Follow me on Instagram

[instagram-feed]

Back to Top
Image Alt

Google CTF 2019 // #02 Satellite

Writeup Series

Google CTF 2019 // #02 Satellite

Placing your ship in range of the Osmiums, you begin to receive signals. Hoping that you are not detected, because it’s too late now, you figure that it may be worth finding out what these signals mean and what information might be “borrowed” from them. Can you hear me Captain Tim? Floating in your tin can there? Your tin can has a wire to ground control?

Find something to do that isn’t staring at the Blue Planet.

Downloading the attachment yields two files again.

  • init_sat [3.2MB]
  • README.pdf [2.7MB]

The PDF contains the follow text and image.

Following the instructions of the image, I did a quick file init_sat to identify what kind of application it is. Running a strings on the init_sat ELF file returns nothing useful. So I booted up Kali to run the file within terminal.

The application requested a satellite name, and I entered in osmium, considering it’s from the image in the PDF file and it ran successfully giving us a Google Doc link (https://docs.google.com/document/d/14eYPluD_pi3824GAFanS29tWdTcKxP_XUxx7e303-3E).

Opening the Google Doc link gives us a random string of alphanumerical text.

VXNlcm5hbWU6IHdpcmVzaGFyay1yb2NrcwpQYXNzd29yZDogc3RhcnQtc25pZmZpbmchCg==

it seemed to me like base64 so I ran a quick decode and got the following.

Username: wireshark-rocks
Password: start-sniffing!

It seemed quite clear to us that we should be running wireshark while running init_sat. And that is exactly what I did next. One specific IP seemed interesting to me, I did some reverse lookup, but I noticed later that the flag is already in one of the packets to that IP as seen below:

“Username: brewtoot password: CTF{4efcc72090af28fd33a2118985541f92e793477f} 166.00 IS-19 2019/05/09 00:00:00
Swath 640km Revisit capacity twice daily, anywhere Resolution panchromatic: 30cm multispectral: 1.2m
Daily acquisition capacity: 220,000km² Remaining config data written to: https://docs.google.com/document/d/14eYPluD_pi3824GAFanS29tWdTcKxP_XUxx7e303-3E”

And there we have it. Our second flag.

Post a Comment