Jump to content
Tuts 4 You

LabyREnth Capture the Flag (CTF) Challenge - 2017

crystalboy

By crystalboy
in Reverse Engineering Articles

 Share

Recommended Posts

  • Replies 92
  • Created
  • Last Reply

Top Posters In This Topic

  • kao

    22

  • evandrix

    8

  • Rurik

    7

  • Etor Madiv

    7

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

kao
kao

Unfortunately for that weekend I have some other plans in "real life".  So, I'll take part in it but only starting on Monday..   Last year it was THE best CTF challenge I tried, so I can who

crystalboy
crystalboy

Official site: http://labyrenth.com/Announcement: https://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/

kao
kao

@Castor: yep, first challenges of binary track are more difficult. No more base64 or xor, it's proper reversing this year. Other tracks aren't that hard. @akkaldama: there shouldn't be an excepti

fasya

fasya

Posted
Posted
1 hour ago, kao said:

@fasya: neither of those. :)

lol, got it, that was too small to notice!

Thanks @kao @tec

Downpour

Downpour

Posted
Posted (edited)

On binary #5 is each Level revealing a real part of the flag or do I have to decrypt that later one? I'm wondering because after solving the first password it shows me just garbage but not real text which could be a part of the flag. Also the second Level is about doing something with the image right?

 

 

for Level 2 I would guess Steganography or something inside the actual PNG (bytes)

Edited by Castor
kao

kao

Posted
Posted

@Castor: Ignore those, you'll get a proper flag in the end.

  • Like 1
DivBy0

DivBy0

Posted
Posted

So I made it so far, well not that far, fell flat on me face to be fair...

So i'm at the following places;

Spoiler

 

Doc2 seriously wtf with some many docs having the same powershell, all same size too, well within a kb.

bin2 Whats the best way to capture the value and submit it to the site, as cut n paste is too slow even after a line.

mob2 not looked at yet, the first hurt way too much, i'm scared to go back.

prog3 whats the strategy for this planning a few moves ahead is failing even after 400 goes :)

threat2 I dunno if I can be arsed to write a 300 long yara nibble when binwalk says I only got zeroes and the mz header to work with..

needle, got the .wmf but what tool should i use on it, it's freaking tiny?

fixed the elf header but get segfault

 

Any help would be great.

kao

kao

Posted
Posted

Well, you haven't gotten very far, have you? :)

Doc2 - automate things. Some powershells print different output.

Bin2 - yes, that's what this challenge is all about. I made some inline patches - but I'm not saying it's the easiest way.

Prog3 - no idea, stuck there too. Check Twitter for hints from people who have solved it.

Threat2 - read last year solutions for Threat#6 (?), it's pretty much the same task, just bigger.

Needle - it's random #5 and it's hard. Better leave it alone. And wmf is not the answer you're looking for.

fasya

fasya

Posted
Posted
43 minutes ago, DivBy0 said:

Doc2 seriously wtf with some many docs having the same powershell, all same size too, well within a kb.

File size does matter and will be a shortcut for you.

14 minutes ago, kao said:

Well, you haven't gotten very far, have you? :)

 

  Hide contents

Doc2 - automate things. Some powershells print different output.

Bin2 - yes, that's what this challenge is all about. I made some inline patches - but I'm not saying it's the easiest way.

Prog3 - no idea, stuck there too. Check Twitter for hints from people who have solved it.

Threat2 - read last year solutions for Threat#6 (?), it's pretty much the same task, just bigger.

Needle - it's random #5 and it's hard. Better leave it alone. And wmf is not the answer you're looking for.

 

Is there a Random track this year?! I only see Binary, Mobile, Docs, Programming and threat.

Rurik

Rurik

Posted
Posted

Randoms are random. Walk to dead ends, read hints. Look for areas that look odd. Like a big splotch of grey where you'd expect black. You'll know it's a random when you find a riddle. Really, just follow every dead end. 

The randoms are my favorite this year. Especially #3 (dogs). 

I may make a grid map of the labyrinth. not sure if that'll break the rules for "finding" the randoms

 

kao

kao

Posted
Posted

@Rurik: where's Random #6? Can't find it, even after visiting all dead ends, making a map and revisiting every single place.. :D PM or hint would be appreciated..

 

Rurik

Rurik

Posted
Posted
Just now, kao said:

@Rurik: where's Random #6? Can't find it, even after visiting all dead ends, making a map and revisiting every single place.. :D PM or hint would be appreciated..

 

Don't think I have #6. Wasn't that the one they just released last Friday? Unfortunately they don't tell you the # until you submit it.

 

Spoiler

I have rainbow, pet, beta, cake, needle

 

kao

kao

Posted
Posted

yep, those are the first 5.. I can't find the new one.. :(

 

Rurik

Rurik

Posted
Posted (edited)

This may be it, but I have no clue how to 'activate' it.

Spoiler

Left side of map, at the dead end of the vertical hallway to the left of "O" (of ROYGBIV).
Searched through screenplay of movie for hints. Not seeing anything.
 

This dead end is just like the last one.
 
Until a little girl walks out of the corner of the room crying and
carrying an almost extinguished candle. 'Excuse me, can you help? My
best friend keeps running away every time I run closer. My candle is
almost out and I fear I'll never see him again! Please help!' she
wails miserably.

 

Edited by Rurik
tec

tec

Posted
Posted
1 hour ago, Rurik said:

This may be it, but I have no clue how to 'activate' it.

  Reveal hidden contents

Left side of map, at the dead end of the vertical hallway to the left of "O" (of ROYGBIV).
Searched through screenplay of movie for hints. Not seeing anything.
 

This dead end is just like the last one.
 
Until a little girl walks out of the corner of the room crying and
carrying an almost extinguished candle. 'Excuse me, can you help? My
best friend keeps running away every time I run closer. My candle is
almost out and I fear I'll never see him again! Please help!' she
wails miserably.

 

It is a riddle, though it doesn't seem to be.

Rurik

Rurik

Posted
Posted
1 hour ago, tec said:

It is a riddle, though it doesn't seem to be.

You are correct. It wasn't worded like a riddle, but I got it. Thanks.

msr

msr

Posted
Posted

For docs3, is the 2nd part in the jpegs extracted? Or is there something more in the pcap?

re_sigh

re_sigh

Posted
Posted (edited)

@kao the dogs one is random challenge #3

Edited by re_sigh
akkaldama

akkaldama

Posted
Posted

Any hint on threat 1.I am new to pcap analyze.
BTW, Found some weird strings in wireshark.

 

Regards,

Br. akkaldama

Rurik

Rurik

Posted
Posted (edited)
On 6/27/2017 at 1:09 PM, kao said:

@Castor: Ignore those, you'll get a proper flag in the end.

I disagree with this. On Binary 5 I have a proper flag for 1, 2, 5. A broken one for 3, and a 90% proper one for 4.  From your statement it'd suggest that all you'd need is the correct answer at the end, but after 5 I'm getting a corrupted value.

Edited by Rurik
kao

kao

Posted
Posted

@Rurik: Let me clarify that.. you don't need to write down those values or crack them or anything like that. Once all 5 levels are correctly answered, you'll get a flag.

Rurik

Rurik

Posted
Posted
7 minutes ago, kao said:

@Rurik: Let me clarify that.. you don't need to write down those values or crack them or anything like that. Once all 5 levels are correctly answered, you'll get a flag.

Ah, that makes sense. From the original question, I took it as the "correct hash" was showing corrupt (like mine is for #3). But if all 5 are showing hash values, then it should work, yes.

ctfallday

ctfallday

Posted
Posted

Hey, here is hoping for a slight nudge of docs #3.

Spoiler

I got the jpegs (one is a little messed up from the pcap, reversed the exe and found the key 0xXX. No idea what to do anymore. I tried using the key against the pictures, but that doesnt really seem to be doing anything. If i am giving away too much about the challenge, my apologies.

 

Downpour

Downpour

Posted
Posted
17 hours ago, Rurik said:

Ah, that makes sense. From the original question, I took it as the "correct hash" was showing corrupt (like mine is for #3). But if all 5 are showing hash values, then it should work, yes.

I had that problem too, 1 and 5 were corrupted. Still the password was valid but the output was just byte-garbage if you can say it like that. So I've solved 1 again and saw that my calculation had wrong values at the end and fixed them. Also in the last Level one character was wrong but the password got accepted.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...