Google CTF 2019 Beginners Quest


Find Entry Pass

Find satellite name from README.pdf => "Osmium"

Find Login Credentials

Run init_sat select function and get Google docs link.
Get string


Base 64 decode

echo VXNlcm5hbWU6IHdpcmVzaGFyay1yb2NrcwpQYXNzd29yZDogc3RhcnQtc25pZmZpbmchCg==|base64 --decode

get user name and password

Username: wireshark-rocks
Password: start-sniffing!

Snif Connections

  1. Check what connections init_sat is making
    netstat -tnpa | grep init_sat

    netstat flags

    • -a Shows the state of all sockets
    • -p Show connections or statistics only for a particular protocol
  2. Get TCP connection IP and ports
    *.*.*.*:1337 (* is hidden)
  3. Wireshark and analyze packages

    Apply port filter to 1337
    ^F to search for "CTF" string

  4. tcpdump
    tcpdump -nA port 1337 | grep CTF{

    tcpdump flags

    • -n Don't convert address
    • -A Print packages to ASCII

      Get Flag