Last week, some of our CTF team headed over the University South Wales in Newport in order to participate in a CTF, with train tickets kindly paid for by the university. We got the train in the morning from Cardiff Central to Newport, and one of our members guided us to the nearest Wetherspoons to have breakfast.
Introduction
Last week, some of our CTF team headed over the University South Wales in Newport in order to participate in a CTF, with train tickets kindly paid for by the university. We got the train in the morning from Cardiff Central to Newport, and one of our members guided us to the nearest Wetherspoons to have breakfast.
After breakfast at the John Wallace Linton Wetherspoons, we were ready for action!
The CTF
The CTF was team based, with maximum team sizes of 6 people, which worked excellently for us as that’s exactly how many of us attended!
Attendees from our society were:
- Jacob Eva (Captain)
- Thomas Davies (Treasury officer)
- Samuel Cheeseman (Communications officer)
- Zain Haq (Events officer)
- Iestyn Langstaff
- Oliver Myer
There were various different challenges in the CTF, ranging from web application exploitation, to basic trivia. This made the CTF really accessible even to those without extensive hacking knowledge, and gave some of my more junior members ways to still help the team :)
Going into the CTF, many of the members of my team were unsure about their ability to compete against the other teams present at the university, this was the first CTF event we participated in, so justifiably so.
We had some rather severe issues with Eduroam (when are there not) at USW not playing ball at the start of the CTF, but we persevered, falling back onto to our mobile hotspots in order to get an internet connection during the event. However, this definitely gave us a disadvantage compared to the “home” teams, as they could connect to Eduroam normally.
Our first challenges
At first, I delegated certain categories of challenges to those in my team who I deemed to have the relevant skillsets. This started off with me attempting the reverse engineering challenges, which I felt rather confident at (until I remembered I hadn’t done it in a year or so!).
Some time was lost because of our inherent disadvantage of having to use mobile hotspots, especially for me when I tried to download ghidra because I didn’t have it preloaded (oops!).
However, eventually our team was starting to submit solutions to challenges, and we were quickly working our way through the various categories for the CTF.
Below, you can see highlights of the event submitted by each of our members regarding the challenges they attempted.
SQL injection - Jacob Eva
I got stuck on a particular challenge where you had to retrieve information from an application’s backend database, for several hours I was trying to retrieve information from this application to no avail. I got fairly close, managing to figure out how many columns there were in the database query via ORDER BY injection, however beyond that I could not retrieve any information, as the database wasn’t happy with my syntax, for reasons I could not explain. Unfortunately, I never did manage to solve this challenge, but one of the other teams from USW did, who I spoke to after about it!
Nested compression - Thomas Davies
This particular challenge took me over an hour to complete, in this challenge the first file was a simple zip folder which once decompressed revealed a 7-zip folder, this pattern continued for 12 layers of compression, eventually using more obscure compression methods. One that stumped me was the .zoo file. To find out the compression algorithm, I had to decode the text in base64, to find out that the file had to be renamed .zoo. Next, the real challenge began, trying to find a program to decompress it, as the algorithm was developed in the mid-1980s, I struggled quite a lot. Eventually, I got Jacob to open and extract the archive, allowing me to complete the challenge.
Cipher text - Iestyn Langstaff
I got stuck on one challenge in a section which was related to cryptography, where you had to find the cipher key from the cipher text. I spent a very long time on it, so much in fact that I ended up leaving it and chose to return to it later. Eventually, I finally figured it out! The text was an enciphered version of a world war two speech! Turns out I had nearly figured out the answer, I just didn’t realise it, as the cipher key was incredibly obvious once I had actually determined it.
Hashing - Oliver Myer
Throughout the CTF I found there were a lot of different challenges to choose from, some were simple, whilst others were more complex. As a newcomer to the CTF world I was worried that everything was going to be too difficult, but I was quite surprised to find there were various levels of difficulty which meant anyone with a little knowledge on CTFs could participate. I completed a few tasks but one I found quite interesting myself was trying to crack hashed passwords from various accounts to find the specific password required to unlock a zip file. To do this, I had use John the Ripper on my VM to decrypt the hashes with a ruleset. However, I unfortunately ran out of time in the CTF to complete this particular challenge, as I wasn’t able to automate the password input. However, it was enjoyable nonetheless!
Wireshark - Samuel Cheeseman
A few of the challenges I completed required me to search through a PCAP file in Wireshark to find flags, and one of them was an intercepted FTP file transfer. FTP isn’t secure, so all the traffic was readable. I found out through this challenge that Wireshark allows you to extract files out of unencrypted network traffic, simply through an option on the UI, allowing me to extract all the files I needed easily. And after a brief search, I found the flag.
Git - Zain Haq
My favourite challenge was the git crunk challenge as it was fairly accessible for someone new to CTFs like myself, and allowed me to learn new tools, as I had never used git in the command line before. I appreciate how the challenges brought our team closer as we worked on problems together and weren’t afraid to ask each other for help, working as a team should.
End of the CTF
Eventually, our time for the event was up. The CTF was closed to new flag submissions, and all the teams made their way downstairs in order to listen to the closing presentation, where the winner will be announced. The atmosphere was quite tense, but even more so due to the fact that the scores of other teams and rankings were hidden in the last 30 minutes, so we didn’t even know our position on the leaderboard!
After speaking to the other teams when waiting for the BAE systems team to come back, it was time to listen to the presentation. They highlighted some… interesting flag submissions, including one where a member of our team submitted the entire text of the challenge in the answer box!
Then came the results. USWCSS (USW Cyber Security Society) were in third place, Red Rockets were in second, with team Alpha from our society winning the CTF!
The scores were incredibly close and can be seen below, with USWCSS and Red Rockets swapping places just in the last 10 minutes of the event!
All in all, this event was really enjoyable, and the free pizza and prizes were definitely worth travelling to Newport for!
Conclusion
If any of you have questions about the above, please feel free to contact me on XMPP (jacob.eva@metctf.org.uk), or contact our society email (ctf@cardiffmet.ac.uk).
Jacob Owen Eva - Captain & Founder of the Cardiff Met CTF society.