2010-05-24 21:30:14
By Tim Brown
The second challenge that I solved was f200, ostensibly a forensic challenge but as we will see in the next few paragraphs, more a case of knowing the right tools for the job. This challenge got delivered as a .tar.lzma file which is Ark from the KDE project is eaily able to open. Inside were a large number of varying sized (but small) .png files. .png files don't normally carry metadata but I ran strings across them to check as I wasn't too sure what to expect.
Since there didn't appear to be any significant meta data embedded within then, I began to open them to examine their contents. Each of them was faily similar, containing a largely transparant background with odd pixels coloured in. At first I thought that maybe the pixels were some kind of binary encoding, but after looking at a few more of them, a second option presented itself. What if these were frames that could be overlaid to give their true meaning? Using ImageMagick and the command:
$ convert -background skyblue *.png -layers flatten +repage Flatten.png
we were able to overlay the various images which revealed a URL. To be honest, the next step had me. The URL took me to a video page entitled The Super Sexy way to learn CPR. I tried everything from the title of the page, to words from the contents, through to text from the embedded video but nothing worked at a key on the CTF applet:
timb> okay, so I've tried "The Super Sexy way to learn CPR." "The Super Sexy way to learn CPR", "Super Sexy CPR" "super sexy cpr" etc etc....
I was feeling pretty tired by now (we were well into the early hours) and decided to disappear for a coffee when one of my team mates said that he'd owned the challenge using the URL itself as the key. Later a team mate commented that all we are stunned by boobs which maybe summed that challenge up :).
Mood: Tired
Music: Captain Ahab - After The Rain My Heart Still Dreams (t500 remix)
You are unknown, comment