I started to do the OVW ages ago and got to busy to really put any time into it but I will go back and carry on from where I stopped BUT I decided to start this Hacktoria that I’ve seen a couple of people on twitter do.
Thought I would start to brush off the CTF cobwebs and write up while I do it starting at the easy and then moving to the medium and hard.
What is Hacktoria?
Hacktoria offers a set of Capture the Flag style challenges, named “Contracts“. These are split by difficulty level and consist of different disciplines. Varying from OSINT to Security, Logical Thinking and others. Contracts come with their own storyline, which often ties into larger stories and characters that appear in several Contracts. All are free to play and require no registration.
Who makes all of this?
The Contracts, this website and other material are made by one person. It’s a hobby project, hope you enjoy my effort. The CTF Team and Community Projects are operated by various community members.
Features? What can I do here?
These are the official challenges found on our website. Each Contract leads to a unique Contract Card, which is also the end of the challenge. They’re free to play, require no registration and are available to anyone. To know more about the world of Hacktoria and our alien friend Klumgongyn, check our Story & Lore page.
- 24/7 Challenge
In our Discord server, there’s a challenge channel. The winner of each challenge makes the next challenge, and goes on the scoreboard.
- CTF Team
The Hacktoria CTF team competes in Capture the Flag events in various topics, they also train together. Anyone is free to apply for team membership. Just ask around in the chatroom in the Discord channel.
Sharing knowledge is essential. Therefor Hacktoria relies heaviliy on community members who make write-ups of how they solve Contracts. These help others learn and drive webtraffic to Hacktoria and back to the blog of the community member making the write-up.
- Economy System
Our Discord server has an economy system. You can gamble, work and do other tasks to earn virtual Hacktoria Coins. These can be used to buy Secret Agency Roleplay items. But also to purchase unique Contracts that only appear in Discord.
- Brand Intelligence
Since most of our community is heavily into OSINT, Hacktoria made a game out of finding mentions of Hacktoria on other websites. This includes the afromentioned write-ups, both your own and others. Community members receive Hacktoria Coins for finding this brand intelligence, which you can submit in the brand-intel channel in our Discord server.
- Discord Roles
Depending on your involvement with Hacktoria, several Discord roles are avilable. More clarification on these can be found on the Discord Roles page.
- Having fun
We have a welcoming community with people who all have different skills. Everyone is welcome to join and learn, have fun and build their own community projects. Don’t be shy, say hello.
So, a great place to wet the feet again in CTF and really does look a lot of fun.
Lost at Sea.
We get the intro text to tell us about out contract.
“Greetings Special Agent K. Yesterday at exactly 22:34 EET we lost contact with our surveillance ship “Narwhal”. A distress signal was sent out, right after this all communication was lost. The Narwhal was operating in the Black Sea, keeping an eye on Russian submarine and aerial activity.
Although she looks like a regular fishing trawler, the Narwhal, built in 2018, was outfitted with state of the art equipment. Housing a crew of 10, including a 4 PAX intervention unit of our best and brightest from the H.M.I.U (Hacktoria Maritime Intervention Unit).
Our allies in the British Royal Navy were kind enough to respond immediately. They were able to retrieve the Narwhals’ distress beacon. This is a device that automatically logs the last ten event, using the many sensors on board. This quick log entry is written to the SD card inside a waterproof tube, outfitted with a flotation device and GPS beacon. After the data is written, the beacon ejects and keeps afloat on the surface.
This prevents any signal delay from external antennas not being fast enough. Now, there’s a catch with this beacon. The log-file is written to an encrypted archive. The password for this log-file is set by the captain and communicated over encrypted channels, changing daily to prevent enemy forces capturing the correct code.
Somehow, the signal was lost right before the captain was able to relay the new password. This is human error, the password would normally be communicated right before being changed. This leaves us with our current situation. We don’t know the password, you’ll have to find a way to unlock the log-file.
This will give us insight into how the Narwhal sunk and allow us to begin the recovery. Given the hostile situation, it’s imperative we find the exact location of the Narwhal.
Instructions: Crack the password to open the ship logbook file (flagfile)”
So I downloaded the file to a Parrot VM that I set up specificity to use with Hacktoria lets see what we are working with.
We can see it is a file that is only 462 bytes.
After some thinking on what to do I decided to try both ‘john’ and ‘fcrackzip’ but given I have never used fcrackzip before and this is all a learning curve i decided to opt starting with it.
Deciding to use the rockme password list because nearly EVERY password cracking game/CTF use this list it seems.
I moved using CD do the download’s folder to make sure the flag file was there and it is.
Then used the following command:-
sudo fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt flagfile-lost-at-sea.zip
And let this run.
This ran for AGEEEEEEEEEEEEEEEEEEEEEEEES!!!
In the end it never worked, whether this is because I am doing it wrong or not I don’t know but I decided to move in to good old ‘John the Ripper’ (if I was doing something wrong please let me know so i can fix it).
The first step is to create a hash file of our password protected zip file. Use the
zip2john utility to generate one.
I ran the following and then checked to see if the file was there:- zip2john flagfile-lost-at-sea.zip > hash.txt
I wrote the following:- sudo john –wordlist=/usr/share/wordlists/rockyou.txt hash.txt
Lets see what happens.
This never worked either and after discussion with a friend who has worked through loads of Hacktoria content I took a different approach. He said “Don’t try to crack it with a wordlist, just use OSINT.”
Ok, so just use OSINT?
I analysed the intro text more and grabbed some keywords and dates.
First ones i grabbed to try were:-
- Black Sea
- Hacktoria Maritime Intervention Unit (HMIU)
I tried Narwhal first then Narwhal2018:-
And it worked with Narwhal2018.
So the MAIN thing i took out of this first CTF is not to over think things, try the obvious first as i could have saved myself about two and a half hours haha
What do you think, should I do more?
Anybody actually like reading this type of posts?
Also, I did go back and grep the rockyou.txt file to look for Narwhal2018 which is the password to see if it was actually there and I messed up john somehow but it wasn’t and I didn’t actually do anything wrong 🙂