Add challenge 1 of google ctf beginners quest

alternate-navbar
Maik de Kruif 3 years ago
parent b1fb5072db
commit f006f7aad8
Signed by: maik
GPG Key ID: 44A55AD1F0673FA6
  1. 99
      content/posts/google-ctf/2021/beginners-quest/1.md
  2. BIN
      static/img/google-ctf/2021/beginners-quest/1/cctv.png

@ -0,0 +1,99 @@
+++
author = "Maik de Kruif"
title = "Beginners Quest 1 - Google CTF"
date = 2021-09-22T14:26:25+01:00
description = "A writeup for challenge 1 of the beginners quests of the Google CTF."
tags = [
"Google CTF",
"Beginners Quest",
"ctf",
"hacking",
"writeup",
"web",
]
categories = [
"ctf",
"writeups",
"hacking",
]
+++
## Story line
You have now investigated the chemical plant. Nothing seemed to be out of the ordinary, even though the workers acted somewhat passive, but that’s not a good enough to track. It seems like you have a new voice mail from the boss: "Hello there, AGENT! It seems like the corporation that owns the plant was informed by an anonymous source that you would arrive, and therefore they were prepared for your visit, but your colleague AGENT X has a lead in Moscow, we’ve already booked you a flight. FIRST CLASS of course. In fact if you look out of the window, you should be able to see a black car arriving now, and it will carry you to the airport. Good luck!"
### Link
<https://cctv-web.2021.ctfcompetition.com/>
## Recon
Upon opening the given link, we see a website with a password form.
When opening the source, we find the following javascript:
```js
const checkPassword = () => {
const v = document.getElementById("password").value;
const p = Array.from(v).map((a) => 0xcafe + a.charCodeAt(0));
if (
p[0] === 52037 &&
p[6] === 52081 &&
p[5] === 52063 &&
p[1] === 52077 &&
p[9] === 52077 &&
p[10] === 52080 &&
p[4] === 52046 &&
p[3] === 52066 &&
p[8] === 52085 &&
p[7] === 52081 &&
p[2] === 52077 &&
p[11] === 52066
) {
window.location.replace(v + ".html");
} else {
alert("Wrong password!");
}
};
```
## Solving
Let's start by analysing this script. It starts of by getting the input value, and splitting it in a list. It then uses the `map()` function to add `0xCafe` to every character. So "a" would become `97 + 51966 = 52063` (`97` is the ASCII value of `"a"`, and `51966` is decimal for `0xCafe`).
To find the password, we only have to reverse the values given in the javascript code. To do this, I wrote a little python script:
```py
code = {
0: 52037,
6: 52081,
5: 52063,
1: 52077,
9: 52077,
10: 52080,
4: 52046,
3: 52066,
8: 52085,
7: 52081,
2: 52077,
11: 52066,
}
password = ""
for i in range(max(code.keys()) + 1):
password += chr(code[i] - 0xCafe)
print(password)
```
This prints the following result: `GoodPassword`.
## Solution
If we enter the password (`GoodPassword`), we get redirected to this page:
{{< figure src="/img/google-ctf/2021/beginners-quest/1/cctv.png" title="CCTV" >}}
Here we can find the flag in the bottom left.

Binary file not shown.

After

Width:  |  Height:  |  Size: 348 KiB

Loading…
Cancel
Save