pwnEd2 Writeups: Misc

CTF WriteupspwnEd2

28 Feb

69

The challenge appears to have no description at first glance...

However, dragging your mouse over the challenge window reveals...

pwnEd{FLAG_REDACTED}

Train32

All abord the train32!! Enjoy the ride!!

http://34.105.198.101:13000/RFIE4RYNBINAUAAAAA

Author: Sud0

Clicking on the given link loads a page, which very rapidly loads many more links - a "redirect train", if you will. The end parts of the URLs appear to be base32, which would fit the challenge name.

Python's requests library allows you to see the redirect history for a response, so making a script to combine the base32 messages is relatively straightforwards:

#!/usr/bin/env python3
import requests
s = requests.Session()
s.max_redirects = 1000
r = s.get("http://34.105.198.101:13000/RFIE4RYNBINAUAAAAA")
encoded = ''
for l in r.history:
    u = l.url
    encoded += u[u.rfind('/')+1:]
print(encoded)

RFIE4RYNBINAUAAAAAGUSSCEKIAAAADEAAAAAZAIAIAAAAH7QABAGAAAAADGES2HIQAP6AH7AD72BPNHSMAAAAVHJFCECVDYTTWZZULO5QQAYBJXK7676X667NDCHAK4R4GVTNM2PHOBAQUORYLTBEHL7V7L6JGHX5HTPYBXUFMABRICFALEBMIAL7ZU7V3VOVVAZOWXUDTHDVZICP6BEVBY35KWH6IWHIF2AWEAIUMA5UDYOW3H2EB6OOYAJNYHX5SIFLXZCZ3XIFSAWEAFCGAOTITEP4MY5FGGWXK6H5KHKFSAWEAKSMDMSKE3KXLFR2RLGAEKAV4CEDEDNYUBQZ6OMXDKKT3FO52RMQFRACUTA3G2H2MASNVTF2UGD7PA2VMQBRICIRQ5QTBWAY2IPIBIDW2PCLLUCZALCAELGDODLZG3LZHSMZVXH76Y5TQCFALIAZKKNN642PFHZPONKLCTZOTMNQNLWMAIUBNYNKZ3HZW27KRB2ZBRUL4W7EFZZPS7WLUKAWEANJJIYO4WXFUXNFHWNQICNXTETNSHM4ARICYQ6WDLKDXOLQLLJOL4H5B6PDZ2BOQFRACFDB7F6IZ3LNTGUNLP36LFMC3HA6SV2FALCBW62RR5LVZZZGIZL2RJS2NGZXASHFXIFSAGEAKSFGNECM2XWNVSDPUZXUU4PLGOAIUBMIDVYKRJNB44NGPEXSTMMY5ZOKL25EWIIYQBKK5WQ2SD2DTODC2M4FTTNTYMOQLEBMIAFRC5HHELGULQO2ZUK5E652BMQBRADNU5XZDR2UZGYBVTDG2Z5OWCK7S7HIF2CWEA4KPFFNGMG6LUCC7RZXJYLNOXLGRLGAEKAVQJTUSBOMA325UAO7LXJL44JXKVSAGFAJCHHQ3O2W62TZIABVJ3P3ZUXCR3GAEKAV4OFS3MNABWUUCPKBTNOI24G7OIMYQBBZ7JSLNICAOWFIWB6LR2LYCZGE5AXICYQCBV6ZSDBGM5VPU2UAJ4YQETH45AXICYQDHXZGLNQDHFFVJWZY2S7XORLEAMKAQ4BTB5TW5362KNMEVNOPBYES6OBW5SQFXA4CL5TATABHDKXQPNVBQ42SC7UKZQBCQFPDRMW3FVIXDF2PPGLSQSOLE6ICYQAB6XBX7R4OQLUBMABRICFALEBMIARIC7QD43UU5OA5OUCRJAAAAAABEUKTSEVZBGBA

I then put this output into a base32 decoder, which reveals that this is a PNG image - saving it and opening it shows:

A QR code, which we can scan to get the flag:

pwnEd{ch00o_Cho00o}

Bedioun_ruins

(Not-quite-completely solved)

I did some time travel over the winter break to escape all this Covid nonsense... Found a really snazzy looking clay tablet with some funky script written on it. Took it down in my notepad. Could you help me decipher what the message means ?

Please put your decoded text (all uppercase) into the pwnEd {} wrapper before submitting Assume the sentence is in English.

HINT: The way sentences are constructed in this language is not the same as you would in English.

We're provided with an image which I recognise as cuneiform:

This is an ancient writing system which well explained by Iving Finkel of the British Museum: https://blog.britishmuseum.org/how-to-write-cuneiform/ This webpage also provides a chart for decoding cuneiform, from which we can decode

ma an ra at/ad ti me es/is di at/ad

Converting this to roughly English gives man rat times diat (diet?) which we are expected to convert to an English phrase. I didn't succeed at doing this, although our team's guess accuracy dropped by about 75% from me trying :)

EDIT POST COMPETITION: The correct answer was revealed to be

pwnEd{MANRADTIMEISDEAD}

RIP our team's accuracy; I tried over 25 times to get this right before giving up...

Бабушка

Моя мама купила мне игрушку из россии, вы можете помочь мне посмотреть, что внутри?

(My mom bought me a toy from Russia, can you help me see what's inside?)

In this challenge we're given a very large QR code to start with:

We can put this into an online parser like https://online-barcode-reader.inliteresearch.com/ , which provides an xxd-like output of the hex data / any readable characters. From this, it looks like another PNG:

0000  89 50 4e 47 0d 0a 1a 0a  00 00 00 0d 49 48 44 52  | ~PNG~~~~~~~~IHDR |
0010  00 00 00 81 00 00 00 81  01 03 00 00 00 dd 6e 4b  | ~~~~~~~~~~~~~~nK |

So let's copy the hex data into something like cyberchef to convert it into an image file. Looking at this image gives us...