Last thursday and friday I had the chance to participate in my first professional level CTF at BSides Ottawa. Hopeless.carleton, the team I was on, came second overall with a remarkable 3600 points! We were actually in first place until roughtly the last minute, when “That @Shopify Team” found one more flag putting them 250 points ahead of us. It was a close fight until the end!

Final resultsFinal results

One small note

The organizers dropped one final challenge on us with about 2 hours left (thought it only felt like 1/2hr). It was a web challenge which I chose to work on. We were told to get the flag.txt which was located at the root of the box. We were given a ruby webshell on the box however when trying to read the flag we would get permissions denied. Through some investigation I determined that the account “Cyber” which the app was running under was part of the sudoers group however when running sudo cat /flag.txt the web shell would crash when waiting for the interactive input for the password. My teammate thought that this might be a weak creds attack and a nmap scan revealed that SSH was open to the box so all I needed to do was get the password for the Cyber account.

So with 5 minutes left I started trying every possible password from “password” to “admin” to “qwerty” to even “CyberCyberCyber” (the name of the ruby app). After all that I had no luck. With about 30 or so seconds left I noticed that “That Team” got it, so I though let’s just do cat .bash_history to see if they might have left anything useful behind, but they didn’t. After talking to “that team” afterwords it turns out the password for the Cyber account was just Cyber. If I would have gotten that we would have won since the flag was worth 300 points. Moral of the story, always try the username as the password and never use your username as your password.

BSides Ottawa Challenges

In this blog post I aim to cover some of the challenges I managed to tackle and what I learned while breaking them. The challenges are roughly in the order that my team and I managed to break them. I’ll hide the answers and post the challenges as well this way if you would like to try out the challenge you can. Unfortunately I didn’t take pictures of the network ones, so I am unable to discuss them in detail.

CTF-101: A new script for “Office Space”

While writing a new script for Office Space we ran into an error. Can you find it?

CTF-101: What is this guy pointing at?

CTF-101: Unknown stream incoming

[ unknown.pcapng ]

Forensics: Harambe

Harambe looks kind of sad about something.

[ harambe-45f6d15f93c1c7edba4130f87962a2e7ff4445df_081894cb93ac47a1d80f7241d2af0aa4 ]

Forensics: Humpty’s Big Party

This invention to the humpty dance looks kind of phishy to me.

[ humpty_dance_838d811304afcd7adcac5306f287182d ]

Forensics: Mario X

We found a new version of Mario. It is amazing, the graphics are so life like.

[ mario_f539418c5e65405677db05c12e796005.gz ]

Old Skewl: Find the flag

That’s all for now! I must say I really enjoyed my time at BSides Ottawa this year and can’t wait for next year! Huge shoutout to Some Random Name for building this CTF!