May the Fourth CTF: A Star Wars-Themed Cyber Challenge

May the Fourth CTF: A Star Wars-Themed Cyber Challenge

ยท

4 min read

Have you ever dreamt of venturing into the depths of the dark web, unravelling mysteries in a galaxy far, far away, all while chasing down cyber villains?

My recent experience at the Star Wars-themed Capture The Flag (CTF) event , hosted by The Safer Internet Project and e2cyber, was nothing short of an exhilarating cyber adventure! It took me over a week to crack all the challenging tasks, but the thrill of uncovering each flag felt like discovering hidden treasures in a digital universe. The well-structured words and clues made these challenges fun and immersive in the Star Wars theme.

Let's dive in!

https://sip.ctfd.io/


Challenge 1 - May The Fourth Be With You (MISC)

Watch the video and keep an eye out for the listed dark web URL. The flag is the URL.

Solution:

Download and view the video file provided in the challenge. The URL is displayed on the screen.

Flag: hrn5dkeoy6fz4uvcmpqtc4rcd6s4oitl7hn2uawzafdi3ja3w7kx6xad.onion

Challenge 2 - The Product (WEB)

On the dark web website, there's a dodgy product to be found by diving deeper into the site. Follow the breadcrumbs and "investigate" that image to see what you can find. The flags to be found are:

  1. dodgy product file name

  2. an IP address

Solution:

As the URL is a dark web URL, we need to use the TOR browser to open it. Download from torproject.org and install the application. Enter the Onion URL, then see this cool STARBAY website with alien text that is not human-readable. By navigating through the page and page source code, you can find out there are some clickable links. Explore each page, then you will find 3 product pages - Droids, Weapons, and Starships.

On the Droids product page, the first product shows a PNG extension, but it is actually a JPEG. Additionally, it appears to be a bad product and seems suspicious.

Use steganalysis to further investigate this image by using stegseek and a wordlist (rockyou.txt) to perform a password attack and reveal the secret in this image. Run the command: stegseek droids-pic.jpeg usr/share/wordlists/rockyou.txt.

A hidden file is extracted with a text message containing the IP address we are looking for.

โ€œUse the Force to guide you, young Padawan. Remember, the path to 44.223.67.182 lies within, and with the right knowledge, even the darkest of servers can be accessed...โ€

Flag1: droids-pic.jpeg / Flag2: 44.223.67.182

Challenge 3 - SSH Your Inner Force (MISC)

You have the IP address, and you know which product was a bit askew, however now you need to go a bit further to find the machine hosting this dark web marketplace. What is the username and password to login?

Flag is in format username:password

Solution:

Use ssh to connect to the IP address and we see a message "Use The Force... ViewTheSourceLuke!" along with a request for the password. Since the flag is asking for the username, we need to log in with the correct password. I created a list with potential usernames and passwords in two text files and ran hydra to brute force them.

Use the command line: hydra -V -L username.txt -P password.txt 44.223.67.182 ssh then we see a match!

Flag: droid:VieTheSourceLuke!

Challenge 4 - Bad Users (LINUX)

Using the previously found credentials, log into the host and find who the other users are and what sort of permissions they have of this machine.

What is the username of the culprit behind this infrastructure?

Solution:

Firstly login with droid:ViewTheSourceLuke! to access the server.

pwd and ls to look around what this user can access. There are two text files and a directory available. Use cat output.txt to check the first file.

A lot of information is in this file, including some information about the server and the users. We can see many users in the file, but only droid and badwookie1337 keep showing up. Plus, we need to find the "bad users" for this challenge, so here we go!

Flag: badwookie1337

Challenge 5 - User Info (LINUX)

Now that you know who's behind all of this, lets dive deeper and find who they are and what they are doing!

What we want (in this order) is;

  • users real name

  • users planet

  • users race

  • users galactic affinity

Solution:

So now we have to find out what this bad user is doing! We can log in as droid and look around under this user. Maybe we can also move to badwookie1337's directory. Let's try.

Use cd .. and then ls to reveal other users' directories. Dive into badwookie1337's directory and we can see a text file named UserInfo.txt. Use cat UserInfo.txt to check the file and see a message with the information we need for this challenge.

Flag: Darth Shadowclaw


Out of curiosity, I also looked into the sign.txt and found out it's a message board from other competitors who also made it through here. I left a message for the host too. What a fun Star Wars-themed CTF!! ๐Ÿ˜Š

๐ŸŒŒ๐Ÿ”ซ-- May The Force Be With You --โญโš”๏ธ

Did you find this article valuable?

Support Ketty C. by becoming a sponsor. Any amount is appreciated!

ย