Follow me on Instagram

[instagram-feed]

Back to Top
Image Alt

Google CTF 2019 // #03-2 Home Computer

Writeup Series

Google CTF 2019 // #03-2 Home Computer

Blunderbussing your way through the decision making process, you figure that one is as good as the other and that further research into the importance of Work Life balance is of little interest to you. You’re the decider after all. You confidently use the credentials to access the “Home Computer.”

 

Something called “desktop” presents itself, displaying a fascinating round and bumpy creature (much like yourself) labeled “cauliflower 4 work – GAN post.” Your 40 hearts skip a beat. It looks somewhat like your neighbors on XiXaX3. ..Ah XiXaX3… You’d spend summers there at the beach, an awkward kid from ObarPool on a family vacation, yearning, but without nerve, to talk to those cool sophisticated locals.

 

So are these “Cauliflowers” earthlings? Not at all the unrelatable bipeds you imagined them to be. Will they be at the party? Hopefully SarahH has left some other work data on her home computer for you to learn more.

Downloading the attachment yields 2 files again.

  • -rw-r–r–@ 1 maya staff 25M Nov 30 1979 family.ntfs
  • -rw-r–r–@ 1 maya staff 49B Nov 30 1979 note.txt

note.txt tells me that I can rename family.ntfs to family.dmg to open it up on MacOS. Useful information.

I mounted family.dmg to find a full windows installation on there. While combing through the user directories, I chanced upon the a credentials.txt within the /Users/Family/Document folder.

The file contained the following text.

I keep pictures of my credentials in extended attributes.

Running xattr -l /Volumes/Family/Users/Family/Documents/credentials.txt on credentials.txt resulted in a a chunk of hexdecimal text encoded under FILE0. This prompted me to run xattr -p FILE0 credentials.txt > cred. in order to output the hex contents into a separate file. Observing the first line of the hex as the following tells me that the file is PNG file:

89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52

Since we cannot open the hex file as a PNG, I used xxd to convert the hex back into binary with the command xxd -r -p cred cred.png which resulted in the below image.

And with this, we found our forth CTF flag.

Post a Comment