The weather is terrible and I have nothing planned, you know what that means…..CTF weekend!! Reviewed ctftime and seen a CTF I would be interested in called CODEGATE. CODEGATE has organized international hacking competitions since 2008 so this has to be good. Lets jump right in.
Pre CTF
Before any CTF I do the following:
- Ensure VPN is working properly
- Update CTF Template
- Clone CTF Template for CODEGATE (Trash the VM after each CTF)
- Start OBS Studio (Allows for moving quickly through the CTF, so I can do the write up later)
Registering
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/1-1.png)
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/2-1.png)
Check_Check(1pt):
After registering, I look for the “Are you competent?” challenge that typically reveals the format of the flags moving forward.
This challenge for CODEGATE was called check_check.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/3-1.png)
The checkcheck.jpg is a QR code.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/4-1.png)
I done a quick google for an open source project that reads QR codes. I found and installed zbar-tools and downloaded the .jpg. Now lets try this new tool with zbarimg “checkcheck.jpg.png”
root@kali:# sudo apt-get install zbar-tools
root@kali:~/Downloads# ls
checkcheck.jpg.png
root@kali:~/Downloads# zbarimg "checkcheck.jpg.png"
QR-Code:CODEGATE2020{Q_R_C_O_D_E}
scanned 1 barcode symbols from 1 images in 0.03 seconds
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/7-1.png)
Nice! This is a reason I love CTFs. They force me to reach out for new tools I never knew existed.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/5-1.png)
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/6-1.png)
Alright we have 1 point. Off to a good start.
LOL(27pt):
The LOL challenge provided a link to download a file. Downloaded file.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/8-1.png)
Almost every new file for me goes through Ghidra first (during a CTF). Pull up Ghidra and extract the filesystem.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/9.png)
Ahh, here we see a gif. This should be interesting.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/10-1.png)
Import Legend.gif into the project to be analyzed by Ghidra. I will be using x86 64bit gcc language.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/11.png)
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/12.png)
Once the file was imported, Ghidra asks if I wanted to analyze the file. Yes…..yes I do. This was the result!
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/13.png)
After scrolling through seven or so League of Legends champions, I found the flag. CODEGATE2020{J!n*_L00s3_C@^^0^} 27pts.
ENIGMA (49pts)
Enigma started with another file to download. Downloaded file and loaded into Ghidra as file system.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/15.png)
Lets export the file and take a look at what we have.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/14.png)
Viewing the file shows a simple substitution key.
![](https://www.trenchesofit.com/wordpress/wp-content/uploads/2020/02/16.png)
After replacing the values after “flag is :” we got the following flag.
CODEGATE2020{HACKERS ARE NOT BORN ONLY IT IS MADE}
Summary
Overall, ended up with 77pts and had a great time. Until next time, Stay safe in the Trenches of IT!