Google CTF 2016: No Big Deal

Key Takeaways

hey what's going on everybody my name is John Hammond welcome to another uh Google capture the flag video WR up uh this one I want to show off is the no big deal challenge uh another simple one 50 points a lot of people solved it because again it's not that hard it just took a lot of wheelpower to actually like look through all that stuff prompt is sometimes the answer is immediately obvious sometimes it's obscured and find the answer in here which is just a PAB file so I have that downloaded we'll open it up right now once I navigate Unity Google uh what am I doing no big deal fire this up in wire shark because it's just a giant peap file once you extract it so I this this is a big file like I tried to run strings on it to see if there was anything like it would poke out and find but it took a long time for strings to actually finish because there's like so much stuff in here so I ended up just like poking through in wi shark trying to peruse through the packet see if I found anything interesting I try to export like information I try to export objects and data TCP looked like it had some stuff first couple of first couple of packets had like this Hint it looks like in the data where it says NBD magic again I'm assuming the whole no big deal thing I have opt I don't know what that is and I thought I saw export somewhere yeah export down here again I don't know if you can see this I'm sorry but um more stuff that I found was uh this NBD protocol which I thought earlier okay NBD no big deal that same hint NBD magic I felt like that might have been pretty interesting so I actually sorted through that in wi shark and BD and I found while I was looking through here again I was just perusing looking at the data because it looked like some of these had some pretty hefty packet like they had length and they had data that came with it so added that as a column if you don't know how to do that in wi shark what you can do you can right click on the on the columns you can go to column preferences and you can like add or remove anything you want in here you can set up a name for it determine what type it is and select like a source Port Source address other information you want to specify if it's not like in this giant list you can rightclick any part of like an actual uh frame or disassembled piece of information that wire Shar found later on like if you want to add data you could rightclick it and select apply as column and then it'll it'll get added up here so anyway some of the interesting things I found were in actually this packet right here packet 76 and uh I was honestly just perusing through the data section I was like scrolling down through a lot of these just trying to find out what it had and in this one I just I might have got lucky I don't know but this string like this q1r G blah blah blah that looked very out of place cuz you know you get a certain eye for like base 64 encoded stuff and this just looked like a base 64 encoded string to me so I actually just stole it I like copied it out let's see if I can manage to copy it out this time I had some struggle I literally had some trouble trying to find like copy this okay copy value cool and now I'll get in Sublime Text okay that's not what I wanted let's copy the hex and hasky dump as principal Text Okay cool so yeah now we have the Bas 64 string just kind of chilling out what I can do is we can take that and try and base 6040 code it decode and there it is that was the flag there's a just hunting around this giant peap finding that Bas 64 string and then decoding it the flag was better FS better better files I don't know better better than yours whatever I don't care we got our flag but that was just painful to be like hunting through this and to have so little reward but whatever it was it was a simple thing it was just a matter of like looking through you know 96,000 97,000 packets you didn't have to do that and that's why like I said I picked out out that NBD protocol and I think that narrowed the search down to what 61 that's that's not a big deal and again I just found mine on like packet 76 so just a matter of hunting I guess and I don't know being willing to keep looking for stuff and just having an eye for the base 64 encoded strings that's pretty much it though that's your flag uh I'm not going to try and put together a script as to scrape that out because I couldn't particularly scrape out any of the data out of that P cap regardless but thanks for watching guys hope you enjoyed this again no big deal only 50 points whatever see you later