Go to first unread
Back
to top
CyberStart Assess (FastTrack USA) Challenge 14
Watch this thread
Chancelosaurus
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#1
The question is about Challenge 14 - Secret Lottery. I don't know what file extension I should use for the loop file. Opened as a .txt, it gives me a bunch of gobbledygook. Within that, though, is some readable text that makes me believe it is some C-like language. Particularly, I found this:
Looks like we're starting again!
We're at number: %d
Press Enter to Continue
Flag: %s
I don't know what I need to actually do, though. A hint would be greatly appreciated.
Looks like we're starting again!
We're at number: %d
Press Enter to Continue
Flag: %s
I don't know what I need to actually do, though. A hint would be greatly appreciated.
Last edited by Chancelosaurus; 3 years ago
0
reply
baldingopossum
Badges:
5
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#2
timmmmmmmy
Badges:
3
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#3
baldingopossum
Badges:
5
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#4
Chancelosaurus
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#5
(Original post by baldingopossum)
I hate to bother you but could you point me in the right direction on 12?
I hate to bother you but could you point me in the right direction on 12?
0
reply
baldingopossum
Badges:
5
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#6
Report
#6
That's the one. I'm pulling my hair out...I know it has to be simple.
(Original post by Chancelosaurus)
By Challenge 12, do you mean The Final Countdown? (want to make sure)
By Challenge 12, do you mean The Final Countdown? (want to make sure)
0
reply
Chancelosaurus
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#7
(Original post by baldingopossum)
That's the one. I'm pulling my hair out...I know it has to be simple.
That's the one. I'm pulling my hair out...I know it has to be simple.
(1) for each of the first five links read the html text content of each website (that is to say, read the three character "code" for each),
(2) concatenate the five parts together in order (first website part + second website part + ...),
(3) append the resulting 15 character "code" to the validation url in the place of the string "<clock pts>", and
(4) read the html text content of the website with the derived url.
Your program should return at the end a flag. Mine was a color and then a flower. I think that's the general theme, anyway...
Be sure to run the program just after the clock starts over at 10 or 9 or so. You don't want to run it too late, or your parts could get mixed up. Let me know if this helped.
1
reply
Maxus
Badges:
1
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#8
Report
#8
So how do I get started on this one? I've been looking but can't find chmod and I'm not sure how to even get started on this.
0
reply
Chancelosaurus
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#9
(Original post by Maxus)
So how do I get started on this one? I've been looking but can't find chmod and I'm not sure how to even get started on this.
So how do I get started on this one? I've been looking but can't find chmod and I'm not sure how to even get started on this.
0
reply
Maxus
Badges:
1
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#10
Report
#10
As this is the first I have heard of this, and since I am running Windows, where do I go to use the attrib command to do this problem?
(Original post by Chancelosaurus)
chmod is a Linux command that can be entered in the command line interface in order to change a file's permissions, or "change its mode." The Windows equivalent to chmod is the command attrib, which is short for attribute.
chmod is a Linux command that can be entered in the command line interface in order to change a file's permissions, or "change its mode." The Windows equivalent to chmod is the command attrib, which is short for attribute.
0
reply
baldingopossum
Badges:
5
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#11
Report
#11
Also worth noting that after I made the file executable and ran with ./ it just keeps looping. i.e. "Press enter to continue (new number) Press enter to continue (new number). I can't figure out if I need to script something to run it differently or figure out how to break it.
2
reply
Chancelosaurus
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#12
(Original post by baldingopossum)
Also worth noting that after I made the file executable and ran with ./ it just keeps looping. i.e. "Press enter to continue (new number) Press enter to continue (new number). I can't figure out if I need to script something to run it differently or figure out how to break it.
Also worth noting that after I made the file executable and ran with ./ it just keeps looping. i.e. "Press enter to continue (new number) Press enter to continue (new number). I can't figure out if I need to script something to run it differently or figure out how to break it.
[[email protected] ~]# ls
dos hello.c
[[email protected] ~]# ls
dos hello.c loop
[[email protected] ~]# chmod +x loop
[[email protected] ~]# ls
dos hello.c loop
[[email protected] ~]# ./loop
sh: ./loop: not found
It won't execute the loop file. It claims that it can't find it, though I can clearly see that the change in permissions *did* occur (the command line interface is color-coded). I've tried using different extensions, commands, the whole works.
Why is it not executing as it should?
(By the way, I'm using JSLinux to simlulate a Linux command line interface because I'm working with Windows.)
0
reply
yepperoni
Badges:
3
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#13
Report
#13
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.
I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.
There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.
If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.
I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.
There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.
If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.
I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
Last edited by yepperoni; 3 years ago
1
reply
Chancelosaurus
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#14
(Original post by yepperoni)
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.
I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.
There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.
If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.
I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.
I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.
There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.
If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.
I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
0
reply
Chancelosaurus
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#15
(Original post by Maxus)
As this is the first I have heard of this, and since I am running Windows, where do I go to use the attrib command to do this problem?
As this is the first I have heard of this, and since I am running Windows, where do I go to use the attrib command to do this problem?
0
reply
Maxus
Badges:
1
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#16
Report
#16
I had tried that and could not get it to work, I have since started with VM and have gotten slightly further, I still can't find the flag code though in the binary set up that is this ELF file
(Original post by Chancelosaurus)
You'll want to look for the Windows icon at the bottom-left of your screI en. Right-click it. You'll see a list pop-up with "Command Prompt" and maybe "Command Prompt (Admin)" as options. Select "Command Prompt". The command line interface will popup. A useful command you could enter is "help"; without the quotation marks, that is.
You'll want to look for the Windows icon at the bottom-left of your screI en. Right-click it. You'll see a list pop-up with "Command Prompt" and maybe "Command Prompt (Admin)" as options. Select "Command Prompt". The command line interface will popup. A useful command you could enter is "help"; without the quotation marks, that is.
0
reply
Cyb3rMan
Badges:
6
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#17
Report
#17
I think you're on the right track I did the same thing (used radare2 and gdb to reverse engineer). I wish there was a way to view the code in a more readable language. Let me know if you get any further.
Also, I read the same thing about the requirements for CyberAssess. Challenges 14/15 are definitely outliers. But, I do not see an obvious solution to these 2 challenges.
Good luck friend.
Also, I read the same thing about the requirements for CyberAssess. Challenges 14/15 are definitely outliers. But, I do not see an obvious solution to these 2 challenges.
Good luck friend.
(Original post by yepperoni)
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.
I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.
There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.
If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.
I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.
I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.
There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.
If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.
I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
2
reply
SleepyGuard
Badges:
5
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#18
Report
#18
Has anyone had any luck with this one? I managed all the others, but this one is driving me nuts. I was able to execute the program by using a 32-bit version of Linux in VM, after changing it with chmod, but I'm stuck now. Nothing I do seems to affect it, it just gets stuck in the infinite loop. Anyone have ideas?
0
reply
baldingopossum
Badges:
5
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#19
SleepyGuard
Badges:
5
Rep:
?
You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#20
Report
#20
I tweeted at and emailed Cyberstart about problem 14 last night, detailing the issue. Twitter account said contact the support email. Support email hasn't responded yet. Twitter account says they're busy with the "Girls Go CyberStart" finishing. Not super impressed with the support here, this should a pretty simple error if the file wasn't meant to be like it is.
0
reply
X
Quick Reply
