December 22, 2020

Dubai Police 2019 CTF Walkthrough

Application Security

Yehia Mamdouh awarded a "Certificate of Appreciation" by Dubai Police

CTF “Capture the flag” are competitions that allow hackers to test their skills to solve different kinds of challenges, and to be able to win the prize you have to capture the famous flag in every challenge. And we have seen many security companies who hire hackers that have really good skills in solving CTF challenges, which are required to stop current cyber threats. And yes, CTF’s are not cloning real environments but solving these challenges indicates, thinking out of the box, logical and critical thinking.

These challenges cover many areas such as web application, reverse engineer, network, crypto, forensics, steganography, etc. These challenges also are designed by hackers. I was one of the hackers assigned to design challenges for Dubai Police CTF, held every year in Dubai. I am going to walk through the challenges I have prepared for the CTF.

I have designed two steganography challenges and one assembly challenge. The first steganography challenge is a Hard level challenge, was a zipped file with a protected password, to be able to get the password you have to find out who said this quote “The Key: It can be easily reheated, in the microwave of evil!”

Which if we search in Google, we will find that (Megamind) character said that quote in Megamind animation movie. On extracting the file, you will find out an image (Common.jpg) and a flag inside the image.

Threat Intelligence from Dark Web may be used by organizations for:

To be able to find the hidden file inside this image we need to use (steghide) tool which is used to hide and extract data from images and audio files. The command to use is “steghide extract -sf Common.jpg” once you execute the command it will ask for a password and as we see in the image there are many words but all of that are just camouflage, “There is no password at all”

As we see we have extracted the flag from the image file: FLAG: We_are_l@mo_2019

The second steganography challenge is a Medium level challenge. I designed to hide a text inside an image JPG which is the flag

To be able to solve this challenge you need to play with image contrast and brightness and the best tool to use is (GIMP Image Editor) which can be downloaded for Windows, Linux, and Mac

As we can see, we have set the contrast and brightness till max and we get the Flag “We-Are-Lamo-20192”

The last challenge I have designed is Assembly Code which is a Medium level challenge.

As we see in the image, we have a lot of assembly instructions, the code can be complied but it will not give you the flag, the solution is based on review and understanding of assembly language.

As we see, we have dword ‘6b6f’ which “Hi” in Hex. We also have the “name db” “6869_Noob” which is ‘Ko_Noob” in Hex. And the last thing we have “msg db” which is a long string which I converted to Hex then the output I converted to base64, and to be able to solve this string you have to convert the string in reverse base64 then to HEX, which is (_you_on_the_right_way).

The Tricky part is, the ECX instruction is replaced from “6869” ‘Ko” to “6b6f” “Hi” so the final flag will be “hi_Noob_you_on_the_right_way”

In the end, I have got an appreciation certificate from Dubai Police for my contribution to design CTF challenges. My advice for beginners and students who want to learn cybersecurity is to participate in as many CTF competitions as possible which will raise your skills in solving computer security problems and to think out of the box.