n00bs CTF Level 3

Link: Webpage Points: 30
Useful Tools: QR scanner Tags: beginner misc

Show Solution …

The Challenge

This level presents us with a QR-code and a seemingly never-ending progress bar. If you take a look at the source code for the page, you will find that the progress bar is actually made to be permanently stuck at 90%, so this is just a distractor and doesn’t mean anything at all.

Level 3 Main Page

To scan the QR-code, I pulled out my smartphone and opened up a barcode scanning app (most also read QR codes). There are also websites that allow you to upload images of QR codes (and other types of image-based codes) if you don’t have a phone handy. After scanning the QR code, the output is a text sequence of dots and dashes. This looks very similar to Morse Code, so the easiest way to find out is to copy/paste it into a decoder and see if the output makes sense. I’m not aware of a Linux tool that does this, so the easiest option is probably to find a web-base decoder.

Morse Code Output

The output above comes from this website. Since Morse Code does not have _ characters, we add those back in manually after decoding so that we match the right flag format, giving us the final flag. infosec_flagis_morsing

Lessons Learned

Here we revisited two previous lessons-learned. First, never trust what is given to you in a CTF challenge. You can wait all day and this progress bar will never complete, nor does it have anything to do with finding the flag. Second, always look at the source code so that you can see how the page is designed. In this case, looking at the source code tells you immediately that this progress bar is hard-coded to be at 90%.

Additionally, you learned how to identify, scan, and get the output of a QR code if you had never done that previously. Furthermore, you saw what Morse Code looks like in text form, and now have another decoder in your back pocket to use in the future should you run across it again.

Analysis of Apache Guacamole

### OverviewThis post will be focusing on an analysis of Apache Guacamole's web traffic. From their website:> Apache Guacamole is a clien...… Continue reading

SHA2017 Junior CTF - Rotation

Published on August 14, 2017


Published on August 12, 2017