Secret Service – CTF challenge GP August ’21

by Danni Leave Comment

The only challenge in the Web category "Secret Service" has a docker attached.

The Secret Service challenge.

After accessing the site 10.10.100.200:<port>, we see a website as shown in the image below.

The Secret Service Website.

According the text, we have to make some simple calculations to figure out which color to input in the form to receive the flag. Not thinking too much about it, just to see some interaction with the site, I provided the first listed color "Yellow" to the form and submitted. And just like that, a flag appeared on the screen.

Well that was almost too easy.. But away we go to the scoreboard to receive our staggering 100-thinkies to the point-raise. Sometimes it's okay if things is life are easy - but don't count on it too much.

When writing this writeup after the completion of the CTF, I wasn't that lucky. So why not - lets try actually solve this challenge in a repeatable manner.

The Secret Service is changing color every day and we have to calculate which specific color they will use on a particular day in the future. At every site-refresh/attempt in the formular the date in the future and all the colors are changing; That way we know, we need to calculate the correct color to input before trying/refreshing.

As shown in the image above, we need to calculate the color for the 195th day after today - in python we can make use of datetime and their timedelta-functionality to calculate the specific date. When we have that date, the year, month and date needs to be added together as simple numbers.
There is always listed 8 colors in a specific order (0-indexed), here we have ['White', 'Azure', 'Amber', 'Onyx', 'Silver', 'Magenta', 'Cerulean', 'Burgundy']. To calculate the correct color, we need to find the color where our date-number divided by the color-number has a modulus of 0. Knowing that there is always 8 colors, we can start by dividing our date-number by that and check if the modulus is 0 - if it is, we have our color, if not we substract 1 from the color to try the next. Having this in a while-loop in the python automatically runs through all the numbers/colors until we have the correct color.

In our example the 195th day from today, we have a 0 modulus on number 8 - meaning the correct color here would be "Burgundy". Below is the python-code I used to make these calculations. It is simple, quick and works flawlesly. If we really want to make it nicer, working with sessions to make a direct connection to the webpage, extract the required information's, make the calculation and sending a POST-request with the color to receive the flag would be the "cadillac-solution", but not required as seen here.

#!/usr/bin/env python3
from datetime import datetime, timedelta

today = datetime.today()
delta = timedelta(days=195)
date = today + delta
date = date.strftime('%Y-%m-%d')

converted = [int(n) for n in date.split('-')]
date_number = sum(converted)

color_num = 8
while color_num:
    if date_number % color_num == 0:
        print(color_num)
        break
    color_num -= 1

Providing the flag to the challenge, and we have another 100-points and has as well finished the "Web"-category.

FLAG

GPSCTF{952a1af38062c22b7187c97a52ac9bec}

Leave a Reply

Your email address will not be published. Required fields are marked *