Capture The Flag Mini-Challenge

As part of a cybersecurity course, my team and I created a challenge for a jeopardy style Capture The Flag (CTF).

Challenge

The challenge can be found here

Due to the learning objectives of the course, the challenge is designed to be doable for people who are new to CTFs. The challenge includes basic CTF skills including (but not limited to) cryptography and stenography.

CTF Walkthrough

  1. Query the terminal server using remi to read the initial story
  2. Query the terminal server with inventory find meatballs and download the image "meatballs.jpg"
  3. Run strings meatballs.jpg in your terminal to obtain a ciphertext "pASARFeDXPsj4V5u7qTOYoHzljCS+lc8YmSG/IiYJq74qKT3fcQAvuT24WJlMoMIinB9eKYGbR4FXRsAZ+kdbrytAmSDxFv33YARollK0IvXBVgVLsE9dmGghi71J9FP". Store this away for now.
  4. Query the terminal server with inventory find spaghetti and download the image "spaghetti.jpg"
  5. Use steghide -extract -sf spaghetti.jpg in your terminal with the password "spaghetti" to extract a file "recipe.txt"
  6. Enter the contents of "recipe.txt" through an online Chef Esolang decoder to obtain the ciphertext "PurrflTneyvpXabg"
  7. Rot13 the ciphertext to obtain the key "CheesyGarlicKnot
  8. You can query the terminal server with inventory find CheesyGarlicKnot to obtain more clues
  9. AES-ECB decrypt the ciphertext obtained from "meatballs.jpg" with "CheesyGarlicKnot" as the key to obtain the ciphertext "6b6261721244591492597245de07dbef1626b472244f340614f9083c6e683a7c046c0f0a46360f5b"
  10. Query the terminal with remi 6b6261721244591492597245de07dbef1626b472244f340614f9083c6e683a7c046c0f0a46360f5b to get a python file "door.py"
  11. Decipher the plaintext by reverse-engineering “door.py” and un-map the ciphertext to get "4354467b346c6c5f6a3030725f663030647a5f3472335f62336c306e675f325f6d335f6e3077217d"
  12. Hex decode the ciphertext to get the flag “ctf{4ll_j00r_f00dz_4r3_b3l0ng_2_m3_n0w!}”