(leonuzđź’€)-[/var/log]

Mysterious Broadcast (Web Challenge Writeup) -- Space Heroes CTF 2022

April 01, 2022 | 4 Minute Read

FITSEC Team from Florida Tech has done an excellent job preparing this CTF. The challenges have been very interesting, we chose this web challenge for the writeup because it is quite new and entertaining for us.

I know, I know, there are other more elegant and faster ways…

Challenge Description:

Web Challenge

We go to the URL of the challenge and we only see a symbol ~, if we refresh the page several times, we see that it changes. ~110... looks like a binary code.

Page refresh

If we loop over the page by curling it, we may be able to get the complete message.

We then proceed to test with a bash script (I know, it’s not the most elegant or beautiful, but it works.)

┌──(sniper㉿sniperkal)-[~/SpaceHeroesCTF/Web/Mysterious_Broadcast]
└─$ cat looping.sh     
#!/bin/bash
loop="http://173.230.134.127/seq/f6456df7-ddc7-473f-89c8-89f083bb938f" 
for i in {1..800}
do
   curl $loop
done

and the console output of the script is..

┌──(sniper㉿sniperkal)-[~/SpaceHeroesCTF/Web/Mysterious_Broadcast]
└─$ ./looping.sh  
~1100011011001011010001101010110010010001111011010011011110100011011000100111011010101100001101011111011001001010110001101100001000101011001110100011101101110110001100001010101011001110100101101000110001011011011010010110100011000111101101101001001110011000011110011101111010111101~1100011011001011010001101010110010010001111011010011011110100011011000100111011010101100001101011111011001001010110001101100001000101011001110100011101101110110001100001010101011001110100101101000110001011011011010010110100011000111101101101001001110011000011110011101111010111101~110001101100101101000110101011001001000111101101001101111010001101100010011101101010110000110101111101100100101011000110110000100010101100111010001110110111011000110000101010101100111010010110100011000101101101101001011010001100011110110                                        

We see that what is inside the ~ is repeated, it is a message that repeats. We save it with the name sequence.in to analyze it (yes, I could have done it directly from the script, but :) ).

┌──(sniper㉿sniperkal)-[~/SpaceHeroesCTF/Web/Mysterious_Broadcast]
└─$ echo "1100011011001011010001101010110010010001111011010011011110100011011000100111011010101100001101011111011001001010110001101100001000101011001110100011101101110110001100001010101011001110100101101000110001011011011010010110100011000111101101101001001110011000011110011101111010111101" > sequence.in 

We know from the statement of the problem that There used to be 8 ….. but now there are only 7, then we proceed to arrenge the sequence.in file, for this, we use the linux commands fold and tr

┌──(sniper㉿sniperkal)-[~/SpaceHeroesCTF/Web/Mysterious_Broadcast]
└─$ fold -b7 sequence.in | tr "\n" " " > data.in 
┌──(sniper㉿sniperkal)-[~/SpaceHeroesCTF/Web/Mysterious_Broadcast]
└─$ cat data.in                     
1100011 0110010 1101000 1101010 1100100 1000111 1011010 0110111 1010001 1011000 1001110 1101010 1100001 1010111 1101100 1001010 1100011 0110000 1000101 0110011 1010001 1101101 1101100 0110000 1010101 0110011 1010010 1101000 1100010 1101101 1010010 1101000 1100011 1101101 1010010 0111001 1000011 1100111 0111101 0111101 

Once we have the file arranged in 7-bits words, we transform it to ASCII using xxd. (Again, many ways to do this, including web tools that are much faster than writing a script, but where’s the fun in that? and the learning?)

For our friend StackOverFlow we know this:

“If you want to stick with xxd, then you need to first convert each binary number to decimal. If you’re using bash, and x contains you’re binary string, then:

for a in $x; do printf "%x" $((2#$a)); done | xxd -r -p

$((2#$a)) is binary to decimal conversion in bash, and the printf will convert this to hex. Then just pipe it to xxd - and get what you got before.”

Now we only have to re-arrange our statement to execute it and obtain the desired conversion. For that, we store the data in a variable and do a for to convert each 7-bit word into an ASCII character.

┌──(sniper㉿sniperkal)-[~/SpaceHeroesCTF/Web/Mysterious_Broadcast]
└─$ data=$(cat data.in); for byte in $data; do echo $(printf '%x\n' "$((2#$byte))"); done | xxd -r -p
c2hjdGZ7QXNjaWlJc0E3Qml0U3RhbmRhcmR9Cg==

This result looks like a base64 encoding, we decode it in the following way

┌──(sniper㉿sniperkal)-[~/SpaceHeroesCTF/Web/Mysterious_Broadcast]
└─$ echo "c2hjdGZ7QXNjaWlJc0E3Qml0U3RhbmRhcmR9Cg==" | base64 -d
shctf{AsciiIsA7BitStandard}
The flag for the challenge is:

shctf{AsciiIsA7BitStandard}


Final Notes.

Linux plays an incredibly important part in the job of a cybersecurity professional. Specialized Linux distributions such as Kali Linux are used by cybersecurity professionals to perform in-depth penetration testing and vulnerability assessments, as well as provide forensic analysis after a security breach.

Linux Shell scripts have several required constructs that tell the shell environment what to do and when to do it. Of course, most scripts are more complex than the above one.

The shell is, after all, a real programming language, complete with variables, control structures, and so forth. No matter how complicated a script gets, it is still just a list of commands executed sequentially

Thanks FITSEC Team for the excellent CTF.

For fun and knowledge, always think out of the box! :)