QR Codes

There were three posters around the room that the competition was being held in. Each poster had a QR code on it with some parts missing (We were later sent the original files, which will be used in the writeup as they are better quality). QR Code 1: QR Code 2: QR Code 3: Luckily, upon scanning...

Kittykoinz

"The inventor of kittykoinz had the great idea to implement a transaction fee, so she can get more moneyz. She stressed the developers to get this feature ASAP. Never stress the devs..." We are provided with a web version of this program to netcat to, and...

Matroyshka

Matryoshka a.k.a. Russian nesting dolls are a set of wooden dolls of decreasing size which are designed to fit inside each other. The name of this challenge suggested that there would be multiple layers of challenges to solve This challenge provided us with a file containing a large base64...

Smart Steganography

A more challenging steganography challenge using least-significant-bit encoding. We are given a large PNG of some smarties (cropped): Usual steganographic methods don't seem to return anything significant, but the large filesize of the image indicates that maybe there is something encoded in the...

Stadiums

"Jamie, a big football fan, created his very first web site. Since it is so handy to have a publicly accessible web site, Jamie also stores a secret file on it, which he often needs to access from remote. Can you find this file?" Accessing the site at the URL given shows us this page: A...

Aegypius Monachus

This challenge gives us the ciphertext: prnea{43clscfif3u}tlr. After trying several ciphers I found that it was a rail fence cipher with 4 rails. To decode we write out how the string would be encoded To encrypt the string, the characters of the string would be written down in the...

Hotel

We're given a URL and a pcap file, being told that we have captured some traffic from "Jake". First thing we need to do is open the pcap in Wireshark. If we've captured traffic, hopefully it will include the username and password. Once in Wireshark we filter by http We're looking for...

Fish 'n' Chips

The message given on the challenge page: Very simple substitution, replacing 🍟 with - and 🐟 with . gives us morse code: pactf{- .... . ..-. .. ... .... -- ..- ... - -... . .... .- -.. -.. --- -.-. -.-} Decoded to ASCII:...

Snapshots

We are given a dump from a thumbdrive and need to find a flag hidden in one of the images. We can use foremost or photorec to recover the images, I will use foremost. Looking in the files that it found, we see the flag in one of the images. Flag:...

Welcome to Manchester

We are given a stream of binary data that we must somehow decode. We eventually worked out that it used Manchester Coding. We can use an online decoder (such as [https://eleif.net/manchester.html]) to decode it, we are then left with: We can then decode this from binary in...

Rolling Printer

We are given an image of a QR code and are tasked to find out when the file was printed. We are told that the flag is in the format pactf{yyyyMMddHHmm}. We first look in the metadata to find out when the image was created None of the dates or times are the correct flag (we are later...

Trailer

This is a simple steganography challenge, this was easily solved by running the standard stego tools. We are given a PNG image of a tractor. Nothing visually stands out in the image so we can run strings on it. We can then use grep to search for the flag as we know that the flag format is...

Sharp Look

In the CTF we were given two images. As the description said ''Look sharp and compare the two images!''. So basically by having image 1 - http://prntscr.com/nan35psqt and image 2 - http://prntscr.com/nan35p, I decided to go with the terminal in Linux to find the hidden flag but I didn't use the...

Flag Calculator

First we decompiled the program using dnSpy, yielding: I made a guess that not much was being done, and that the program was only slow due to c# being slow. And rewrote it into C. The result is: pactf{dot4019346342N3T}

Secret Service Online

We were provided with an assembly file that seems to be the result of having GCC dump the assembly of a C program. First I assembled the assembly into an executable program using gcc sso.s -o sso Then the assembled program was inspected with radare2 to find the address of the final...

Kangaroo Jack

Kangaroo jack is a simple buffer overflow, we start by opening up the program in radare2 Here we can see that there is a function named flag, I take a guess that we need to jump to this function and then the flag will be printed. I take a look into main to see how large the buffer...