This is the UTC CTF 2019 write up, I'm take part in from 21-12-2019 to 22-12-2019


This is quite newbies write up, so I will try to explain more in details. This is what I got:

Simple bof (pwning)

Honestly, this was the first of y pwning challenge. This was absolutely awesome because I successful make it.

  1. In the question, we obtain a netcat and bof.c. The hints in the question told that it is a buffer overflow question.
  2. So, I trying to debug on the bof.c and try to compile it.
  3. After that, we try some input in the bof
  4. After that, we try to run python to pwning the bof.
  5. The theory is that we have to make buffer overflow and we want to change the variable secret to 0x67616c66 which is flag(we run pwn.p32(0x67616c66)). As the buffer overflow, we can control the contents in variable. If we sucess to make it, we will obtain the flag.
  6. But sorry about that, the write up is done after challenge end. So, I couldn't netcat the server.
  7. The above picture is the screenshot when on the challenge.
  8. The flag is utc{buffer_0verflows_4are_c00l!}.This was the result after scratch and struggling for 2 hours and done a lot of mistake. But I get it.

Optics 1(forensic, I think)

This is the file carving challenge.

  1. I obtain a challenge1.png.
  2. I try to open it, but it failed.
  3. I check on the header it is wrong and PNG should be start with %PNG instead of %LOL
  4. Let just modify it and it works.
  5. After that, I get a Qr code picture and I scan it.
  6. We get the flag and it is utc{dang_you_know_qr_decoding_and_shit}

Optics 2(forensic, I think)

I think the solution is quite creative XD.

  1. I obtain a zip file. After extracting, there are 440 PNG picture inside the file and it is small.
  2. I guess the challenge is want us to combine or merge the file altogether.
  3. Since there are 440 files, so I think should be square root of 440, which is 20.98~21. So, I want to merge in 21x21.
  4. I check out the website, but I didn't get any online tools to merge because it is too many file.
  5. So, I decide to make it.
  6. This is what I found in the browser.
  7. So, I obtain the flag which is utc{merge_ang_merge_until_you_decode_it}

Strings(baby)

A simple strings program

  1. I obtain a binary file which is strings.
  2. I rename it and run strings [filename]
  3. That was the flag: utc{that_was_ezpz}

Corey's core dump 1(baby)

A more complicate strings program?

  1. I obtain a binary file which is core.
  2. I run strings [filename]
  3. That was the flag: utc{im_a_passw0rd}

Xarriors of the World 1(baby)

A simple cryptography decode.

  1. Read on the question and I notice that the captain must be a hint.
  2. I try to decode by base 64 with cryptii. This is what I got. There will be loss in the text. So, I convert all to hexadecimal.
  3. Then, I try with XOR decoder and put in the key captain
  4. We obtain the flag:utc{[email protected]@1n_w3lc0me_t0_x0rriors}

Hope you guys enjoy this write up. Thanks to utc ctf to make a ctf that for newbies.