CyberStart Assess (FastTrack USA) Challenge 14

Watch this thread
Chancelosaurus
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#1
Report Thread starter 3 years ago
#1
The question is about Challenge 14 - Secret Lottery. I don't know what file extension I should use for the loop file. Opened as a .txt, it gives me a bunch of gobbledygook. Within that, though, is some readable text that makes me believe it is some C-like language. Particularly, I found this:

Looks like we're starting again!
We're at number: %d
Press Enter to Continue
Flag: %s

I don't know what I need to actually do, though. A hint would be greatly appreciated.
Last edited by Chancelosaurus; 3 years ago
0
reply
baldingopossum
Badges: 5
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#2
Report 3 years ago
#2
Were you ever able to get anywhere with this challenge?
0
reply
timmmmmmmy
Badges: 3
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#3
Report 3 years ago
#3
Make it executable with chmod xThen run it with ./loopWorked for me...
2
reply
baldingopossum
Badges: 5
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#4
Report 3 years ago
#4
I hate to bother you but could you point me in the right direction on 12?
0
reply
Chancelosaurus
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#5
Report Thread starter 3 years ago
#5
(Original post by baldingopossum)
I hate to bother you but could you point me in the right direction on 12?
By Challenge 12, do you mean The Final Countdown? (want to make sure)
0
reply
baldingopossum
Badges: 5
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#6
Report 3 years ago
#6
That's the one. I'm pulling my hair out...I know it has to be simple.
(Original post by Chancelosaurus)
By Challenge 12, do you mean The Final Countdown? (want to make sure)
0
reply
Chancelosaurus
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#7
Report Thread starter 3 years ago
#7
(Original post by baldingopossum)
That's the one. I'm pulling my hair out...I know it has to be simple.
You'll want to write a Python program to:
(1) for each of the first five links read the html text content of each website (that is to say, read the three character "code" for each),
(2) concatenate the five parts together in order (first website part + second website part + ...),
(3) append the resulting 15 character "code" to the validation url in the place of the string "<clock pts>", and
(4) read the html text content of the website with the derived url.

Your program should return at the end a flag. Mine was a color and then a flower. I think that's the general theme, anyway...

Be sure to run the program just after the clock starts over at 10 or 9 or so. You don't want to run it too late, or your parts could get mixed up. Let me know if this helped.
1
reply
Maxus
Badges: 1
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#8
Report 3 years ago
#8
So how do I get started on this one? I've been looking but can't find chmod and I'm not sure how to even get started on this.
0
reply
Chancelosaurus
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#9
Report Thread starter 3 years ago
#9
(Original post by Maxus)
So how do I get started on this one? I've been looking but can't find chmod and I'm not sure how to even get started on this.
chmod is a Linux command that can be entered in the command line interface in order to change a file's permissions, or "change its mode." The Windows equivalent to chmod is the command attrib, which is short for attribute.
0
reply
Maxus
Badges: 1
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#10
Report 3 years ago
#10
As this is the first I have heard of this, and since I am running Windows, where do I go to use the attrib command to do this problem?
(Original post by Chancelosaurus)
chmod is a Linux command that can be entered in the command line interface in order to change a file's permissions, or "change its mode." The Windows equivalent to chmod is the command attrib, which is short for attribute.
0
reply
baldingopossum
Badges: 5
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#11
Report 3 years ago
#11
Also worth noting that after I made the file executable and ran with ./ it just keeps looping. i.e. "Press enter to continue (new number) Press enter to continue (new number). I can't figure out if I need to script something to run it differently or figure out how to break it.
2
reply
Chancelosaurus
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#12
Report Thread starter 3 years ago
#12
(Original post by baldingopossum)
Also worth noting that after I made the file executable and ran with ./ it just keeps looping. i.e. "Press enter to continue (new number) Press enter to continue (new number). I can't figure out if I need to script something to run it differently or figure out how to break it.
I keep running into the following problem:

[[email protected] ~]# ls
dos hello.c
[[email protected] ~]# ls
dos hello.c loop
[[email protected] ~]# chmod +x loop
[[email protected] ~]# ls
dos hello.c loop
[[email protected] ~]# ./loop
sh: ./loop: not found

It won't execute the loop file. It claims that it can't find it, though I can clearly see that the change in permissions *did* occur (the command line interface is color-coded). I've tried using different extensions, commands, the whole works.

Why is it not executing as it should?

(By the way, I'm using JSLinux to simlulate a Linux command line interface because I'm working with Windows.)
0
reply
yepperoni
Badges: 3
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#13
Report 3 years ago
#13
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.

I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.

There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.

If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.

I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
Last edited by yepperoni; 3 years ago
1
reply
Chancelosaurus
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#14
Report Thread starter 3 years ago
#14
(Original post by yepperoni)
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.

I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.

There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.

If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.

I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
Perhaps it is the case that there is an issue with this challenge as there was with one of the previous challenges.
0
reply
Chancelosaurus
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#15
Report Thread starter 3 years ago
#15
(Original post by Maxus)
As this is the first I have heard of this, and since I am running Windows, where do I go to use the attrib command to do this problem?
You'll want to look for the Windows icon at the bottom-left of your screen. Right-click it. You'll see a list pop-up with "Command Prompt" and maybe "Command Prompt (Admin)" as options. Select "Command Prompt". The command line interface will popup. A useful command you could enter is "help"; without the quotation marks, that is.
0
reply
Maxus
Badges: 1
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#16
Report 3 years ago
#16
I had tried that and could not get it to work, I have since started with VM and have gotten slightly further, I still can't find the flag code though in the binary set up that is this ELF file
(Original post by Chancelosaurus)
You'll want to look for the Windows icon at the bottom-left of your screI en. Right-click it. You'll see a list pop-up with "Command Prompt" and maybe "Command Prompt (Admin)" as options. Select "Command Prompt". The command line interface will popup. A useful command you could enter is "help"; without the quotation marks, that is.
0
reply
Cyb3rMan
Badges: 6
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#17
Report 3 years ago
#17
I think you're on the right track I did the same thing (used radare2 and gdb to reverse engineer). I wish there was a way to view the code in a more readable language. Let me know if you get any further.

Also, I read the same thing about the requirements for CyberAssess. Challenges 14/15 are definitely outliers. But, I do not see an obvious solution to these 2 challenges.

Good luck friend.
(Original post by yepperoni)
I guess I'm not the only one stuck on this last problem. The loop file is a 32-bit Linux executable program which does not run on my Mac nor will it run in Windows. I had to create a VM using an old 32-bit version of Ubuntu to get it to run properly as the latest version is only 64-bit. When you chmod +x the file and run it with ./loop, it gets stuck in what appears to be an infinite loop counter starting at 0.

I've used a few simple tools to mess around with the memory, such as making the counter variable 2147483648 which is the max for a 32-bit int. There is code to detect when it's about to overflow and resets it to 0 again, which is where the "Looks like we're starting again!" message appears.

There are methods to patch and overwrite the code in the program using things like debuggers and binary analysis tools, but the binary is "stripped" which would make this extremely difficult compared to all of the previous challenges.

If anyone from the SANS Institute is reading this, the official system requirements on the homepage for CyberStart Assess (FastTrack) say you can do all of Assess with just a Chromebook, internet, and a browser. I find it hard to believe this organization would make you download a VM and manually debug a program in assembly after having all web-based challenges previously.

I'm guessing there's some "obvious" method to break the program to make it jump to the portion that spits out the flag code, but so far I haven't found it.
2
reply
SleepyGuard
Badges: 5
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#18
Report 3 years ago
#18
Has anyone had any luck with this one? I managed all the others, but this one is driving me nuts. I was able to execute the program by using a 32-bit version of Linux in VM, after changing it with chmod, but I'm stuck now. Nothing I do seems to affect it, it just gets stuck in the infinite loop. Anyone have ideas?
0
reply
baldingopossum
Badges: 5
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#19
Report 3 years ago
#19
I'm still fiddling with it. I can't get it to reach the flag...
0
reply
SleepyGuard
Badges: 5
Rep:
? You'll earn badges for being active around the site. Rep gems come when your posts are rated by other community members.
#20
Report 3 years ago
#20
I tweeted at and emailed Cyberstart about problem 14 last night, detailing the issue. Twitter account said contact the support email. Support email hasn't responded yet. Twitter account says they're busy with the "Girls Go CyberStart" finishing. Not super impressed with the support here, this should a pretty simple error if the file wasn't meant to be like it is.
0
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Back
to top
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

How did your AQA A-level Psychology Paper 1 go?

Loved the paper - Feeling positive (277)
41.78%
The paper was reasonable (276)
41.63%
Not feeling great about that exam... (60)
9.05%
It was TERRIBLE (50)
7.54%

Watched Threads

View All