I search something up, Wikipedia always comes up first - no matter what. It’s the best place to plagiarise learn from but teachers always say it’s ‘not a reliable source’. Anyways, I was writing this essay on CTFs on Christmas Day, and even left a flag in my essay!

Author

@felixc90

Walkthrough
  1. Browse around pages relevant to CTFs, namely ‘Capture the flag (cybersecurity)’
  2. The flag should be in the introduction - otherwise it will be found in the edit history as most recently.
Note from @abiramen

If you’re a future prospective beginner CTF author taking inspiration, I’m not quite sure if vandalising Wikipedia is necessarily the most ethical thing to do, although this wasn’t too bad since none of the information added was technically incorrect!

Flag

COMPCLUB{y0u_h@v3_f0uND_th3_fl@G!}

Recon

The last two challenges in this section were written up halfway through the CTF since some teams were way too quick.

Unfriendly Neighbourhood Barbecue (65 points)

We are always scared of computers gaining sentience but we never once considered that the beloved CSESoc and CompClub barbecue ‘Jebediah Dumptruck’ may have grown his own mind.

He has run rampant, creating social media accounts to advertise the rise of the barbecues. To stop him, we have to find the flag that he has hidden away in his propaganda - but beware that he has planted fake flags as well.

Note: You can do this without a FB account :)

Author

@felixc90

Walkthrough
  1. Search up Jebediah Dumptruck and click the first Facebook profile (Note this does not require an account as you can still look at the necessary photos)
  2. Look through a couple photos and see that it guides user to comments
  3. One comment under the profile picture suggests looking at the tags
  4. The cover photo reveals the flag is the tag ‘next to Will Fernandez’
Flag

COMPCLUB{go@t3d_o5!Nt_sk!LLs}

cold

Please help! I’m stuck out here and it’s extremely cold and I am in need of a rescue.

You’ll need to find me to rescue me, which begs the question of ‘where am I?’.

Format: Wrap the name of the street which the photo was taken on with CompClub.

For example, if this were taken at High St, the flag would be COMPCLUB{high_street}.

Files

Author

@abiramen

Walkthrough

There’s not much useful here in the image, besides the fact that we appear to be in a snowy country with yellow traffic lights. There’s also not much in the metadata, besides the fact that I took the photo with a Pixel 2 XL in January 2018.

However, the one handy thing that we have here in the top left is a big building with a distinctive yellow logo, with a walking hand. If you’re a boomer like myself (seeing students trying to solve this challenge has made me feel old), you might instantly recognise this as the Yellow Pages logo - if not, you might have had to do some googling.

From this point, you could check Google Images for ‘yellow pages building’, and you’d be presented with images of a building in Toronto, Canada which looks to be the same building! This is listed as the (now permanently closed) Yellow Pages Group Tower in Scarborough.

Looking for the ‘Yellow Pages Group Tower’ in Google Maps takes us to the intersection of Milner and Progress Ave. Dropping into Street View, we can correlate this with other buildings to confirm that we are indeed on Progress Ave.

Flag

COMPCLUB{progress_avenue}

fontaine (90 points)

Saw this cool fountain a few months ago, can you name it?

Format: Wrap the name of the fountain with COMPCLUB{}, replacing spaces with underscores. For example, if the fountain is the Lloyd Rees Fountain, the flag would be COMPCLUB{lloyd_rees_fountain}.

Files

Author

@abiramen

Notes

Again, I was really hoping to save this challenge for another CTF, but some of you were just too skilled!

The reason I had to distort this image so much was to prevent it from being found via reverse image search.

Walkthrough

We can see that the GPS metadata for this file has been stripped. However, we can still see that the photo was taken on the 9th of April 2021, and there’s a comment attached to the file, reading ‘fountain i saw while getting lunch at hacker conf’.

From this, we could take a look at hacker conferences that took places around the 9th of April 2021 with some googling. A result that pops up here is the BSides Canberra 2021 conference.

We can now google for ‘canberra fountains’, giving us the Canberra Times Fountain as the first result.

Flag

COMPCLUB{canberra_times_fountain}

underpass (145 points)

What’s the name of the park on the other side of the underpass?

Format: Replace any spaces with underscores and wrap with COMPCLUB{}. For example, if this were Pitt Street Reserve, the flag would be COMPCLUB{pitt_street_reserve}.

Files

Author

@abiramen

Notes

After hearing that all my challenges had been solved including the addition of fontaine, with an hour left, I had to pull out a very cruel challenge from my CTF bank which I was really hoping to save for O-Week CTF. Oh well, this was really fun to watch people attempt to, and struggle to (but thankfully eventually manage to) solve.

Huge congrats to the two people that did manage to work this out.

I highly recommend spending at least an hour looking at this image before giving up and reading through the solution below.

Walkthrough

From the signage, we can determine that this is likely in Sydney, with the trees also reinforcing that this is in Australia.

The key thing to note is the digital sign above the road in the top left of the image. This, as well as the two separate carriageways suggests that this is likely one of Sydney’s motorways.

We can also see see that there appears to be a cycleway running alongside the motorway - this is pretty common in Sydney, with the M2, M4, M5 and M7 all being associated with cycleways.

(more details to come in a few minutes!)

Flag

COMPCLUB{lady_penhryn_park}

Web

epf (184 points across 5 challenges)

I miss the good old days of Club Penguin’s Elite Penguin Force, so I made my own EPF.

You can try and become an epik penguin! There are five flags to find along the way.

source code

Part 0 (24 points)

Author

@abiramen

Walkthrough

For this challenge, we had to inspect element or view page source (Ctrl+U) on the login page, where we can spot a HTML comment containing the flag.

Flag

COMPCLUB{g00D_p3NguIns_cH3cK_p4ge_s0urCe}

Part 1 (25 points)

Author

@abiramen

Walkthrough

The HTML page source also linked to a script at static/hello.js. We can spot a flag in the comments of this file too.

Flag

COMPCLUB{sCr!pTiNg_penGu1Ns!}

Part 2 (30 points)

Author

@abiramen

Walkthrough

Check for any cookies which have been set, typically under the Application > Cookies tab in Developer Tools on most browsers.

Flag

COMPCLUB{p3NgU1N_L0Ve$_c0oK1ez}

Part 3 (45 points)

Author

@abiramen

Walkthrough

Check the /robots.txt file for the site.

Flag

COMPCLUB{r0bot!_penGuiN!_f0rCe?!}

Part 4 (55 points)

Author

@abiramen

Walkthrough

Using the md file you found in the robots.txt in previous challenge, determine that we must have a username with at least 10 characters to become an epik penguin. However, the login form doesn’t appear to allow us to enter more than 10 characters. To get around this, we can edit or remove the maxlength attribute from the <input> element on the form.

Flag

COMPCLUB{h4cKeR_pEnGu1N_#aCk3R_p3NgUin!!}

Conclusion

On the day, we received 1159 attempted flag submissions amongst 45 competitors in 8 teams, of which, 249 of submissions were correct.

Thanks to all the students that came along and participated in workshops and the CTF! I hope to see you all next year, when we can hopefully actually run this event in person.

Also a shoutout again to Paula and Felix, as well as all the mentors who volunteered throughout the week, as well as Nicholas who has tested my recon images in the past.