rgbCTF-2020

CTF Writeup - https://ctf.rgbsec.xyz/

Home Other writeups of rgbCTF-2020
14 July 2020

icanhaz

by INXS_JOY

can u haz a meaningful career in cybersecurity tool development? we hope so!

Files

Solution

This is a fun problem which is questioning my career xD.

The question comes with a icanhaz.xyz file, but using the file command on it we see that it is a xz compressed file. So i changed the extension to xz and extracted it using unxz icanhaz.xz We get a ASCII data file after extracting which is the hex dump of a file. Now I tried to create a file using the hex dump. I used cat icanhaz | awk '{ print $2,$3,$4,$5}' to get the hex values alone from the file. Then I used this site, https://tomeko.net/online_tools/hex_to_file.php?lang=en to convert the hex dump to file. It seems like we get another xz compressed file from that hex dump.

Extracting the xz file we get a SVG image. This SVG image is interesting cause its just a white image at first, but reading the contents of the image I noticed that Line 4 of the code <rect x="0" y="0" width="77" height="77" fill="#ffffff"/> is overwriting the fill of all the other rectangles.

alt text

Therefore we remove the fill alone from that line and then we get a QR code.

alt text

Upon scanning the QR I got the following:

/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4AbxAN1dAA2XxNFhRNBaOJSxhV08AXoOcZxtalpXU+c+q/ppfZc1/t0z3BU/P16F9jAlXbjrzh5cXk/9vLbc+8NQJ8PNawtALEPD17f25zdggODx3xzNLY3SjGTIlX0fbqo6HFkHYkIzOjjUgJcN1KbzGRouW+G8TakjrJ4y5Pk7jv/stqRiV0ICPYxKpnZSEn0aLzQSl46j6H3BBUBhRuGgxue3TXIzw5HGMlchgNBs6SCfHU0SkX4zlSKqOWSyKrJ5JMgwC47en2kI68/tRNQYaYzvGGcWcR/iEgNYO/jHVDVLAAAAADjqmgxrEIjCAAH5AfINAADD+B/oscRn+wIAAAAABFla

This looks like a Base 64 encoding, so I Base 64 decoded which gave another xz file. Decompressing the obtained xz file gave another QR I know they are obsessed with QRs xD The exact command to base64 decode and decompress:

echo /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4AbxAN1dAA2XxNFhRNBaOJSxhV08AXoOcZxtalpXU+c+q/ppfZc1/t0z3BU/P16F9jAlXbjrzh5cXk/9vLbc+8NQJ8PNawtALEPD17f25zdggODx3xzNLY3SjGTIlX0fbqo6HFkHYkIzOjjUgJcN1KbzGRouW+G8TakjrJ4y5Pk7jv/stqRiV0ICPYxKpnZSEn0aLzQSl46j6H3BBUBhRuGgxue3TXIzw5HGMlchgNBs6SCfHU0SkX4zlSKqOWSyKrJ5JMgwC47en2kI68/tRNQYaYzvGGcWcR/iEgNYO/jHVDVLAAAAADjqmgxrEIjCAAH5AfINAADD+B/oscRn+wIAAAAABFla | base64 -d | xz --decompress

Scanning the QR code gives us the flag.

Flag

rgbCTF{iCanHaz4N6DEVJOB}
tags: ZTC