Misc [300pts]

Description: Spentalkux 🐍📦

So the description for the challenge is a little vague. But, looks like its a Python package called Spentalkux.

When we import the latest version of this package, we get a message and a small cipher:

This message is a Vigenere cipher. When we decode this, we get a pastebin link:

“Hello, If you’re reading this you’ve managed to find my little… interface. The next stage of the challenge is over at https://pastebin.com/raw/BCiT0sp6″

The pastebin link contains a large hex value that when decoded using CyberChef, we get what looks to be an image:

We use a small python code to convert to image based on this link: https://stackoverflow.com/questions/50734133/convert-hex-text-file-to-original-imagejpeg-in-python-or-java-code/50734487

and what we get is a picture that says:

The binary is decoded into: _herring. Indicating that this is a red herring. Now “look back into the past” can mean many different things. For this, I looked up spentalkux again and it seems there was a previous version as well.

So I ran pip install spentalkux==0.9.

Importing this version of spentalkux, we are greeted with a different message:

Using CyberChef once again, this message is decoded in the sequence of:

From Base32 -> From Base64 -> gzip

Extracting the gzip gives us a large binary. Following this decoding sequence (lots of trial and error), we eventually reach the flag:


Misc [400pts]

Description: https://youtu.be/zi3pLOaUUXs (We are given a YouTube link)

We are given a YouTube link that shows a bunch of barcodes changing quickly within a 6 second video. There are numbers being repeated throughout as well.

So after recording down the numbers, I downloaded this YouTube video and extracted the frames out of the mp4. After running each image through a barcode scanner, we see that there are values of this ordering:

5WlndrAehA 8PdGSTvnaY 9zuPGubRMc 7cyqggztfa 6AqGoWfWwR 7JwvAOM{Px 4JIEbOEkws 5NDuG4sOeb 9chPBBYtfr 8iwkHVYpcf 7hVMGQe0xL 3vBdLvZLbB 2T3iNatxiU 5kNLb_eoyi 4AfAmLXyJo 4oFE4iSJmP 3ajdUBIXVe 4oAQnoJxEV 8SzMNoIa3j 9aaIBHbqls 2vsDNpidao 1}gfkrtfrm

It turns out that the beginning number for each decoded barcode and the numbers being said in the video match. After some careful analysis, we notice that each index of the decoded barcode corresponds to the flag we are looking for:

Flag: ractf{b4rc0d3_m4dn3ss}

Mad CTF Disease

Misc [350]

Description: Todo: [x] Be a cow [x] Eat grass [x] Eat grass [x] Eat grass [ ] Find the flag

So we are given a picture of a cow. In cow.jpg

Running Steghide on this image gave us moo.txt:

I did not know what this was so I randomly googled: “decode moo”

We are given a link that resembles the same type of text given to us:


It turns out that this is a COW esolang. So decoding our text using the above link gives us:

Zipped Up

Miscellaneous [70 pts]

It appears that the file in question has been zipped many times. Sure enough, when I click the link it downloads me a .zip file.

When unzipped, this file results in a folder named “0” and inside that folder, results another zipped file. This time, ending in .tar.bz2.

When I unzip this file, it results in another folder, named “1” and in that folder there is a file named 1.tar.

When this is unzipped, it reveals a .txt file and yet another file.

When opening the .txt, we get a flag – however, it claims it is not the flag.

It really is not the flag.

When I unzipped the file further, the pattern repeated. Every few unzips, there would be another .txt file with the same message.

Okay, so I have to write a script to make this process automated. Lets jump into linux.

I created a simple bash script that would do some terminal commands over and over. I made bash script, and then I made a loop.


while [ $MYNUM -le 999 ]

MYNUM=$(( $MYNUM + 1 ))

^ Basically, every time it loops, the variable MYNUM increases by one. Eventually, it will stop looping. It will repeat about a thousand times.

Okay, lets add some commands. At first I thought I would use the tar command to unzip the files, and gzip and bzip and the rest for their respective file extensions. However, I realized that that would just be troublesome – I don’t want to have to manage 3 or 4 different tools and commands to unzip each file, right? So I thought I might find a single tool that can unzip every file extension type. And of course, my favorite would be 7zip.

On linux, that would be p7zip, as the command line tool. Lets add it into the loop.

Basically, all this command does is it looks for any file in the immediate directory and attempts to unzip it.

7z x *.* -oA – 7z (command) x (extract to full path) *.* (wildcard . wildcard — any file name with any extension) -oA (create a new directory, named “A”)

Then we have to make a way for the terminal to change directory into that new folder. This way, when it repeats, it will unzip the new .zip instead of the old one.

However, notice how I specifically asked 7zip to create a new directory, every time? Wouldn’t the folder they create when unzipped normally be enough? Well, not exactly. I forgot to mention, but every so often, the zips did not contain a folder. They sometimes only contained the next .zip. This messes with my script, because then *.* no longer works, because there are two files. because of this problem, I made 7zip create a new directory every time. However, because of That, I will have to point my script to change directory twice.

cd */ (Changes directory to any immediate folder.)
cd */ (Changes directory to any immediate folder.)

However, we can’t quite run the script yet. Remember the .txt files, which contain a false flag? we need to get rid of those since if 7zip see two files in one directory, it cannot unzip *.*.

To do this, I simply used the mv command to move them into another directory. Since this has to happen before the 7zip command gets activated, I put it first in the loop.

mv *.txt /home/kali/Documents/txts/ (Moves any file that ends in .txt to a folder I created in my Documents directory)

And with that, its ready to run. Lets add all our files into a testing directory.

My script ^

Plus 4.tar.gz (Remember how I unzipped a few by hand to get an understanding of the contents? I still had it, so I just copied the lowest one down I had.)

lets jump into a terminal.

How you run the bash script ^

Now, you can’t see this in my screenshot, but the command is running extremely fast. I’s no more than a blur when I tried to take this screenshot.

After the command stopped working, and I was getting errors because “No such file or directory exists” on 7zip (meaning that I have unzipped them to the very last zip) I went back to examine my .txts.

There are 1001 items (I went back and added the first few, for aesthetics)

Now, lets find the one that does not contain the message “tjctf{n0t_th3_fl4g}”
Some people created yet another script to do this, but instead of doing that, I just sorted by size.

Hmmm, 829.txt has a different file size than the other 1000? how peculiar.

Oh, yeah. Its because it contains the flag.

Flag: tjctf{p3sky_z1p_f1L35}