Challenge 4 Write-Up – SMP CTF 2010 Hacker Olympics…

July 15, 2010 at 12:15 pm (Capture The Flag, SMP CTF)

Hey,

This challenge was beaten by team member HaP. Here is how he did it. The challenge was:

Retrieve the secret key and decipher it..

Website: http://66.225.157.70:8009/level1

So when you clicked on the link, an authentication box popped up. This was a GET HTML form, which basically said Authenticate with a user name and password box. Enter in some random characters such as “aa” and it brings you to a page that said: “Welcome aa”. If you entered “administrator” it redirected you to a page that said: “Denied”. After playing around with the form a bit, we changed GET to POST and re-submitted with “administrator” as the username and it took you to a page with a lot of encoded characters.. straight away you could tell this was base64:

/9j/4AAQSkZJRgABAQEASABIAAD//gATQ3JlYXRlZCB3aXRoIEdJTVD/2wBDAAUDBAQEAwUEBAQF
BQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBD
AQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e
Hh4eHh4eHh7/wAARCAGQAoADASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAYHBAUIAwH/
xAA1EAEAAQMDAwQBAwIFAwUAAAAAAQIDBAUGEQcSIRMUFTEiCBZBIzIXJDNRYRhCgSVDUnFy/8QA
FAEBAAAAAAAAAAAAAAAAAAAAAP/EABQRAQAAAAAAAAAAAAAAAAAAAAD/2gAMAwEAAhEDEQA/AOyw
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYur6lp2kafd1HVtQxNPwrMc3cjKvU2rdEc8c1VVTER/wCQ
ZQj+2977L3LnV4O3N37f1nLt2pvV2MDUrORcpoiYia5poqmYp5qpjn65mP8AdIAAABhZeraVh6pg
6Xl6nhY+fqHqeyxbt+mm7k+nT3XPTomea+2mYmeIniPMs0AAAAAAAAAAAGFl6tpWHqmDpeXqeFj5
+oep7LFu36abuT6dPdc9OiZ5r7aZiZ4ieI8yDNAAHjn5eLgYORnZ2TZxcTGtVXr9+9cii3aopjmq
uqqfFNMREzMz4iIMDLxc/Bx87BybOViZNqm9Yv2bkV27tFUc0101R4qpmJiYmPExIPYAAAAAAYXy
2lfOfBfJ4Xy3tvd+x9en3Hod3Z6vp893Z3fj3ccc+OeWaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAA88qxYysa7i5Nm3fsXqJt3bdymKqa6ZjiaZifExMeOHoA5k1GvevSjUb3RbZ9uvIs
bsu3Ktl59y540qifyzLdfM8zFmmZuUcczPdH3PhkdPc3f2mWtV2L0Q25terQtpZden6hqm4b16Lu
p6hTETfmmLX1V3T91cx9eYjiItPfGytV1zrF063jiZGFRgbY+T97bu11Rdue5x6bVv04imYniqJ5
5mnx9c/SJZnT3qttLd+49S6Vbg2rGk7kzqtRy8HXrF6ZxcquIi5ctVWv7u7iJ4q8eIjjxzIYlHXL
WM3Z+0NSx9DxNP1bN35j7R1/Byu67GLXM1xe9Oqmqn8vFExM8xHMxMT9px+9dV/6i/8ADn2+F8T+
0fm/W7Kvcev7z0e3u7u3s7fPHbzz/PHhBc7oRrNnpJiaNpe5se7vLG3NRuyrVMqzMWL+pRVMzNVN
PMxRxPHiJ+onjzxG36e9P+ouN1vudSd86zt7NryNsTpNePplF2inHu+5puRTbpriZqt9tMzNVVXd
3VzHbxEAwf079QurPU3SNB3RqWh7T03bN6ci3n3aa78ZOTVRVcpoqxqOaqaKIqiimr1Kpme2uY48
I9+tTG3vn5GxtL0+ztbI25n7m07GosahF+bl7UKqr3bRfin8ZxJp7e6I/PnnhaX6d9lar076O6Fs
7W8jCyM/T/cercw66qrVXqZF27HbNVNM/wBtcc8xHnn/AOzrRsrVd6fsr4vIwrPwO7sDW8r3NdVP
fYsd/fTR20zzXPdHETxH3zMAqzpLt7K21+qnHwdT0PaWjapX07uXs6xtnEnHwKq51SYprppqiKpq
9Om3EzV55if4iGVpHXHd2B1E2/o27K+nORga7qNGnRiaBrU5Woabeucxb9enniqO7imZppiImfv6
iZru/pnq+v8AV7WN00anjYWmajsO/tmmu3VVOVZyLmRVc9WKe3t7Ypn77ueY+v5VVtv9Om98K5sm
cqjptiftjX8HMqyNL0+5azM7Gs1TVXVevzRNVV2eKeKI4omZmZnmKQWRu7f/AFF1LqtqexOmGh7d
yatAxbGRrOZrd67Rbiq9T327NuLXmKpojnumJj75iOPO1/T1v/X+oWibnzdxaTiaVlaTuXL0mjFs
czNu3aptzFNyqapiq5E11RNVPFM8eIhAeq13L2H1r1Tcu1eo+xdvZ+vaXjV6xpu6a66Ka6LXfatZ
FmaOJrqiKK6ezn+J557o4236K7GXPTnces5GVezbOt7sz9Qxc29Z9KrMtVenR600/wDb3VW6p4/g
Eo6ia/8AHddulmhfCaLl/L/L/wCeysXvy8L0sWmv/L3Of6ffz21+J7qYiPCuOlvXPfu+d72sK1jb
BwcOrUpxr2hZWdfs63Zsxc7a6+Kv6ddVNMTXNMRzPEx4WnvjZWq651i6dbxxMjCowNsfJ+9t3a6o
u3Pc49Nq36cRTMTxVE88zT4+ufpX+V0p6pbn39tbVN76xsa5hbc1SzqNGpaXp121qebNqeabdzn8
aaKvHMUzx/xPEAufSNR13J3Prmn6htz2Gk4ft/jdS97Rc+R76Jm7/SiO616dXFP5c93PMeEQ/UX1
C1Ppp0+o1/SdMxs3JvZ9nC9TLmuMbEi53f1r3Z+XZHbEeOPNUJfpH7q/c+ufLfC/Af5f4X2vq+7/
ALJ9f3Hd+H9/HZ2f9vPPlgdS8Leedt+3RsXP0TF1OjIiu5b1fGqvYuTZ7KoqtV9n5U8zNNXdHn8e
PqZBXuz+pm9M3pJvTd+p3tiarc0XSr2bp2Zt7Lu38W9dos3bk2r1uuYuUTTNFvmOY5ivxxwjFHWn
q1pujbK3XrmyNvX9B3ZGPhYWLhZVynNqzb9marMzNczRRauVxMxH5TTTPmeY4nc7K6N7p07ZvVGn
WMzbVnX984FeNTi6RYrsabh1Rj3bVExzT3flNzmqe2Z8c+Zludf6X6/n9Ouku3LOZplOXszV9Gzd
RrruVxbu0YdmaLsWpijmqqZn8e6KYmPuYB7dMt+b7v8AVXU+nPUbSdAxdUt6TRrODf0W7dqs1403
fSmmr1PPdFUxHPER4nx9SimmdTOt26Mve1GzdrbRyMfa+4s7TvUzbl+irMtWaoii1bppqn+txzNV
VU00fnTERHlYn7K1X/qL/wARvcYXxP7R+E9Hvq9x6/vPW7u3t7ezt8c93PP8ceVK9LtI6s5uX1Wr
6c7i27g4+Xv3V8XKt6tYuzVjVRVRPr2KrfP5zFfE01xMfhT/AMg2Nzdt3r/uvZe1sfUNS0HbOftq
7uHV8fDyJt3cqqnJnG9t6keeym5RVM8cd0fxE8cWBov6d+l2iZdd3R9M1PBs5GNfxM3Ft6vkzZzb
N6zXarou01VzzHFczE0zExVETE+Glq6EZu39s7Nr6f7np0ndW1MS5i2s3Jx+/Hz7d2qbl63eo+4o
m5VVVHHM08z9zxMSfZGF10ubmw8nfOtbGsaNj983sXQ8XIqu5XNFUUxVXe/siKppq/H77ePqQUz1
E6CdJ9J67dLNs6ftT0dJ175f5LH+QyqvX9DFprtflNyaqe2qZn8Zjn+eYYX6gOnHTXY+8+lu28PY
OtavtrKydayszRNIuZGVl5V2cbGpiqjm7Ff4zbt1TEVxEU0TP+/N/wC+NlarrnWLp1vHEyMKjA2x
8n723drqi7c9zj02rfpxFMxPFUTzzNPj65+jfGytV1zrF063jiZGFRgbY+T97bu11Rdue5x6bVv0
4imYniqJ55mnx9c/QNN+mvbmxNJ0PVtU2V073Nsf3mTRj5eLr9u/byL/AKVPdRcpou3bn4f1q4iY
mOZiqJ+oZvUTX/juu3SzQvhNFy/l/l/89lYvfl4XpYtNf+Xuc/0+/ntr8T3UxEeFmK/3xsrVdc6x
dOt44mRhUYG2Pk/e27tdUXbnucem1b9OIpmJ4qieeZp8fXP0CrOlvXPfu+d72sK1jbBwcOrUpxr2
hZWdfs63Zsxc7a6+Kv6ddVNMTXNMRzPEx4dDa98r8Hn/AAXsvlvbXPY+97vb+v2z6fqdn5dndx3d
vnjnjyozK6U9Utz7+2tqm99Y2NcwtuapZ1GjUtL067a1PNm1PNNu5z+NNFXjmKZ4/wCJ4h0ADkDo
V+/v+jbcHyH7Z/ZX7R1z470PX+S9fvv8+rz/AEuzn1uO3z/Z/wApR006idRdq7Y6S29d25oNrZWv
WdN0LDuWsi5VqFF2vHpptXbn/txRXNE1RTETMU/cxLd7G6WdTtudMNy9Kr+qbRy9q3tE1LD0TJpj
IozYv5NVc0ev4miLcerc57Ymr+3jlvdf6X6/n9Ouku3LOZplOXszV9GzdRrruVxbu0YdmaLsWpij
mqqZn8e6KYmPuYBFt49ddfyN8a7t/ZmpdNdGxdByqsLJyd36zOPcy79H+pTZtUVRVFNM/j3VeJmJ
/wCYiyuhHUW31M2PXrdWLj4ubh5t3T8+1jZFN+xF+1xzNq5T4roqpqpqiY/ir7n7mt949Ctcxt76
3uLZemdNdbsa5l1ZuTh7w0X3FWPfr/1JtXqKZr7ap/LsnxEzPH3Kzeiu09X2ftbJwdatbXsZeTnV
5U2Nu6XThYlmJot09sUxETXV+EzNdXmeYj6pgEZ3n1A6g6l1N1Hp/wBLND0DIzNFxrN/WNR129dp
xrFV6O61apptfnNU0+efr78eOZbz6j7825oG0tDq2tpWR1F3NlX8bHwbeXVODbizMzXfmv8Aumj0
+yvt8THdMc80+fm9On/UHTepuodQOlmt7fx8vWsazj6xp2u2rtWNfqsx22rtNVr84qime3jxH358
8R93n0535uLQNpa7VunScfqLtnKv5OPm0YlUYNyL0zFdiaP7oo9Pso7vNU9szxzV4DA03qrvbZ+7
f251j0bQcaMrS8vUtP1LQLl2qxdpxbc3b9qaLv5RVFETVz4j6j+eY0n+KnXD9j/4pfsfan7M9v7/
AOO95e+U9lx3er3/AOl/Z+f1zx/Dd6d0q3tvDdv7j6x6zoOTGLpeXpun6boFu7TYtU5VubV+7Nd3
8pqmiZp48x9T/HE6T/Cvrh+x/wDC398bT/Znt/YfI+zvfKey47fS7P8AS/s/D754/kHvTurSJ/VD
G9vVrjR56RfK+p2/l7f3vq88f79v8IxX+o/eVei1bys3OlNGh00TkRoFzccfN1WY88cRV2Rc7fPZ
293Pjjnws2npBTHU6M+a8Wdox09/Z/tfVq9zMetzz/b29vpeOe7nn+OPKvcLoJvnQcajQtI0borr
WmWY9Ozqet7ZmdR7P4muKKZouVxH/dVPM8cz9gyt5fqC3HXv+zoO1Ktk6Jpt3TMPUMbM3bkX7Eah
RkWqbtPo1W/xp4irtmap47ony8eteR1Ny+unRXK0TF2piaxe0zUbmLj6hdvXbNrMnFicui7Xa/ut
xbmiLdVHmaoqmrxw3vUXpj1Z17bMbMw9T6dZm3bum2MLvztHrs5GBNNii3cqxqLcTbp5qpqrpjiO
zuimPFMS2++Olu7beL011DYes6PVruw8W5h2J1u3c9vl27mNRYrqr9PmqKuKOeI/+U+fALZ0L5X4
PA+d9l8t7a3772Xd7f1+2PU9Pv8Ay7O7nt7vPHHPlzt0m6e6J1223c6m9Tr2pa3OrZmT8dpfv7tj
F07Ht3q7dFFNFuqme78JmZmfPjxzzM9E6F8r8HgfO+y+W9tb997Lu9v6/bHqen3/AJdndz293njj
nypzH6c9VdganqVrpLuLa9zbuoZdzMp0jcVi924Ny5PNcWbln8pomfMUzxEf8zzMht736d+lmZoe
LousaRqOr4GDk3sjAtZmrZNXs/VptU127dVNcT2T6NE8VTPEzVMfcqm6BdBOk+6P8QPndqe7+I3v
qWl4P/qGVR6WLa9P07f4XI7uO6fyq5qnnzMujOnGJvbE0O9+/dX0rUtWvZNVyn4zGqs2Me120xFq
nu/KriYqq7qvP5cfw0vRfZWq7L/evymRhXvnt3Z+t4vtq6quyxf7OymvupjiuO2eYjmPriZBy1o+
j9NdQ3x1Ivbx6M9QN759O99Upt5+gYeRdx7dr1YmLVU279Ed8VTVVMcc8V0+fqI7Y0LS8DQ9DwNE
0ux7fA0/Gt4uLa76qvTtW6Ypop5qmZnimIjmZmf90M6L7K1XZf71+UyMK989u7P1vF9tXVV2WL/Z
2U191McVx2zzEcx9cTKwAcw5H6h9z67dz9W2hqHSrTtDxb9y3j4m49wRY1LOpomY76aIrim13cfj
Ff8AxPmPKabS60Zmv7i6eZtOn4mPtTe2n5FFmuqmqcjF1KxVPdaqud3bNExTVTT+MTMxzz/CIVfp
+3NtnLysLZui9JNd0W9kXL2PO69Bm7m4lNdU1enF23TM3Yp58TX544j6hOtd6V63m9EdK2xjZe3s
XdWi59Gq6Zk4WDGFgY+VRkVXaYptW4nto7a6qJmI5nmap8zIPPcvWW5oev8AULPu4eNe2nsrBsW7
9yimr3GVqV2qOLNFfd2xRTFVFNX4zMVVc88eEBj9RO6tF9lr+5s3pTm6Dfv2qMnTtC3BF/VcO3cq
iO+ae6aLs0c81RRH8T9RzMWDtroxRc6Dat0/3dn28jVNwXr+drOoYkzVFeZcuxci7T3REz2zTb+4
jns/jlBLPQ7qHTap0mrQ+hPtKYi38v8AtKKs6Y+u+bU0+j3fzx9cglWp9QurOr9Yd79P9i6HtO5R
oEYFy1qGrV36LVqm9jxcqpuxbmaq66qp/DtimIiirnmeGb0morp/U11trmmYpq+B7Z/34wq0k2Ps
rVdD6xdRd45eRhV4G5/jPZW7VdU3bftseq1c9SJpiI5qmOOJq8ffH03m39N1jF3xufUc3T9t2NNz
faewyMGzXTn5HZamm57yqY7au2riLfbzxTzyCSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
0+4tq7X3HVZq3DtvR9Yqsf6U5+Dbvzb/APz30zx/4bTGsWcbHt4+NZt2bNqmKLdu3TFNNFMeIiIj
xER/s9AAAAAAABhaVpOlaT7v4vTMLA95k15eV7axTb9e/Xx33a+2I7q6uI5qnmZ4jmWaAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//Z

If you took these encoded characters and placed them in a file, you can run it through base64 like so:

[zoidberg@/dev/null:~ ] $ cat secretkey.b64 | base64 -d > picture

[zoidberg@/dev/null:~ ] $ file picture
picture: JPEG image data, JFIF standard 1.01, comment: "Created with GIMP\377"

Oooh, what do we have here? A jpeg image, lets open this up in an image viewer. When I opened it up in GIMP, I got the following text:

Your flag is: smpCTF is the coolest CTF ever!

The jpeg image can be found here. Now we have the flag, we found the Challenge key in the source of the challenge page:

!---Challenge Key: de270765 ---

Yay, that was a nice fun level and an interesting way to hide an image 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: