{"id":16735,"date":"2016-08-11T10:00:53","date_gmt":"2016-08-11T17:00:53","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=16735"},"modified":"2016-08-11T08:30:24","modified_gmt":"2016-08-11T15:30:24","slug":"labyrenth-capture-the-flag-ctf-hints","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2016\/08\/labyrenth-capture-the-flag-ctf-hints\/","title":{"rendered":"LabyREnth Capture the Flag (CTF) Hints"},"content":{"rendered":"<p><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1.png\"><div style=\"max-width:100%\" data-width=\"500\"><span class=\"ar-custom\" style=\"padding-bottom:43.2%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-large wp-image-14841 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1-500x216.png\" alt=\"Unit 42 CTF 1\" width=\"500\" height=\"216\" srcset=\"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1-500x216.png 500w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1-230x100.png 230w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1-768x332.png 768w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1-510x221.png 510w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1-92x40.png 92w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/06\/Unit-42-CTF-1.png 834w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/span><\/div><\/a><\/p>\n<p>The <a href=\"http:\/\/labyrenth.com\/\" rel=\"nofollow,noopener\"  target=\"_blank\">LabyREnth<\/a> capture the flag challenge is only open for four more days, but you still have a chance to participate. To help you get started, or move on to the next challenge, our threat research team put together a number of (sometimes cryptic) hints. Whether you\u2019ve been stuck on a challenge and want to move on to the next one, or want to jump in during the final stretch, look no further:<\/p>\n<p><!--more--><\/p>\n<h3>Windows 1:<\/h3>\n<p>Watch out for those debugging checks, these XORs aren\u2019t too hard\u2026<\/p>\n<h3>Windows 4:<\/h3>\n<p>Try harder, with a vengeance! \u2026 Or a napkin! \u2026 Or a brute forcer!<\/p>\n<h3>Unix 1:<\/h3>\n<p>How many levels deep does it go?!?! I\u2019d say script it, or maybe bash one liner if you\u2019re extra cool\u2026<\/p>\n<h3>Unix 2:<\/h3>\n<p>The Program only does one thing, HTTP request and print. Figure out how that HTTP request works\u2026<\/p>\n<h3>Docs 1:<\/h3>\n<p>Use the URL for hints on how to decode part of the URL this naughty macro attempts to download from. \u00a0Could be base64 and XOR \ud83d\ude09<\/p>\n<h3>Docs 4:<\/h3>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/LabyREnth-Hints-1.png\"><div style=\"max-width:100%\" data-width=\"500\"><span class=\"ar-custom\" style=\"padding-bottom:81%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-large wp-image-16738 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/LabyREnth-Hints-1-500x405.png\" alt=\"LabyREnth Hints 1\" width=\"500\" height=\"405\" srcset=\"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/LabyREnth-Hints-1-500x405.png 500w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/LabyREnth-Hints-1-230x186.png 230w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/LabyREnth-Hints-1-370x300.png 370w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/LabyREnth-Hints-1-49x40.png 49w, https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2016\/08\/LabyREnth-Hints-1.png 602w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/span><\/div><\/a><\/p>\n<h3>Mobile 1:<\/h3>\n<p>That seems like a lot of bytes for a call\u2026what do you think RDX?<\/p>\n<h3>Mobile 3:<\/h3>\n<p>Decompile -&gt; Find -&gt; Replace -&gt; Profit<\/p>\n<h3>Threat 1:<\/h3>\n<p>sed -e 's\/\\&amp;L4bry1nth_.*\\?\/\/g'<\/p>\n<h3>Threat 2:<\/h3>\n<p>AAAAAAAAAAA!!!! Compression AAAAAAAAAAA!!!!<\/p>\n<h3>Random 1:<\/h3>\n<p>Give that environment variable a drink!<\/p>\n<h3>Random 3:<\/h3>\n<p>Step 1: SYN packet sequence numbers; Step 2: Embedded ZIP; Step 3: Profit!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The LabyREnth capture the flag challenge is only open for four more days, but you still have a chance to participate. To help you get started, or move on to the next &hellip;<\/p>\n","protected":false},"author":138,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[133],"tags":[2145,2142,586],"coauthors":[1312],"class_list":["post-16735","post","type-post","status-publish","format-standard","hentry","category-events","tag-ctf","tag-labyrenth","tag-unit-42"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/16735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/138"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=16735"}],"version-history":[{"count":5,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/16735\/revisions"}],"predecessor-version":[{"id":16756,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/16735\/revisions\/16756"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=16735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=16735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=16735"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=16735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}