Satellite | Google CTF 2019

Google CTF 2019

Satellite

Placing your ship in range of the Osmiums, you begin to receive signals. Hoping that you are not detected, because it’s too late now, you figure that it may be worth finding out what these signals mean and what information might be “borrowed” from them. Can you hear me Captain Tim? Floating in your tin can there? Your tin can has a wire to ground control? Find something to do that isn’t staring at the Blue Planet.

You can find my all CTF solution in here

When I download attachent, I saw 2 file. One of them README.pdf and other is ELF 64-bit LSB executable file

When execute init_sat, programs ask to satellite name. You can find the satellite name in README.pdf

osmium

When I check the remaining config data in;

https://docs.google.com/document/d/14eYPluD_pi3824GAFanS29tWdTcKxP_XUxx7e303-3E

I saw that text;

VXNlcm5hbWU6IHdpcmVzaGFyay1yb2NrcwpQYXNzd29yZDogc3RhcnQtc25pZmZpbmchCg==

It looks like hash code. I checked hash type with using hash checker. It is BASE64 strings.

When I decode BASE64 strings

It means we must to sniff programs with wireshark. But we must to find server IP adress. We can use strace for that;

I founded

[pid 3862] connect(3, {sa_family=AF_INET, sin_port=htons(1337), sin_addr=inet_addr(“34.76.101.29”)}, 16) = -1 EINPROGRESS (Operation now in progress)

So we can use Wireshark

You can see the password: CTF{4efcc72090af28fd33a2118985541f92e793477f}

Flag: CTF{4efcc72090af28fd33a2118985541f92e793477f}​

Second Way:

Also you can use the diassembler for the find adress of the server. In this case; I will use Binary Ninja

You can see the address: satellite.ctfcompetition.com:1337

Flag: CTF{4efcc72090af28fd33a2118985541f92e793477f}

Leave a Reply

Your email address will not be published. Required fields are marked *