BsidesBOS CTF WarmUp Challenge Solutions

7 min readSep 27, 2020

Solutions to the eight warmup challenges of BsidesBOS CTF hosted by John Hammond and team.

There were 8 warmup challenges and we are gonna take up each one of them, one at a time.

Read The Rules

Yes, that’s it ! Head over to the link given and read the rules , but since the CTF is over , we’ll just have a look at the flag.

At first glance , the website looks pretty normal….

But then again if look at the source code we get :

That’s it ! This is our very first flag !

EZ Bake Oven

One very important note in case of all the challenges : Read the Prompt !
With that out of the way, head over to Deployment and start the Challenge !

The source code of the page reveals some very interesting JS code.

To understand what this does , try cooking something. Start with Magic Cookies !

So there’s a timer-thingy going on here. Combined with the JS code mentioned above , it can be deduced that the timer is counting down to a certain date till the ‘Baking’ is done ! Let’s intercept the request with Burpsuite and see what’s going on !

That cookie looks suspicious. We decode the Base64 String to get clear text output. The cookie seems to be referencing a future date (I did the CTF on the night of 26th September and the early hours of 27th September).

We’ll set the date in the past long enough to make sure that the ‘Magic Cookies’ are baked and then encode the resulting string to Base64 to serve as our new cookie value.

echo ‘{“recipe”: “Magic Cookies”, “time”: “09/01/2020, 05:18:57”}’ | base64

We forward our new request over and lo we have our flag !

Y2K

This challenge is reference to the famous Y2K Bug which is clearly indicated by the title as well the reference to the year 2000 in the prompt as well.

Deploy the machine and you are prompted to connect over to a server using netcat !
Once you are connected it’s a simple prompt where it asks you for an input for a year.

Try putting in a string and the error will show you that it’s a python server (It’s literally named server.py !) running on the machine.

The error also indicates that there’s an input() statement at play which might indicate towards the Python2 input() vulnerability. We run a couple of tests to confirm our assumption.

Apparently, our tests check out !

After some research , I came across this exploit with which we could get our flag !

{''.__class__.__mro__[2].__subclasses__()[40]('./flag.txt').read()}

That’s another flag down !

Baseball

This one is comparatively simple , it lies simply in the name Base-ball. Download the file and cat out the contents. It surely looks like an encoded string !

We’ll need CyberChef for this one ! After a lot of trial and error I discovered that to get the flag, we have to decode it thrice ! First decode the original string with Base64 followed by a Base32 decode and finally a Base58 to get the flag !

That’s another flag down !

Kiddie Pool

This one is another quite out-of-the-box yet interesting puzzle. For now keep in that 900% at the back of your mind and download the image !

As one can see , the image is swirled , with some readable text in the beginning and the end ! One can make out the ‘fl’ and the ‘h}’ of the flag. This reminds me of the Infamous Swirl Face incidence.
To get our flag , we need to un-swirl the image. You can use photoshop for this but I’ve used GIMP here. (Proud Linux User Noises In The Background)

After loading the image in GIMP , select :

Tools -> Distort -> Whirl and Pinch

Setting the whirl value to -900 (as suggested by the challenge promt) gives us our flag !

flag{whirlpool_in_a_cinch}

Give Up

The secret to this challenge is to simply Give Up !

After you connect to the server using netcat , you get a shell. Initially the hints made no sense. The repeated references to ‘giving up’ was driving me insane. I quit the server several times but finally I found out what I was doing wrong !

It turns out that ‘giving up’ means that we actually have to exit the server but instead of Ctrl+C , we have to use the exit command ! Doing so gets us a very long number before quiting !

It is a long string which needs to be decoded. You can either you online tools like this one or write a python script as follows :

from Crypto.Util.number import long_to_bytes
cypher=3338241147603780238248786938107867350016489922013403739812786768782254742117160331044416747901
print(long_to_bytes(cypher).decode())

Either way , decode the string to get your flag !

Where’s The Body ?

Heading over to the challenge we find a page of Among Us memes, which is kinda sus.

Fire up gobuster with common.txt to enumerate further as the source code didn’t reveal anything of value.

The sitemap.xml sure looks interesting! Heading over to the sitemap.xml we see :

Ah ! Another encoded flag ! Decoding this with CyberChef yields :

That’s our penultimate flag !

Play The Harp

This one was probably the wittiest challenge of them all. Though pretty straight forward , this challenge had me stuck for a long time and when I finally figured it out , I felt so stupid. The downloadable image is just a picture of a harp :

Now read the prompt again : “family member of such a wonderful type of musical instruments !” and the first thing which pops up into our mind is STRINGS !
While examining the strings , we come across a long block of text which looks like this :

Now at this moment , I was honestly stuck about what to do next ? After scrutinizing this for a long long time and with some nudge from the community I finally discovered that the flag had always been right there infront of my eyes !

The entire flag reads out to be :

flag{the_harp_instrument_has_vertical_strings}

That’s our final flag of the warmup series !

I hope this helps ! The CTF was a great experience and the community was very helpful. Personally , I learnt a lot from this one ! Incase of any questions , feel free to drop a comment ! Till then, Happy Hacking !