Description
RU: Все Эксперты корпорации “Серебряный Щит” не могут расшифровать перехваченные данные. Кто знает, может это получится у вас?
EN: All Experts of The Silver Shield Project can’t decipher the intercepted data. Who knows, maybe you can do it?
h4ck1t{flag}
Solution
The challenge file consisted of only one file of unknown type. First thing to try is to run the file command to see what we are dealing with.
|
1 2 |
root@kali:~/h4ck1tctf/Paraguay/solve# file 100_00edb54bed7e46bd5cdb7c06059881c2 100_00edb54bed7e46bd5cdb7c06059881c2: Zip archive data, at least v2.0 to extract |
It looks like a ZIP archive, so let’s try to extract it.
|
1 2 3 |
root@kali:~/h4ck1tctf/Paraguay/solve# unzip 100_00edb54bed7e46bd5cdb7c06059881c2 Archive: 100_00edb54bed7e46bd5cdb7c06059881c2 inflating: work_folder/99 |
That worked, but now there is a new file at the location ./work_folder/99.
|
1 2 |
root@kali:~/h4ck1tctf/Paraguay/solve# file work_folder/99 work_folder/99: Zip archive data, at least v1.0 to extract |
Let’s extract this one as well and look at its file type.
|
1 2 3 4 5 |
root@kali:~/h4ck1tctf/Paraguay/solve# unzip work_folder/99 Archive: work_folder/99 extracting: work_folder/98 root@kali:~/h4ck1tctf/Paraguay/solve# file work_folder/98 work_folder/98: RAR archive data, v1d, os: Unix |
This one is a RAR archive. Long story short, this went on and on, pseudo-randomly switching between different types of archives. A quick Google search showed there is a really nifty Python module that can automatically identify the type of the archive and then try to extract it. That’s the key to this problem. I got the flag with the code below:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
import subprocess import shlex import os import zipfile import patoolib def unzip(filename): # Extract the archive in the current directory patoolib.extract_archive(filename,outdir=".") # Remove the archive so that it will not be extracted again os.remove(filename) # This function is not required for getting the flag def get_mime_type(filename): # Get the mime type of the file cmd = shlex.split('file --mime-type {0}'.format(filename)) result = subprocess.check_output(cmd) mime_type = result.split()[-1] print "Mime type:",mime_type return mime_type def get_files(): # Recursively look for files starting in the current directory for root, dirs, files in os.walk("."): path = root.split('/') for file in files: # Skip the file containing this script itself if file != "auto_extract.py": filepath = root + "/" + file mime = get_mime_type(filepath) # If the MIME type is 'text/plain', I assume we got the flag if mime == "text/plain": with open(filepath) as f: content = f.readlines() print "Flag found:",content break # If it is not a text file, try to extract it unzip(filepath) # After extracting, look for new files again get_files() print "Starting..." get_files() |
Let’s try the script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
root@kali:~/h4ck1tctf/Paraguay/solve# python auto_extract.py Starting... Mime type: application/zip patool: Extracting ./100_00edb54bed7e46bd5cdb7c06059881c2 ... patool: running /usr/bin/7z x -o. -- ./100_00edb54bed7e46bd5cdb7c06059881c2 patool: ... ./100_00edb54bed7e46bd5cdb7c06059881c2 extracted to `.'. Mime type: application/zip patool: Extracting ./work_folder/99 ... patool: running /usr/bin/7z x -o. -- ./work_folder/99 patool: ... ./work_folder/99 extracted to `.'. Mime type: application/x-rar patool: Extracting ./work_folder/98 ... patool: running /usr/bin/unrar x -- /root/h4ck1tctf/Paraguay/solve/work_folder/98 patool: with cwd='.' patool: ... ./work_folder/98 extracted to `.'. Mime type: application/x-rar patool: Extracting ./work_folder/97 ... patool: running /usr/bin/unrar x -- /root/h4ck1tctf/Paraguay/solve/work_folder/97 patool: with cwd='.' patool: ... ./work_folder/97 extracted to `.'. [ ... ] Mime type: application/gzip patool: Extracting ./work_folder/4 ... patool: running /bin/tar --extract -z --file ./work_folder/4 --directory . patool: ... ./work_folder/4 extracted to `.'. Mime type: application/x-rar patool: Extracting ./work_folder/3 ... patool: running /usr/bin/unrar x -- /root/h4ck1tctf/Paraguay/solve/work_folder/3 patool: with cwd='.' patool: ... ./work_folder/3 extracted to `.'. Mime type: application/gzip patool: Extracting ./work_folder/2 ... patool: running /bin/tar --extract -z --file ./work_folder/2 --directory . patool: ... ./work_folder/2 extracted to `.'. Mime type: application/gzip patool: Extracting ./work_folder/1 ... patool: running /bin/tar --extract -z --file ./work_folder/1 --directory . patool: ... ./work_folder/1 extracted to `.'. Mime type: text/plain Flag found: ['FLAG: 0W_MY_G0D_Y0U_M4D3_1T'] |
That’s it. The flag is h4ck1t{0W_MY_G0D_Y0U_M4D3_1T}.
