UIUCTF 2021 Writeup

Posted on

Table of Contents:

Welcome to UIUCTF'21 (1 point)
Join our Discord (1 point)
Feedback Survey (1 point)
wasmbaby (50 points)
phpfuck (50 points)
OSINT The Creator (50 points)
OSINT The Creator 2 (50 points)
CEO (50 points)
doot doot (50 points)
emote (50 points)
buy_buy_buy (57 points)
Chaplin’s PR Nightmare - 2 (50 points)
Chaplin’s PR Nightmare - 3 (50 points)
Chaplin’s PR Nightmare - 4 (50 points)
Chaplin’s PR Nightmare - 5 (50 points)
Chaplin’s PR Nightmare - 7 (50 points)

Welcome to UIUCTF'21 (1 point)

The flag is located in the background picture of the challenges page. Open it in another tab or after downloading it and look carefully towards the bottom left portion of the picture (Maybe zoom in a bit). The flag is located there.

Answer: uiuctf{secret_pictures}

Join our Discord (1 point)

The flag is located in the rules channel of the discord.

Answer: uiuctf{y0u_j01n3d_tH3_dIsCorD!!!}

Feedback Survey (1 point)

Fill out the survey to get the flag.

Answer: uiuctf{your_input_is_important_to_us_<3}

wasmbaby (50 points)

I found the flag by opening the browser debugger and searching for “uiu” in each file. The flag was in the “index.wasm” file that the page processed. flag location in index.wasm file

Answer: uiuctf{welcome_to_wasm_e3c3bdd1}

phpfuck (50 points)

The root directory gives the path for the flag from the phpinfo() output. I went to that page and checked the page source. The flag was commented out in the HTML but it was the correct the flag.

Answer: uiuctf{pl3as3_n0_m0rE_pHpee}

OSINT The Creator (50 points)

I found the flag by checking all of the administrators' discord profiles. Thomas had the flag in spoiler tags on his profile.

Answer: uiuctf{@b0uT_m3_suppOrT5_maRkD0wN}

OSINT The Creator 2 (50 points)

I first searched the author’s 2 twitter accounts but could not find anything from July or June that was relevant. I went through all of the pictures on the accounts but I didn’t find anything useful. I eventually found the flag by searching Twitter for “thomas quig uiuctf” and sure enough the author did post the flag on his twitter account but very far in advance in April. It would have taken a lot of scrolling to see the flag had I not used the search feature. The flag after using Twitter Search

Answer: uiuctf{it5_@_sEcr3t_t0ol_thAT_w!ll_he7p_u$_l@ter}

CEO (50 points)

I used aircrack-ng and the “rockyou.txt” password list to find the CEO’s password. The command I ran was aircrack-ng megacorp-01.cap -w rockyou.txt. Eventually the program found the password which after formatting was the correct flag. CEO Password is nanotechnology, aircrack-ng output

Answer: uiuctf{nanotechnology}

doot doot (50 points)

In the provided video, the flag is shown once throughout every run of the movie script. You just have to watch until the flag appears in the video. I increased the video speed to 4.5x since we don’t actually have to read the whole script, just look for flag-like syntax and then pause the video when we see it. The addon “Video Speed Controller” is helpful here. I saw the flag around the 9 minutes 55 seconds mark.

Answer: uiuctf{doot_d0ot_do0t_arent_you_tired_of_the_int4rnet?}

emote (50 points)

I used the :emote: command on the discord server to see the output. It produced an image that I saved to my computer. Using “zsteg” on the file or the website https://aperisolve.fr/ produces the hidden flag.

Answer: uiuctf{staring_at_pixels_is_fun}

buy_buy_buy (57 points)

To get the flag, you have to buy and sell items with the discord bot in the Charlie Chaplin channel. Ultimately you have to buy three flags which are “Flag Common”, “Flag Rare”, and “Flag Ultra Rare”. The common flag costs up to $10 thousand, the rare flag up to $1 million, and the ultra rare flag costs $10 Million. You start out with only $10 thousand. You can bid for items on the public auctions and sell them for much more afterwards. You can also buy items directly from the marketplace store and sell them for a profit. Repeat this process until you have enough money to buy all 3 flags. You can then redeem them afterwards with the /redeem_flags command and the bot will private message you the flag.

TL;DR: Buy low, sell high, repeat until $10 million+, buy the 3 flags, get the actual challenge flag.

Answer: uiuctf{at_the_bang_of_the_gavel_only_one_can_win}

Chaplin’s PR Nightmare - 2 (50 points)

I found the the right Twitter page by searching for Charlie Chaplin coding in Twitter’s search bar. It led to a youtube video. At the very end of the video, the flag is shown.

Answer: uiuctf{ch@plin_oN_th3_tV!!}

Chaplin’s PR Nightmare - 3 (50 points)

The youtube channel associated with the video for the second Nightmare challenge has a link to a website. One of the pictures on the homepage has a flag on the computer screen. You may need to zoom in to see it.

Answer: uiuctf{ch@pl1n_i5_eL337}

Chaplin’s PR Nightmare - 4 (50 points)

There is a contact page on the website that lets you submit a google form. Upon filling out and submitting the form, you receive the flag.

Answer: uiuctf{w3_d0_nOt_v@lu3_yoUR_1nPuT}

Chaplin’s PR Nightmare - 5 (50 points)

One of the images on the “about-us” page links to the imgur account. Look through the pictures on the account and on one of the pictures, there is a comment with the flag.

Answer: uiuctf{tH3_pR_p0Lic3_h@vE_cAugHt_Up?!}

Chaplin’s PR Nightmare - 7 (50 points)

I found the github profile by searching “Charlie Chaplin” on Github. After investigating for a while I found the flag by clicking the “Show more activity” bar on on the profile page. I was able to see a closed issue for one of Charlie’s repos and the flag was present in one of the comments.

Answer: uiuctf{th3_TrUe_pR_N1gHtm@r3}