Write-Up Advent of CTF 2020 Challenge 8
Overview
The NOVI University Of Applied Sciences is offering an Advent CTF challenge for December 2020.
The CTF is created by our community member of the Hackdewereld.nl and Chief Lecturer for Cyber Security at the NOVI University, Arjen Wiersma. If you want to participate in these CTF challenges, you can create an account on the website https://www.adventofctf.com
.
Challenge 8
- Description: If only you could figure out where to go.
- 800 Points
Let’s start with this challenge! I visited the challenge URL https://08.adventofctf.com/ and ended up on the webpage below. This webpage contains the message: Did you know that the fastest robot can solve rubiks cube in 0.887 sedconds?
No, I wasn’t aware of that. Learned something today…
The message is talking about a robot
. When you talk about a robot on a webpage, in a CTF, you are talking about robots.txt
. Let’s check the robots.txt
. This is a plain text file, that consists of one or more rules. Each rule blocks or allows access to a given crawler to a specific directory file path on your websites. On the other hand, for a human, this file can also be read out and can directly access the file path defined in the rules.
Let’s check this file with a curl
request.
1
2
3
4
5
6
7
8
~$ curl https://08.adventofctf.com/robots.txt
# robots.txt generated by smallseotools.com
User-agent: *
Disallow: /
Disallow: /cgi-bin/
Disallow: /encryption/is/a/right
Disallow: /fnagn/unf/znal/cynprf/gb/tb
Let’s check the first Disallow
rule https://08.adventofctf.com/encryption/is/a/right. This page contains a Base64 encoded string.
Let’s decode this string.
1
2
~$ echo "RW5jb2RpbmcgYW5kIGVuY3J5cHRpb24gYXJlIDIgZGlmZmVyZW50IHRoaW5ncy4=" | base64 -d
Encoding and encryption are 2 different things.
Yep, that’s true. Encryption is part of cryptography and is usually on a secret key, and with only the secret key, the message can be decrypted to the original message.
Ok, let’s analyze the URL. The URL is in some strange format. After passing this to CyberChef, it seems that the URL is a ROT13 cipher. ROT13 is a simple letter substitution cipher that replaced a letter with the 13th letter after it in the alphabet. This URL hides the message: /santa/has/many/places/to/go
.
After replacing the ROT13 cipher with the decoded file path, we get the flag NOVI{you_have_br@1ns_in_your_head}
.
Thanks for reading!