Skip to content

YlmzCmlttn

Cemalettin Yılmaz Blog

Menu
  • Home
  • About Me
  • Projects
    • Iot-AR
    • Magnifi-AR
    • Smarthome-IOS
    • Others
  • Categories
    • Articles
    • Augmented Reality
    • Capture The Flag
      • Google CTF
        • 2018
    • Embedded Systems
    • IoT
    • Logisim
    • My Essays
    • Nvidia Jetson
      • Jetson TX1
    • Operating Systems
      • Kali
      • Raspbian
      • Ubuntu
    • Personal
    • Programming
      • Arduino
      • C
      • C#
      • Css
      • Html
      • Js
      • Matlab
      • Node.js
      • Python
      • Swift
      • VHDL
    • Projects
      • Embedded Systems
      • Electric
      • IoT
      • IoT-AR
      • Logisim
      • Magnifi-AR
      • Pose Estimation
    • Raspberry Pi
    • Xilinx
    • Others
Menu

Security By Obscurity | Google CTF 2018

Posted on March 17, 2019 by Yılmaz Cemalettin

Google CTF 2018

Security By Obscurity

Reading the contents of the screenshot you find that some guy named “John” created the firmware for the OffHub router and stored it on an iDropDrive cloud share. You fetch it and find “John” packed the firmware with an unknown key. Can you recover the package key?

You can find my all CTF solution in here

 

When I download attachment I saw the zip file and when I extract zip file I notice this is  the recursive zip file therefore I write shell script code for extracting until no zip file remaning.

 

Shell
1
2
3
4
5
6
7
8
9
10
11
12
#! /bin/bash
 
unzip -o -qq zipfile.ZIP
while [ 1 ];
do
ls | grep -v "zip" | grep -v "ZIP$" | grep -v "security_by_obscurity.sh" | while read line;
do
mv $line $line.zip
unzip $line.zip
done
 
done

After run, shell script I found new compression type which is XZ

 

After that, I change .sh file for .xz type. And this changing compression type remain Until I found new.zip file with password protected.

Shell
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#! /bin/bash
 
unzip -o -qq zipfile.ZIP
while [ 1 ];
do
#ls | grep -v "zip" | grep -v "ZIP$" | grep -v "security_by_obscurity.sh" | while read line;
#do
# mv $line $line.zip
# unzip $line.zip
#done
#mv new new.xz
#unxz new.xz
 
#mv new new.bz2
#bunzip2 new.bz2
 
mv new new.gz
gunzip new.gz
done

 

I donwload rockyou.txt wordlist file from internet. Also you can find this CTF drive which is given link above. When I extract zip file I found password.txt and this contain password for CTF

CTF{CompressionIsNotEncryption}

 

 

 

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

My Motto

“Learn to share, Share to learn”

LinkedIn Badge

Cemalettin Yılmaz

Ads

Archives

Categories

  • Articles (1)
  • Augmented Reality (3)
  • Capture The Flag (23)
    • Google CTF (22)
      • 2018 (13)
      • 2019 (9)
    • PicoCTF (1)
      • 2019 (1)
  • Embedded Systems (3)
  • IoT (3)
  • Logisim (1)
  • My Essays (3)
  • Nvidia Jetson (5)
    • Xavier (5)
  • Operating Systems (24)
    • Kali (3)
    • Raspbian (2)
    • Ubuntu (21)
  • Others (1)
  • Personal (1)
  • Programming (44)
    • Arduino (4)
    • C (10)
    • C# (4)
    • C++ (5)
    • Css (1)
    • CUDA (6)
    • Html (1)
    • Js (2)
    • Libraries (5)
      • OpenCV (3)
      • OpenGL (2)
    • Matlab (14)
    • Node.js (5)
    • Python (6)
    • Swift (3)
  • Programs (4)
    • Tools (4)
  • Projects (21)
    • Books Solutions (8)
    • Electric (2)
    • Embedded Systems (2)
    • Energy Harvesting (1)
    • IoT (2)
    • IoT-AR (1)
    • Logisim (1)
    • Magnifi-AR (3)
    • Pose Estimation (3)
    • Smarthome-Ios (1)
  • Raspberry Pi (3)
  • Uncategorized (2)
  • YZlib (1)

Recent Posts

  • atof stof stod problems with local floating point separator in C/C++
  • Pico CTF 2019 Answers
  • YZlib: Personal C++ Library
  • Drive to target | Google CTF 2019
  • FriendSpaceBookPlusAllAccessRedPremium | Google CTF 2019

Recent Comments

  • AbaShelha on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • Peter on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • Yılmaz Cemalettin on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • Yılmaz Cemalettin on 16-Bit CPU on Logisim
  • Jenny on 16-Bit CPU on Logisim
  • MOON on 16-Bit CPU on Logisim
  • anti on Ghidra Installation on Ubuntu |18.04, 16.04, 14.04
  • hunkerjr on STOP GAN | Google CTF 2019
  • Shaq on 16-Bit CPU on Logisim
  • NURUL AFIQAH MOHD HASBULLAH on 16-Bit CPU on Logisim

Linkedln

© 2022 YlmzCmlttn | Powered by Superbs Personal Blog theme