The Google Introduction to CTF 2019

Google CTF 2019

Introduction

Google’s CTF competition is an annual event that gives security professionals and enthusiasts an opportunity to display their hacking abilities or giving a taste of what it’s like being a hacker.

Beginner's Quest

Beginner’s Quest gives an excellent introduction to thinking like a hacker. Starting from the very beginning Google made it simple enough to choose a path. The very top row is the easiest challenges that Google introduces. As you move down each level it progressively increases in difficulty. Google is nice enough to leave a few notes before starting to ensure the people doing the quest line understands how it all works.

The Storyline

Invitation Space-time Coordinates Coordinates Unzipped

After downloading the attachment I immediately change the name to something more readable. I then use the file command to identify what kind of file I’m going to be working with. I unzipped the file and I’m presented with 2 additional files. The rand2 file looks a bit interesting, so once again I file it to see what I’m working with. The file appears to be an ELF file which is a common standard file format for an executable file.

Coordinates Ghidra

Lucky enough, I found a neat tool that is getting some attention to security professionals called Ghidra. If you are familiar with IDA then Ghidra shouldn’t be a stranger to you. Ghidra is a software reverse engineering (SRE) tool developed by the NSA to give securiy professionals a way analyze code. Ghidra is an excellent alternative to IDA if you don’t want to deal with the the high price tag or minimal features of IDA. Opening rand2 file in Ghidra. If we look inside the main function of the file we can see the flag: CTF{welcome_to_googlectf}

Arrival & Reconnaissance Decode Signals

Satellite This next challenge we had to choose 1 of the 2 paths. I decided to go with a decode because I find those challenges more enjoyable and fun.

Satellite Unzipped Again, this challenge required us to download the attachment. Same as before I change the name of the file to something more readable. I then use the file command to check what kind of file it is like before. I unzipped the file and was given 2 addtional files. The readme pdf file immediately gives a hint that it should be looked at first.

Read me The pdf file definitely gives us a few tips into solving this challenges. It states that the “init_sat” file can be read by humans and loaded into our terminal.

Init sat Here I make the init_sat file have executable rights. From there I execute the init_sat file using the ./init_sat command. We are then greeted and asked to enter the name of the satellite to connect to or quit the program. I remember the picture in the pdf file had text writing on the satellite that says “osium”, so I inputted that and got a secure connection to the satellite. A welcome message with 3 options is displayed. It seemed pretty obvious that (a) was the right one to pick. We are given a bunch of information along with a link to a google docs drive.

Google Drive Satellite With this information I knew that it was a base64 code. From here we can either go to site called www.base64decode.org and paste the code there or we can use terminal and get it from there (either will work just fine).

Base64 Decode 1

Base64 Decode 2

Here you can see both methods showing the same output.