APU Battle of Hackers 2020

This is a simple writeup by my team H0j3n.

Reverse Engineering

I’m using radare2 to analyze the binary. By looking at the main I found a strings Tranqulat3d which could be the argument needed but its not the right one

pdf @main

By looking at ghidra I found this condition where need to be met to get the flag.

In main function
checkpw function

So after trying to understand what it's doing I try to make a simple script to mimic the program and manage to get the flag :)

Running the script and we get the flag.

Coded_II

The next challenge is almost like before. So let’s use radare2 again

pdf @main

By looking at ghidra I found this condition where need to be met to get the flag.

Main Functions
check_pw Function

So I found that by using the same script that I made. You just need to change the first_part and the extra.

Run the script again and I got the flag :)

Cerberus

So I found out that the file is LZMA compressed data.

Let's try extract using 7z and we got another one

7z e cerberus

So we got another file with python 2.7 byte-compiled.

I have encountered this file before and to uncompile it we can use uncompyle6. But make sure to add .pyc

We can see there is a python script here. Let's try running the script and only print trust.

So we got base64 encoded. Let’s decode it.

So that’s why the challenge name is Cerberus. It is Kerberos hash.

Let’s try crack it using rockyou.txt and we got the password which is the flag itself. apuboh{<password>}

Conclusion

CTF Player 🚩 || TRYHACKME || HACKTHEBOX || VULNHUB || STUDENT

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store