I participated in Huntress CTF 2024 and tried to solve their challenges for fun. This CTF added new challenges everyday for the month of October so people head plenty of time to attempt them. This is a great intiative for the Cybersecurity Awareness Month.

Too Many Bits

Copy ‘01100110 01101100 01100001 01100111 01111011 01100100 00110000 00110001 00110100 00110111 00110001 00110111 00110000 00110010 01100001 00110001 00110000 00110001 00110011 00110100 01100011 01100100 01100001 01100100 00110001 01100100 01100100 01100100 01100101 00110000 00110110 00110110 00110111 00111000 01100110 00110010 01100110 01111101’ to CyberChef and add ‘From Binary’ to recipe.

flag{d01471702a10134cdad1ddde06678f2f}

Cattle

The challenge gives us a hint with esoteric keyword. I searched for Moo esoteric programming language on google and found COW programming language. Found a online interpreter for COW programming language on the page at https://frank-buss.de/cow.html. Copy paste the ‘cattle’ text in the interpreter and execute it to get the flag.

flag{6cd6392eb609c6ae4c332ef6a321d9dd}

Base64by32

Download the base64by32.zip file, unzip it. Based on the challenge name and the file contents I think it would be base64 decoding the text 32 times. Using this answer https://stackoverflow.com/questions/59031533/bash-base64-decode-a-file-x-times, run this bash code where the base64by32 file is unzipped.

state=$(<base64by32)
for i in {1..32}; do
   state=$(<<<"$state" base64 --decode)
done
echo "$state"

This would give you the flag

flag{8b3980f3d33f2ad2f531f5365d0e3970}

TXT Message

The hint for the challenge tells us that the TXT Records for ctf.games domain should have a clue. Run

TXT Message

dig TXT ctf.games

# OUTPUT
146 154 141 147 173 061 064 145 060 067 062 146 067 060 065 144 064 065 070 070 062 064 060 061 144 061 064 061 143 065 066 062 146 144 143 060 142 175

Copy the the blob of TXT and goto Cyberchef, paste it in the Input section and you can notice that all the numbers are between 0-7 that means it might be an octal number. Another hit can be the challenge has the description ‘One of them sure is odd… ’ where ‘od’ in odd is a link to od tool used to do a octal dump. So add ‘From Octal’ to the recipe and bake.

flag{14e072f705d45882401d141c562fdc0b}

Unbelievable

The challenge has an attachment for Half-Life_3_OST.mp3, but the hint says that don’t believe everything you see. So I ran file tool on the MP3 file and it returned that the file was a PNG image instead. I opened up the file with the image viewer and got the flag.

flag{a85466991f0a8dc3d9837a5c32fa0c91}

Unbelievable

No need for Brutus

The challenge name is ‘No need for Brutus’ which I am assuming means that we don’t need to Brute Force. The hint is that it is a simple message for us to decipher and only text in the message. I wasn’t sure which cipher was being used so I went to DCODE Cipher Identifier and pasted the text there. One of them was Shift Cipher, I pasted the input text in there and rang the automatic detection with brute force which would show us all the combinations with different shifts so we don’t have to increment through them. I found (+16)/c which was ‘caesarissimplenoneedforbrutus’. I converted it to MD5 and submitted it with the flag{}

echo -n "caesarissimplenoneedforbrutus" | md5sum
flag{c945bb2173e7da5a292527bbbc825d3f}

Whamazon

You can go to ‘Buy from Whamazon’ as ‘Examine your Inventory’ is empty. Whamazon shows you have 50$’s in your wallet but the flag is worth 1000000000. If you try to buy an apple which is worth 3 dollars it shows ‘3 dollars x 1 = 3 subtracted from your wallet!’. So if you put in a negative value for quantity it should give a negative value after the quantity multiplication which would add value to the wallet. The House has value ‘100000’ so you put in -10000 you should get the value in the wallet required. It shows that I can’t offered a house as I don’t have enough money so you would have to keep on increase the wallet value going through items.

Once you try to buy flag it gives you another whammy. It’s just rock, paper and scissor, select paper and it should add the flag to your inventory. Get out to the inventory in the shell and you should get the flag.

flag{18bdd83cee5690321bb14c70465d3408}

MatryoshkaQR

Go to CyberChef and add a parse QR code to the recipe and upload the qrcode.png as a input. You can see a lot of \r\n \x escaped characters, so I added a unescape string to the recipe which outputted a PNG file data. CyberChef automatically suggested to Parse QR Code which gave me the flag.

flag{01c6e24c48f48856ee3adcca00f86e9b}

MatryoshkaQR

Discount Programming Devices

Download the python script ‘oops.py’ and examine it. It is importing zlib and using it to decode the base64 data that is obfuscated. I just ran the python script with python and got the flag because it was basically decoding the hidden flag. If you want to learn more about the code in the script you can read this Reddit Answer.

flag{2543ff1e714bC2eb9ff78128232785ad}

Mystery

The hint is the word Enigma and they have mentioned the settings used for the Enigma machine. Put that in Cryptii Engima Decoder. You would get a message, and if remove the white spaces in the middle you would get this message

MESSAGEWRAPPEDINLIGHTHIDDENDEEPEROUTOFSIGHTLOCKINGITMORETIGHTANYWAYYOURFLAGISHEREFLAGFDFEABCACBEBFBADAEFBECCAADDDBAFEZZZ

Mystery

I racked my brains for days to crack this and I was out of ideas, I tried md5’ing the results and other things. Then I went to Discord hoping for some hints and people suggested to look at the flag format. The flag format expects flag\{[0-9a-f]{32}\} regex, first mistake I could see with my submission was upper case letters and that the flag was 35 characters instead of 32 of an MD5. So I just removed the last zzz and submitted it and it worked. There are a couple of articles about the zzz rotors in Engima but I didn’t understand them.

flag{fdfeabcacbebfbadaefbeccaadddbafe}

Typo

When you ssh into the machine a train runs through the screen and no command seems to work. It is supposed to be typo of a linux command so I searched for ’train linux command’ and found the sl command blog here.

I was not able to solve this.

Zulu

When you check the file data type of zulu it was compress’d data 16 bits. And the hint is zulu is phonetic alphabet which is z. If you rename the file zulu as zulu.z archive and uncompress it you get the flag.

flag{74235a9216ee609538022e6689b4de5c}

Zulu

Ran Somewhere

So its an OSINT challenge with an email file attachment. I downloaded the .eml file and downloaded the 3 attachments on there and the email had a link to the companies homepage. There was 1 text file and 2 binary files where, the text file is hex coded which when decoded gives the names ‘Note’, ‘find it yet’, ‘im nearby’.

Hey There! You should be more careful next time and not leave your computer unlocked and unattended! You never know what might happen. Well in this case, you lost your flash drive. Don’t worry, I will keep it safe and sound. Actually you could say it is now ‘fortified’. You can come retrieve it, but you got to find it. I left a couple of files that should help. - Vigil Ante

Ran the file utility on the 2 binary file and the EXIF data shows these are JPEG images, renamed the file to add an extension and opened those files. The homapage says the business is not licensed especially not in Maryland, one of the images has a banner for ‘FREDERICK Reck..’ something written.

I was not able to solve this.