After running CompClub’s Intro to Security workshop for some eager high schoolers last year, I just had to come back to redevelop the workshop and present again.
Setting up infrastructure was much easier this year - being CSESoc’s Technical Director meant I had access to a server to host a CTF. The only other challenge that required hosting was lightweight enough for me to run on my spare VPS.
One thing that was a bit challenging was deciding which challenges I wanted to use for this CTF, as opposed to stockpiling them for the SecSoc O-Week CTF happening in a month (stay tuned!).
Between Felix, Paula and I, we managed to write up 23 challenges, much more than last year’s 14. Despite that, one team managed to solve all the challenges with an hour remaining, forcing me to release two more challenges which I was planning on saving for the aforementioned SecSoc CTF for a grand total of 25.
Huge shoutout to Felix and Paula again for their help with writing up challenges this year!
Here are all the challenges! The solutions are hidden until you click on them, so that you can try challenges without spoilers.
Use this link to help solve a substitution cipher!
Format: Enter the sentence you find, without wrapping it in COMPCLUB{}. For example, if you found out that the sentence is ‘never gonna give you up’, then that would be the flag!
@abiramen
This challenge just required classic substitution cipher cracking techniques, as well as a bit of trial and error.
i think there is no substitute for quality when it comes to choosing a good cipher
It’s a simple spell but quite unbreakable. Paula the witch has a confidential message for her coven but wishing for it to be unreadable to man, she enchants it with a special HEX.
Her message may contain plans to destroy humankind so it is important to unenchant this message. It is up to you to decrypt her message and determine what actions we need to take!
Message:
43 4f 4d 50 43 4c 55 42 7b 77 68 45 52 45 5f 64 30 5f 21 5f 62 75 59 5f 40 5f 6e 33 77 5f 62 52 30 30 6d 53 74 21 63 6b 3f 7d
@felixc90
Reverse the hexadecimal message into their ASCII representation using online tools.
COMPCLUB{whERE_d0_!_buY_@_n3w_bR00mSt!ck?}
Abiram is getting sick of listening to music in general. He’s invented a new way to create music using spreadsheets which involves two sounds. One is a simple tap while the other is a hold. As monotonous as it is, he’s found that it’s a pretty cool way to hide messages. He calls it ‘Morszart’ - a play on ‘Morse’.
He has hid a secret message in a translated of his favourite Coldplay song ‘Viva La Vida’ into Morszart but it accidentally ripped into three pieces. Can you find the secret message?
Format: Wrap your answer with COMPCLUB{}.
@felixc90
COMPCLUB{sH33t5.!s.k3wl}
Paula has always been an outside person. She loves the beaches, city, the bush but her favourite place has always been the parks. Sometimes she tells us about a park but instead of saying the actual name, she gives us three words that sound random and expects us to know where it is.
She also says there’s a website that can convert locations to a few words but we’ve never seen it.
We have recently lost her and we know she’s at a park but we don’t know which one. All we’ve found is this piece of text on her laptop:
ixxmit.lyebyd.jywgle
but this gibberish doesn’t look like the few words she normally gives us.
Can you help us find her? The flag is the park name, with spaces replaced with underscores, and wrapped in COMPCLUB{} e.g. COMPCLUB{central_park}.
@felixc90
COMPCLUB{tumbalong_park}
now’s your chance to find out about my favourite song!
i even have some top-secret extra info about the song for you to find out!
Format: Enter the info you find, without wrapping it in COMPCLUB{}. For example, if you found out that the secret is ‘thesongwasreleasedin1066’, then that would be the flag!
@abiramen
Another year, another book cipher!
We can see the numbers occur in pairs, (a, b). The a values can get pretty big, while b is always relatively small (at most, 6). This suggests that the second number could be some way of indexing a character within a word. Maybe the first number could be the index of the word we’re using?
We can also see a couple of 0s occurring in the index, for example, the a pair is (0, 0). This suggests that both words and characters are zero-indexed, just like lists and arrays in most programming languages start counting from 0.
This is what is known as a book cipher. You could either try manually calculating each of the letters, writing a script to do it, or using a website like this one to decode it. You’ll need to convert all the index pairs to match the format on that site. Make sure you select the correct options (word number, character number, none), and set the numbering start to 0. Once you do this, you should get your flag.
thelinkisdQw4w9WgXcQ
Put these ingredients through the SHA256 blender for a delicious beverage and tell me what you get 😋
Format: Type your answer in as-is. You should not wrap your answer with COMPCLUB{}.
@abiramen
There’s a few ways you could do this. If you had access to a Linux or macOS command line, you could run sha256sum smoothie.jpg, and there’s also Get-FileHash for Windows Powershell.
There are also online tools to get you the hashes of files!
e2338ea881b3732b5965283c310ddb2db1a632ac27d487dce0bf45b29bfdb034
Put these ingredients through the SHA256 blender for a delicious beverage and tell me what you get 😋
Format: Type your answer in as-is. You should not wrap your answer with COMPCLUB{}.
@abiramen
There’s a few ways you could do this. If you had access to a Linux or macOS command line, you could run sha256sum smoothie.jpg, and there’s also Get-FileHash for Windows Powershell.
There are also online tools to get you the hashes of files!
e2338ea881b3732b5965283c310ddb2db1a632ac27d487dce0bf45b29bfdb034
What file extension would we expect this file to have?
Format: Wrap your answer with COMPCLUB{}.
For example, if this was a PNG file, we might expect the file to be called file.png, and thus the answer would be COMPCLUB{png}.
@abiramen
There’s a few ways you could check what type of file this is meant to be:
file command, so in this case, file fileca fe ba be in hex. Crossreferencing it with this Wikipedia article should yield us an answer!COMPCLUB{class}
@abiramen
sicc views! what park was this taken at?
Format: Remember to wrap your answer with COMPCLUB{}, and replace any spaces with underscores.
For example, if this were at Pitt Street Reserve, the flag would be COMPCLUB{pitt_street_reserve}.
COMPCLUB{diamond_bay_reserve}
I have a geography essay due tomorrow and I’ve only written about 965 words but it needs to be 1100 words.
Luckily, my friend told me a trick that lets my essay look like it has the correct number of words (including the question). You can even check yourself by pressing Tools at the top and then Word Count.
I’ve also found this trick is a nice way to hide secrets including CTF flags…
@felixc90
The flag, and other text have been written in white. Any sort of highlighting will expose the hidden text. The last chunk of white text contains the flag.
COMPCLUB{d0nt_tUrN_@_bL!nD_3y3}
I’m hungry and Paula owns one of the best pizza places in Australia. I want to go but I forgot where it was! No worries though because I put the phone number somewhere…
Okay, I may have lost it but I remember that I was working on the slides when I wrote it down. Can you help me find the suburb of where her pizza place is located?
Format: Wrap your answer with COMPCLUB{}. For example, if the suburb is Randwick, the answer would be COMPCLUB{randwick}.
link
@felixc90
9413 11209413 1120 to get the Domino’s in BalcattaCOMPCLUB{Balcatta}
i’ve lost track of my accounting for this month i am going to go broke.
respectfully,
i am in tears.
@abiramen
We’re provided with a PNG file, but it doesn’t appear to be a regular PNG file which we’re able to open.
We could use the file command to determine that this is an Excel file, or look at the magic bytes, and note that it shares the same magic bytes as a zip, apk, docx, pptx, xlsx and many more. (All of the other file types can be treated just like zip files, and unzipped!)
However, in the context of accounting, xlsx makes the most sense, so we can change the file extension and open the file in Excel or Google Sheets.
Doing so reveals two spreadsheets. We want to go to the sheet called ‘definitely accounting’, where the flag is spread horizontally across the sheet.
COMPCLUB{d1dNt_aCcount_f0R_tHi5}
Steve’s a cheeky fella. He’s a stegosaurus who won’t shut up about it and because he’s vegetarian, he loves to eat noodles but never tells us his favourite type of noodles. Instead he has just sent us a selfie of his best fit and expects us to find his favourite noodle. He tells us this image is hidden inside a flag within the image. Find the flag!
@felixc90
The text has been camouflaged in with the white background.
There are a couple tools that can be used to find the text:
COMPCLUB{r9men.!s.the.b3st.n00dle} - surprisingly, I (@abiramen) didn’t write this flag.
Here are the slides for today’s workshop. I wonder if there’s anything handy in there.
@abiramen
The flag is on the slide about… flags!
COMPCLUB{y0ur_f1rSt_fLaG}
Felix has come up with an amazing way to organise his files and folders. He has used ascii and binary to hide messages that he doesn’t want others to see and he only needs to remember a letter to find his hidden files.
He has hidden a flag within in his folders and has been kind enough to give us his personal key that he uses to remember where it is: c. See if you can find the flag!
@felixc90
01100011 as an ASCII/UTF-8 byte.An unintended solution by @abiramen:
cd to the top folder, and run grep -r COMPCLUB - this will recursively grep through all the files in the folder to find a match.COMPCLUB{n!cE_b!N@rY_s3@RcH!n9_th3r3!!!}
Abiram, Felix and Paula have decided to host a new show called ‘CompClub does Countdown’ and you have been invited to take part in the first episode. There are two sections which you must complete:
Numbers section
Using the following numbers 25, 1, 1, 3, 4, 2 once each, get as close as you can to the number 560 with the operations of addition, subtraction, multiplication and division.
Letters section
Find the English word that uses the most number of letters in the list [L, N, T, E, I, E, R, H, A] where each letter is only used once.
Format: COMPCLUB{[WORD][NUMBER]} For example, if the correct word was ‘example’ and the closest number was 570, then the flag would be COMPCLUB{example570}.
@felixc90
Use an anagram solver to find the word heartline, and do some maths to get:
(25 * 2 + 1) * (3 * 4 - 1) = 561
COMPCLUB{heartline561}
Whenever I search something up, Wikipedia always comes up first - no matter what.
It’s the best place to plagiarise learn from but teachers always say it’s ‘not a reliable source’. Anyways, I was writing this essay on CTFs on Christmas Day, and even left a flag in my essay!
@felixc90
If you’re a future prospective beginner CTF author taking inspiration, I’m not quite sure if vandalising Wikipedia is necessarily the most ethical thing to do, although this wasn’t too bad since none of the information added was technically incorrect!
COMPCLUB{y0u_h@v3_f0uND_th3_fl@G!}
The last two challenges in this section were written up halfway through the CTF since some teams were way too quick.
We are always scared of computers gaining sentience but we never once considered that the beloved CSESoc and CompClub barbecue ‘Jebediah Dumptruck’ may have grown his own mind.
He has run rampant, creating social media accounts to advertise the rise of the barbecues. To stop him, we have to find the flag that he has hidden away in his propaganda - but beware that he has planted fake flags as well.
Note: You can do this without a FB account :)
@felixc90
COMPCLUB{go@t3d_o5!Nt_sk!LLs}
Please help! I’m stuck out here and it’s extremely cold and I am in need of a rescue.
You’ll need to find me to rescue me, which begs the question of ‘where am I?’.
Format: Wrap the name of the street which the photo was taken on with CompClub.
For example, if this were taken at High St, the flag would be COMPCLUB{high_street}.
@abiramen
There’s not much useful here in the image, besides the fact that we appear to be in a snowy country with yellow traffic lights. There’s also not much in the metadata, besides the fact that I took the photo with a Pixel 2 XL in January 2018.
However, the one handy thing that we have here in the top left is a big building with a distinctive yellow logo, with a walking hand. If you’re a boomer like myself (seeing students trying to solve this challenge has made me feel old), you might instantly recognise this as the Yellow Pages logo - if not, you might have had to do some googling.
From this point, you could check Google Images for ‘yellow pages building’, and you’d be presented with images of a building in Toronto, Canada which looks to be the same building! This is listed as the (now permanently closed) Yellow Pages Group Tower in Scarborough.
Looking for the ‘Yellow Pages Group Tower’ in Google Maps takes us to the intersection of Milner and Progress Ave. Dropping into Street View, we can correlate this with other buildings to confirm that we are indeed on Progress Ave.
COMPCLUB{progress_avenue}
Saw this cool fountain a few months ago, can you name it?
Format: Wrap the name of the fountain with COMPCLUB{}, replacing spaces with underscores. For example, if the fountain is the Lloyd Rees Fountain, the flag would be COMPCLUB{lloyd_rees_fountain}.
@abiramen
Again, I was really hoping to save this challenge for another CTF, but some of you were just too skilled!
The reason I had to distort this image so much was to prevent it from being found via reverse image search.
We can see that the GPS metadata for this file has been stripped. However, we can still see that the photo was taken on the 9th of April 2021, and there’s a comment attached to the file, reading ‘fountain i saw while getting lunch at hacker conf’.
From this, we could take a look at hacker conferences that took places around the 9th of April 2021 with some googling. A result that pops up here is the BSides Canberra 2021 conference.
We can now google for ‘canberra fountains’, giving us the Canberra Times Fountain as the first result.
COMPCLUB{canberra_times_fountain}
What’s the name of the park on the other side of the underpass?
Format: Replace any spaces with underscores and wrap with COMPCLUB{}. For example, if this were Pitt Street Reserve, the flag would be COMPCLUB{pitt_street_reserve}.
@abiramen
After hearing that all my challenges had been solved including the addition of fontaine, with an hour left, I had to pull out a very cruel challenge from my CTF bank which I was really hoping to save for O-Week CTF. Oh well, this was really fun to watch people attempt to, and struggle to (but thankfully eventually manage to) solve.
Huge congrats to the two people that did manage to work this out.
I highly recommend spending at least an hour looking at this image before giving up and reading through the solution below.
From the signage, we can determine that this is likely in Sydney, with the trees also reinforcing that this is in Australia.
The key thing to note is the digital sign above the road in the top left of the image. This, as well as the two separate carriageways suggests that this is likely one of Sydney’s motorways.
We can also see see that there appears to be a cycleway running alongside the motorway - this is pretty common in Sydney, with the M2, M4, M5 and M7 all being associated with cycleways.
The photo appears to be taken at an intersection with another path, from the positioning as well as the signage up ahead.
Now would be a good time to open up Google Maps and start scanning the aforementioned motorways. From the image, we can get a rough idea of the shapes of the paths and how it interacts with the motorway. We’re trying to look for something like this:
With a bit of time scanning, you should come across this path!
COMPCLUB{lady_penhryn_park}
I miss the good old days of Club Penguin’s Elite Penguin Force, so I made my own EPF.
You can try and become an epik penguin! There are five flags to find along the way.
@abiramen
For this challenge, we had to inspect element or view page source (Ctrl+U) on the login page, where we can spot a HTML comment containing the flag.
COMPCLUB{g00D_p3NguIns_cH3cK_p4ge_s0urCe}
@abiramen
The HTML page source also linked to a script at static/hello.js. We can spot a flag in the comments of this file too.
COMPCLUB{sCr!pTiNg_penGu1Ns!}
@abiramen
Check for any cookies which have been set, typically under the Application > Cookies tab in Developer Tools on most browsers.
COMPCLUB{p3NgU1N_L0Ve$_c0oK1ez}
@abiramen
Check the /robots.txt file for the site.
COMPCLUB{r0bot!_penGuiN!_f0rCe?!}
@abiramen
Using the md file you found in the robots.txt in previous challenge, determine that we must have a username with at least 10 characters to become an epik penguin. However, the login form doesn’t appear to allow us to enter more than 10 characters. To get around this, we can edit or remove the maxlength attribute from the <input> element on the form.
COMPCLUB{h4cKeR_pEnGu1N_#aCk3R_p3NgUin!!}
On the day, we received 1159 attempted flag submissions amongst 45 competitors in 8 teams, of which, 249 of submissions were correct.
Thanks to all the students that came along and participated in workshops and the CTF! I hope to see you all next year, when we can hopefully actually run this event in person.
Also a shoutout again to Paula and Felix, as well as all the mentors who volunteered throughout the week, as well as Nicholas who has tested my recon images in the past.
