LabyREnth Capture the Flag (CTF) Challenge - 2017

[crystalboy]

Quote

We’re one week away from the launch of the second LabyREnth Capture the Flag (CTF) challenge! It’s time to give all you players some more details on what you’re going to see next week.

We’ve got five tracks this year, and they’re a little different from last year. The skills we’ll be focusing on this year are the following:

• Working with binaries (PE files, ELF files, Mach-O files, etc.)
• Working with documents (MS Office Files, PDF Files, etc.)
• Working with Mobile and IOT files (iOS, Android, ARM, MIPS, etc.)
• Understanding the Threat Landscape (Yara, Networking, Intel, etc.)
• Programming

While you’re in the LabyREnth, look out for some other challenges hidden throughout the CTF. Complete them quickly and you could win one of our individual first to solve prizes (tablets, VR equipment, etc.). Or just finish challenges in the five tracks to win some of the $32,000 in cash prizes we’re giving away this year! The overview, rules, and most importantly prize structure can all be seen at http://labyrenth.com.

We’ve selected these tracks and challenges as we believe they form the cross-section of skills necessary to be a solid security researcher.

We’ll be revealing hints and more information about the challenges throughout the CTF. 

We look forward to seeing you at 4pm PST on June 9!

Official site: http://labyrenth.com/
Announcement: https://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/

[kao]

Unfortunately for that weekend I have some other plans in "real life".  So, I'll take part in it but only starting on Monday..

 

Last year it was THE best CTF challenge I tried, so I can wholeheartedly recommend it to everyone.
 

[akkaldama]

Does anyone get invalid characters in final part of mobile 1?

[xoring]

Did anyone try to run the first windows executable in windows 7 x32? Am  I the only one who gets a crash?

[evandrix]

i'm stuck on Document #3 - got the images from usb.pcap, then what?

[evandrix]

23 hours ago, evandrix said:

i'm stuck on Document #3 - got the images from usb.pcap, then what?

nvm, solved it~

[crystalboy]

Someone can give an hint on programming level 3?

I can't find any logic strategy for this. It seems completely random 

[Loki]

It's an odd one... did you figure it out?

The paths are obviously walkable, and you can turn corners, but it seems to be randomly generated and empty apart from the ascii when you hit a wall. Most 'mazes' are just L-shaped for me

There is an odd thing where you can get stuck and no matter how much you turn, it's just walls.... not sure if that is significant? The hint says that the game is a 'cheater' and that the move from 1st to 3rd person is tricky....

Edited June 12, 2017 by Loki

[crystalboy]

Absolutely not i am stucked with that, i leaved it there and working on other tracks. 

Yes when you hit a wall ascii is printed. I saw also the 'bug' when you are stucked and there are only closed walls in each direction, in that case i just reboot the python because you can do everything but you will never exit from that damned walls.

I sincerely can't find a tactic to defeat that, it seems completely without a logic... and very annoying.

 

[Downpour]

Well I don't have much time to do these challenges because of university but I've already solved binary #1 in my free time and I think this time either the challenges are way harder or I'm just out of practice.. But still they are fun to solve and I will do my best to solve atleast all binary ones if possible..

[akkaldama]

Any help on '%easymath%' ? It seems like 'Final part' ends in an exception(intentional?).

 

@xoring, I think it is tricky .

regards,

Br. akkaldama

Edited June 13, 2017 by akkaldama

[kao]

@Castor: yep, first challenges of binary track are more difficult. No more base64 or xor, it's proper reversing this year. Other tracks aren't that hard.

@akkaldama: there shouldn't be an exception.

[evandrix]

for Documents #04, do i have to bruteforce the RC4 key?

using the one provided to decrypt gives a non-ASCII-only string...

[Downpour]

@kao you mean after Binary #2? Well I will sit down later and complete it, I currently only know pieces of it but no idea on how to get the correct flag, if I just have to edit the .exe or code my own program to get the correct flag but hey that's what makes it fun

[Mr. J]

10 hours ago, evandrix said:

for Documents #04, do i have to bruteforce the RC4 key?

using the one provided to decrypt gives a non-ASCII-only string...

check your key length
@kao the document track is also way more difficult, which seems to be the case for all tracks

Edited June 13, 2017 by Mr. J

[evandrix]

14 minutes ago, Mr. J said:

check your key length

!@#$% sneaky problem author~!!

Edited June 13, 2017 by evandrix

[kao]

@evandrix: I got stuck at the same place. Solved now, but my emotions were exactly the same..

 

[Etor Madiv]

Any idea to solve Binary #2 ? Any one have any idea how to get the flag.

[kao]

@Etor Madiv: did you read the hint that was given together with the task?

Hint: Alice, follow the clockmaker into the rabbit hole -> labytime.com

.

[evandrix]

<redacted>

Edited June 17, 2017 by evandrix

[kao]

After finishing docs... 

Quote

You see @evandrix sitting in the corner of the room.

Just wanted to say hi!

 

Edited June 17, 2017 by kao

[Etor Madiv]

11 hours ago, kao said:

@Etor Madiv: did you read the hint that was given together with the task?

 

.

@kao I read the hint but i didn't get the point, it is mysterious maybe.

[kao]

@Etor Madiv:

Spoiler

labytime.exe generates flag which you need to submit to labytime.com. Unfortunately, the flag expires very fast..

[Etor Madiv]

48 minutes ago, kao said:

@Etor Madiv:

  Reveal hidden contents

labytime.exe generates flag which you need to submit to labytime.com. Unfortunately, the flag expires very fast..

@kao

Spoiler

So the algorithm that generate the PAN{hash} must be reused to send that quickly via a post request ? because I thought that the flag is something that does not begin with PAN{

 

[crystalboy]

@Etor Madiv

Spoiler

You should just be faster. You can send it or just copy and paste it on the website but you must be fast!