The weather is terrible and I have nothing planned, you know what that means…..CTF weekend!! Reviewed ctftime and seen a CTF I would be interested in called CODEGATE. CODEGATE has organized international hacking competitions since 2008 so this has to be good. Lets jump right in.

Pre CTF

Before any CTF I do the following:

Ensure VPN is working properly

Update CTF Template

Clone CTF Template for CODEGATE (Trash the VM after each CTF)

Start OBS Studio (Allows for moving quickly through the CTF, so I can do the write up later)

Registering

Registering to CODEGATE

Check_Check(1pt):

After registering, I look for the “Are you competent?” challenge that typically reveals the format of the flags moving forward.

This challenge for CODEGATE was called check_check.

The checkcheck.jpg is a QR code.

I done a quick google for an open source project that reads QR codes. I found and installed zbar-tools and downloaded the .jpg. Now lets try this new tool with zbarimg “checkcheck.jpg.png”

root@kali:# sudo apt-get install zbar-tools root@kali:~/Downloads# ls checkcheck.jpg.png root@kali:~/Downloads# zbarimg "checkcheck.jpg.png" QR-Code:CODEGATE2020{Q_R_C_O_D_E} scanned 1 barcode symbols from 1 images in 0.03 seconds

Nice! This is a reason I love CTFs. They force me to reach out for new tools I never knew existed.

Alright we have 1 point. Off to a good start.

LOL(27pt):

The LOL challenge provided a link to download a file. Downloaded file.

Almost every new file for me goes through Ghidra first (during a CTF). Pull up Ghidra and extract the filesystem.

Ahh, here we see a gif. This should be interesting.

Import Legend.gif into the project to be analyzed by Ghidra. I will be using x86 64bit gcc language.

Once the file was imported, Ghidra asks if I wanted to analyze the file. Yes…..yes I do. This was the result!

CODEGATE2020{J!n*_L00s3_C@^^0^}

After scrolling through seven or so League of Legends champions, I found the flag. CODEGATE2020{J!n*_L00s3_C@^^0^} 27pts.

ENIGMA (49pts)

Enigma started with another file to download. Downloaded file and loaded into Ghidra as file system.

Lets export the file and take a look at what we have.

Viewing the file shows a simple substitution key.

After replacing the values after “flag is :” we got the following flag.

CODEGATE2020{HACKERS ARE NOT BORN ONLY IT IS MADE}

Summary

Overall, ended up with 77pts and had a great time. Until next time, Stay safe in the Trenches of IT!