~$ Participating in the Central-Infosec CTF!

Posted on Apr. 20th, 2021.

Tags:InfoSecCTF


The write-ups


I gave them each a page for legibility's sake. Also, you want to preserve your scroll finger.


The story

These last two weeks, I helped out the "Advanced Persistent Team", composed of my friends Lennaert, Gerard and Scott in the Central Infosec CTF.

Now, I'm not as good as some of the others for all of these CTF challenges, but I'm not too shabby at unmuddling code. So that's what I did, working on Python challenges, JavaScript challenges, and attempting some cryptography challenges. I'll mostly focus on the code related CTF's, because those are the ones I had the most fun with.

I couldn't work on the challenge virtual machine itself for quite some time, because of how my host machine was set up. My host is usually used as a development machine, and as such runs Docker and Hyper-V. But since Hyper-V is janky AF, I run my virtual machines on VMWare Workstation Pro. The particular setup of this CTF however made it so that you need to access the machine from the same Virtual Network, which usually works fine. However, Hyper-V's network adapters were interfering with that process, and it took me a while to get around that hurdle. During that time I relied on the files that my colleagues sent me.

As such, I started with the Python challenges, which were some code analysis and reversal challenges. You can find that write-up here.

I then moved on to the static code analysis challenge, which involved analyzing some obfuscated JavaScript and finding a password hardcoded in a website. You can find that write-up here.

Finally, I fixed my VM setup and was able to access the game exploitation challenge, which involved breaking a game to access a flag. You can find that write-up here.

I hope you enjoy these various write-ups as much as I enjoyed the challenges.