Category: Reverse Engineering Points: 100 Solves: Description:

ZorroPub

zorro_bin

First off, lets see what type of file this is:

 

$ file zorro_bin
zorro_bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=5bd9436f341615c804471bb5aec37e426508a7af, stripped

Category: Stegano Points: 300 Solves 8 Description:

Description: A key is Hidden within this file, Find it and get the f**kin' flag

Attachment: 61b94d373df24a669390bf5cc31090ac

 

This particular steganography challenge covers a bunch of different techniques, which is why it was called Ultimate Steg. In solving this, I utilized my StegoDone tool extensively. Let's start by taking a look at the initial file we are given. Since it has no extension, lets use file to discover what it is:

FTP (300 points)

We found an ftp service, I'm sure there's some way to log on to it.

nc 54.175.183.202 12012
ftp_0319deb1c1c033af28613c57da686aa7

We're given a binary. Let's see what it is:

 

$ file ftp_0319deb1c1c033af28613c57da686aa7
ftp: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=43afbcd9f4e163f002970b9e69309ce0f1902324, stripped

I was sniffing some web traffic for a while, I think i finally got something interesting. Help me find flag through all these packets.
net_756d631588cb0a400cc16d1848a5f0fb.pcap

This was a 100 point challenge. Overall it was pretty fun. First thing to do with the pcap is strings it and look for an easy win. While we didn't get an easy win here, we did get a nice reference point:

 

$ strings net_756d631588cb0a400cc16d1848a5f0fb.pcap | grep -i flag
FLAG = 'flag{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}'
        print encode(FLAG, cnt=?)