Deserted Island Toolkit

Category: Audio/Radio | Points: 150

Prompt: What would a drunken sailor do? (Wrap the output in DawgCTF{ }) DesertedIslandToolkit.zip

Author: Eyeclept

Solution

Unzipping the contents we find that we have been given a .iso file. So we extract the contents in a separate folder to find the following two extracted files :

Well, googling about .cdda files I found out that it is CD Digital Audio Format, so I went ahead and converted it to mp3 via an online convertor just for the sake of convenience.

Online CDDA to MP3 convertor

Listened to the converted file and it sounded suspiciously like Morse Code, so yea, I took the freedom to go ahead and upload the file in an online Morse Code Decoder.

Online Morse Code Decoder

And we got our flag!

Flag:DawgCTF{SOSISNOTTHEAN5W3R}

Photo-Album

Category: Forensics | Points: 150

Prompt: Your grandparents forgot the password to their online photo album! Lucky for you, they only ever use simple passwords and you’re a UMBC CS student. Make them proud.

photo_album.zip

Author: Clearedge

Solution

This challenge provided us with a really large zip file ( around 157 mbs ), and while unzipping it asks for the password. Using John the Ripper to crack the hash with rockyou.txt yields no results.

And then there’s the weird prompt:

Lucky for you, they only ever use simple passwords and you’re a UMBC CS student

So, I tried crafting my own custom wordlists with different combinations of capital letters then small and finally, one wordlist was able to crack the zip file.

with open("wordlists.txt", "w") as p:
    for i in range(4000):
        p.write("umbc" + str(i) + '\n')
    for i in range(4000):
        p.write(str(i) + "umbc" + '\n')        

This unzips all the photos inside the zip file. Using the file command on the second file shows it has ASCII text instead of picture. And using the cat command on the second file gives our flag.

Flag: DawgCTF{P1ctur35qu3}