I participated in the LACTF competition with my friend Sensei and I was able to solve 5 challs. Yeah, welcome challs and discord challs inclusive, thatâs my specialty afterallđ. I wasnât available throughout the CTF though, this was because of exams hehe.
Lets take a look at the challs I solved
Challenges Solved
Welcome
- Discord
- rules
Misc
- infinite loop
- mixed signals
Web
- terms and conditions
Welcome
Discord
You can get this flag when you navigate to their discord server and then check the pinned message in #general
Yup thatâs the flag
FLAG:lactf{i'm_in_the_discord_server!}
rules
Lets navigate to the home page
We got our flag
FLAG:lactf{i_read_the_rules}
Misc
infinite loop
Navigating to the webpage
We get this google form, now when you try to fill this form youâll notice itâs in a loop
As you can see it is more of an infinite loop thing.
Lets capture this request on burpsuite so we can see whatâs happening
We donât need this request actually so you can just forward
Yup, this is the request we are interested in. Send this over to burp repeater
Scrolling down to the end of the response should get you this
Yup, thatâs the flag
FLAG:-lactf{l34k1ng_4h3_f04mz_s3cr3tz}
mixed signals
This one was quite easy though. I did a bit of overthinking though hehe
Open the .wav file using sonic visualizer. You can download using the command sudo apt-get install sonic-visualiser
We have this. Well, all you just need to do is listen to the audio
When you listen you should hear something like
lemur
alpha
charlie
tango
foxtrap
open brace
charlie
four
november
underscore
yankee
zero
uniform
underscore
papa
lemur
zulu
underscore
uniform
november
mike
one
xray
underscore
mike
yankee
underscore
sierra
one
golf
november
four
lemur
zulu
end brace
Now what weâll do is since we know the ctf flag format to be lactf{} it should be obvious nowđ
. weâll treat the numers as numbers and also the symbols as symbols.
So we have this
Lemur
Alpha
Charlie
Tango
Foxtrap
{
Charlie
4
November
_
Yankee
0
Uniform
_
Papa
Lemur
Zulu
_
Uniform
November
Mike
1
Xray
_
Mike
Yankee
_
Sierra
1
Golf
November
4
Lemur
Zulu
}
smooth, weâve gotten our flagđ
FLAG:-lactf{c4n_y0u_plz_unm1x_my_s1gn4lz}
Web
terms and conditions
This also was a very easy web chall
Navigate to the webpage
Youâll see from the webpage that whenever we try to click on the âI Acceptâ button, it moves the moment we move our cursor
Checking the page source youâll see this
This JavaScript code sets up event listeners to handle touch and mouse events on the webpage and track the coordinates of these event
Thereâs another part to this code when you check the page source
This interval function continuously monitors the window size (window.innerHeight and window.innerWidth). If the window is resized, it replaces the entire body content with a message âNO CONSOLE ALLOWEDâ. This is an attempt to prevent the user from accessing the console.
Well, to solve this weâll be using one of the developer tools
If you get a âNO CONSOLE ALLOWEDâ message, just refresh the tab when you get to sources, if you are using firefox as your browser, youâll have to go to debugger not sources. So, from the above screenshot we have the analytics.js script and also a file index. Checking out the index file and then scrolling all the way down you should see the Javascript code that sets up the event listeners. Also, youâll notice that the analytics.js script is obfuscated. We can deobfuscate this using this online tool
document.getElementById("accept").addEventListener("click", () => {
const _0x4eb4e0 = document.getElementById("mainscript");
if (!_0x4eb4e0 || _0x4eb4e0.innerText.length < 1000) {
alert("silly you... you don't get to disable javascript...");
} else {
alert("ob`wexwkbw\\avwwlm\\tbp\\gfejmjwfoz\\mlw\\lmf\\le\\wkf\\wfqnp~".split``.map(_0x286792 => String.fromCharCode(_0x286792.charCodeAt(0) ^ 3)).join``);
}
});
What we can do is run that alert script into the console
We got our flag
FLAG:lactf{that_button_was_definitely_not_one_of_the_terms}
You can find Senseiâs writeup to the challs he solved here
Till Next Time :xD