UTCTF is a Capture the Flag competition created by The Information & Systems Security Society (ISSS) at the University of Texas at Austin.
They also run a “Forever CTF”, which can provide practice anytime you want. That can be found HERE.
Let’s get started!
You are given a webpage with a bunch of misspellings on it:
But the most glaring hint is a Mr. Wade Coldwater, who is described as a recent intern who loves social media:
If anyone is the weak link, I am guessing it’s him. I checked the usual social media accounts, and eventually found him on Twitter:
Oh, Wade…no no no sweetie…sigh.
Well, I am assuming he is posting work files on Twitter at this point. Here is a link from Google Drive:
That just opens up a picture of a gorilla:
Our task is to find the origin of this. I used Google Translate to see what the sign said, and it’s actually from Fox Village, which is a place I always wanted to go in Japan.
I also used a bunch of stego techniques on the photo, but turned up empty handed.
Then I decided to do a reverse image search on it, and found this:
Nice!
I put this in Binary Ninja and looked around a bit, eventually finding this:
This one was easy enough. You just have to check the source code.
This was another one I quickly looked through in Binary Ninja:
You can see when you open it up that it starts with PNG, so it is actually a picture, not a text file.
I used the file command to double-check:
Then just renamed it to out.png and it produced a picture:
From Binary:
From Base64:
Rot16:
If you check out the source code you can see that the username is ‘admin’, and the password is there, hashed with MD5.
I used CrackStation to easily crack it.
I noticed that after you would input a phrase it would grab a numbered file (78 here):
So I started looking through, just changing the numbers in my navigation bar, and at 2 I found this:
This was a Baconian Cipher.
What I did here was look at what the emoji was and then just used the first letter. For example, Umbrella was the first emoji, so the first letter was U.
You can use THIS if you are trying to figure out what a certain emoji is.
utflag{emojis_be_versatile}
For this challenge we see a large cookie counting down, taunting you to click and beat the high score of 1 million. You can manipulate the cookie into thinking that you won. I changed the value to 10,000,000 and got the flag.
I opened this up in Autopsy and found a file called plan.text:
After that, I found another image file called sus_image.img
I tired to export that and open it in another instance of Autopsy, but it didn’t work. I then started going through the rest of the plain text files and eventually came across this:
For this challenge, I messed around on GIMP for quite awhile, but couldn’t seem to get the proper distortion technique to straighten up the letters.
Thank you, Ginny!
Overall, I enjoyed the CTF! It had challenges that could appeal to all different experience levels. I loved the OSINT ones, as always.
