June 27, 20178 yr 1 hour ago, kao said: @fasya: neither of those. lol, got it, that was too small to notice! Thanks @kao @tec
June 27, 20178 yr On binary #5 is each Level revealing a real part of the flag or do I have to decrypt that later one? I'm wondering because after solving the first password it shows me just garbage but not real text which could be a part of the flag. Also the second Level is about doing something with the image right? for Level 2 I would guess Steganography or something inside the actual PNG (bytes) Edited June 27, 20178 yr by Castor
June 28, 20178 yr So I made it so far, well not that far, fell flat on me face to be fair... So i'm at the following places; Spoiler Doc2 seriously wtf with some many docs having the same powershell, all same size too, well within a kb. bin2 Whats the best way to capture the value and submit it to the site, as cut n paste is too slow even after a line. mob2 not looked at yet, the first hurt way too much, i'm scared to go back. prog3 whats the strategy for this planning a few moves ahead is failing even after 400 goes threat2 I dunno if I can be arsed to write a 300 long yara nibble when binwalk says I only got zeroes and the mz header to work with.. needle, got the .wmf but what tool should i use on it, it's freaking tiny? fixed the elf header but get segfault Any help would be great.
June 28, 20178 yr Well, you haven't gotten very far, have you? Doc2 - automate things. Some powershells print different output. Bin2 - yes, that's what this challenge is all about. I made some inline patches - but I'm not saying it's the easiest way. Prog3 - no idea, stuck there too. Check Twitter for hints from people who have solved it. Threat2 - read last year solutions for Threat#6 (?), it's pretty much the same task, just bigger. Needle - it's random #5 and it's hard. Better leave it alone. And wmf is not the answer you're looking for.
June 28, 20178 yr 43 minutes ago, DivBy0 said: Doc2 seriously wtf with some many docs having the same powershell, all same size too, well within a kb. File size does matter and will be a shortcut for you. 14 minutes ago, kao said: Well, you haven't gotten very far, have you? Hide contents Doc2 - automate things. Some powershells print different output. Bin2 - yes, that's what this challenge is all about. I made some inline patches - but I'm not saying it's the easiest way. Prog3 - no idea, stuck there too. Check Twitter for hints from people who have solved it. Threat2 - read last year solutions for Threat#6 (?), it's pretty much the same task, just bigger. Needle - it's random #5 and it's hard. Better leave it alone. And wmf is not the answer you're looking for. Is there a Random track this year?! I only see Binary, Mobile, Docs, Programming and threat.
June 28, 20178 yr Randoms are random. Walk to dead ends, read hints. Look for areas that look odd. Like a big splotch of grey where you'd expect black. You'll know it's a random when you find a riddle. Really, just follow every dead end. The randoms are my favorite this year. Especially #3 (dogs). I may make a grid map of the labyrinth. not sure if that'll break the rules for "finding" the randoms
June 28, 20178 yr @Rurik: where's Random #6? Can't find it, even after visiting all dead ends, making a map and revisiting every single place.. PM or hint would be appreciated..
June 28, 20178 yr Just now, kao said: @Rurik: where's Random #6? Can't find it, even after visiting all dead ends, making a map and revisiting every single place.. PM or hint would be appreciated.. Don't think I have #6. Wasn't that the one they just released last Friday? Unfortunately they don't tell you the # until you submit it. Spoiler I have rainbow, pet, beta, cake, needle
June 28, 20178 yr This may be it, but I have no clue how to 'activate' it. Spoiler Left side of map, at the dead end of the vertical hallway to the left of "O" (of ROYGBIV). Searched through screenplay of movie for hints. Not seeing anything. This dead end is just like the last one. Until a little girl walks out of the corner of the room crying and carrying an almost extinguished candle. 'Excuse me, can you help? My best friend keeps running away every time I run closer. My candle is almost out and I fear I'll never see him again! Please help!' she wails miserably. Edited June 28, 20178 yr by Rurik
June 29, 20178 yr 1 hour ago, Rurik said: This may be it, but I have no clue how to 'activate' it. Reveal hidden contents Left side of map, at the dead end of the vertical hallway to the left of "O" (of ROYGBIV). Searched through screenplay of movie for hints. Not seeing anything. This dead end is just like the last one. Until a little girl walks out of the corner of the room crying and carrying an almost extinguished candle. 'Excuse me, can you help? My best friend keeps running away every time I run closer. My candle is almost out and I fear I'll never see him again! Please help!' she wails miserably. It is a riddle, though it doesn't seem to be.
June 29, 20178 yr 1 hour ago, tec said: It is a riddle, though it doesn't seem to be. You are correct. It wasn't worded like a riddle, but I got it. Thanks.
June 29, 20178 yr I saw that one too but didn't figure it out.. @DivBy0: official hints got posted few hours ago: https://researchcenter.paloaltonetworks.com/2017/06/unit42-video-tips-tricks-clues-escape-labyrenth-ctf/ Approximate times in video: 2:20 Docs #1 5:50 Binary #1 21:25 Threat #2 29:30 Mobile #3 36:15 Programming #3
June 29, 20178 yr For docs3, is the 2nd part in the jpegs extracted? Or is there something more in the pcap?
June 30, 20178 yr Any hint on threat 1.I am new to pcap analyze. BTW, Found some weird strings in wireshark. Regards, Br. akkaldama
July 3, 20178 yr On 6/27/2017 at 1:09 PM, kao said: @Castor: Ignore those, you'll get a proper flag in the end. I disagree with this. On Binary 5 I have a proper flag for 1, 2, 5. A broken one for 3, and a 90% proper one for 4. From your statement it'd suggest that all you'd need is the correct answer at the end, but after 5 I'm getting a corrupted value. Edited July 3, 20178 yr by Rurik
July 3, 20178 yr @Rurik: Let me clarify that.. you don't need to write down those values or crack them or anything like that. Once all 5 levels are correctly answered, you'll get a flag.
July 3, 20178 yr 7 minutes ago, kao said: @Rurik: Let me clarify that.. you don't need to write down those values or crack them or anything like that. Once all 5 levels are correctly answered, you'll get a flag. Ah, that makes sense. From the original question, I took it as the "correct hash" was showing corrupt (like mine is for #3). But if all 5 are showing hash values, then it should work, yes.
July 4, 20178 yr Hey, here is hoping for a slight nudge of docs #3. Spoiler I got the jpegs (one is a little messed up from the pcap, reversed the exe and found the key 0xXX. No idea what to do anymore. I tried using the key against the pictures, but that doesnt really seem to be doing anything. If i am giving away too much about the challenge, my apologies.
July 4, 20178 yr 17 hours ago, Rurik said: Ah, that makes sense. From the original question, I took it as the "correct hash" was showing corrupt (like mine is for #3). But if all 5 are showing hash values, then it should work, yes. I had that problem too, 1 and 5 were corrupted. Still the password was valid but the output was just byte-garbage if you can say it like that. So I've solved 1 again and saw that my calculation had wrong values at the end and fixed them. Also in the last Level one character was wrong but the password got accepted.
Create an account or sign in to comment