If you found my content helpful then please consider supporting me to do even more crazy projects and writeups. Just click the button below to donate.
In the end I only had a few hours to participate in the conference so I didn’t manage to get many of the challenges done. The ones I solved are below.
veebee
Buzz buzz, can you find the honey?
file: veebee.vbe
VBE is encrypted VBS. Using https://master.ayra.ch/vbs/vbs.aspx or https://github.com/DidierStevens/DidierStevensSuite/blob/master/decode-vbe.py we can decrypt it.
From the first link we see:
The content should start with
#@~^XXXXXX== and end with ==^#~@plus a "null" char, which is not visible in most editors.
Looking at the file, we have two scripts and some garbage at the start. Splitting the two scripts into different files and running through the decode produces the flag in the second vbe script.
Flag: flag{f805593d933f5433f2a04f082f400d8c}
shoelaces
Do you double-knot your shoelaces? You gotta keep’em tied!
file: shoelaces.jpg
Use strings to find flag.
Flag: flag{137288e960a3ae9b148e8a7db16a69b0}
Chicken Wings
I ordered chicken wings at the local restaurant, but uh… this really isn’t what I was expecting…
file: chicken_wings
It’s just wingdings encoded – decode with https://www.dcode.fr/wingdings-font
Flag: flag{e0791ce68f718188c0378b1c0a3bdc9e}
Buzz
You know, that sound that bumblebees make?
file: buzz
Using file on buzz shows: compress'd data 16 bits. This shows its a UNIX-compressed file – and probably should have extension .z. Giving it correct extension you can open it with archiver and read buzz file contents inside.
Flag: flag{b3a33db7ba04c4c9052ea06d9ff17869}
esab64
Was it a car or a cat I saw?
file: esab64
Notice that filename is base64 but backwardish. Read file backwards and decode as base64 using tac: tac -r -s 'x\|[^x]' esab64. This produces the flag but backwards so reverse again: tac -r -s 'x\|[^x]' esab64 | base64 -d | tac -r -s 'x\|[^x]' and get the flag
Flag: flag{fb5211b498afe87b1bd0db601117e16e}
Car Keys
We found this note on someone’s key chain! It reads… ygqa{6y980e0101e8qq361977eqe06508q3rt}? There was another key that was engraved with the word QWERTY, too…
Keyed Caesar Cipher. Use QUERTY as key. Decode on https://www.boxentriq.com/code-breaking/keyed-caesar-cipher.
Flag: flag{6f980c0101c8aa361977cac06508a3de}
The Mission
Bionic
CONSTELLATIONS has "tried" to reduce their attack surface by offering just a static website. But you might find some low-hanging fruit to get you started.
Find the standard robots.txt file: https://constellations.page/Robots.txt
Flag: flag{33b5240485dda77430d3de22996297a1}
Meet The Team
Recover the list of employees working at CONSTELLATIONS.
Git repo on website: https://constellations.page/.git/config. Use GitTools Dumper.
Flag: flag{4063962f3a52f923ddb4411c139dd24c}
Gus
Use open-source intelligence to track down information on Hercules.
Find link to user from CONSTELLATIONS github (linked from constellations site). Search github user for flag. Find the following file and extract flag.
Flag: flag{84d5cc7e162895fa0a5834f1efdd0b32}
Hercules
Use open-source intelligence to track down information on Hercules.
Find link to user from Gus’s github (Gus is watching). Search Hercules github for flag and find the following file
flag: flag{5bf9da15002d7ea53cb487f31781ce47}
Lyra
Google name and find Twitter account. One Tweet has link to constellations website https://constellations.page/constellations-documents/1/. See it’s potential ennumeration and eventually find https://constellations.page/constellations-documents/5/.
Flag: flag{bd869e6193c27308d2fd3ad4b427e8c3}