Collaboration between Thomas Hegel and Greg Foss.
For Black Hat this year, Labs decided to try something new and put together a packet capture analysis challenge for the conference. The goal of the challenge was to find the secret launch codes for the fictional company, “Missiles R Us.”
Below, you will find the solution to the puzzle along with details on the Easter eggs hidden throughout.
The PCAP’s Distractions
- Mozilla FTP server browsing and various file downloading
- Streaming of this YouTube video
- Downloading the Dropbox application (not actually using it)
- Uploading of a .txt file containing useless assembly code to 4shared.com
- One post to pastebin.com with the base64 encoding string “so close, yet so far”
- Another pastebin.com post with the string “This is a test…hmmmm”
- Using telnet towel.blinklights.nl to play Star Wars over telnet
There was one last use of pastebin.com, in particular, to paste a large string of binary text. Following the encoding/decoding trend of the challenge, we must convert that binary to ASCII. Doing so will provide the following string:
Now we have some base64-encoded data! Decoding that, we get:
Getting closer! At this point, we now have a hex encoded string (&#xNN entities to be specific). As the final step, we decode this string to ASCII, and now have the following:
Secret Launch Code: 2g389a34!0297#
Hidden throughout the challenge were some Easter eggs. The first of which was basically hidden in plain-sight within a comment field at the bottom of the HTML on the first page.
Once you decode this, you are left with a Unicode string.
Which decodes to base64.
Which finally gives you a key…
key = 9ughgjw9241110x41
That, when entered into the scoreboard, does nothing. Its sole purpose is to throw challengers off and send them down a rabbit hole.
In addition to the red herring mentioned above, there was a hidden game that was available if keywords such as “LogRhythm” or “Labs” were entered in to the scoreboard.
Overall, we had a great turnout and want to thank everyone who participated in the game!
Until next year…