ASIS CTF Finals 2017 – Dig Dug

In this post we wanted to share our solution to the ASIS CTF Finals 2017 Dig Dug challenge. Below is the challenge we were faced with:

Seeing that this was a web challenge we simple clicked on the link and immediately we were redirected to an obscure web page.

Can you dig it?!

Noticing the less than obvious clue on the page and being familiar with the dig command from our analyst days we immediately went to the terminal and issued the dig command against the site dibx.asisctf.com running a reverse lookup on the IP address.

The reverse lookup with dig uncovered the hostname airplane.asisctf.com. Browsing to that site we were once again faced with another obscure webpage with some interesting clues to take things offline and “Enable Airplane Mode” 😀

We decided to take a quick look at the source code of the webpage and the given links and files hosted on the site and came across the file js.js, viewing this file we notice a very large variable with hex data.

Taking the advice of the website admin to take offline, we downloaded the website using wget to recursively download all files from the website.

Once we had all files downloaded, having a hunch that the js.js file had something interesting for us we focused our efforts on decoding that variable and created a simple page to get the results we needed.

Finally we had our simple html page created with the long variable that we had discovered from js.js file, but once again given a very strange result.

 

We figured that at this point the trolling was about over and since this was a web warmup decided to search for “ASIS” throughout the page. The results of the search were rewarding 😀

We ended up finding the flag within the page.  “ASIS{_just_Go_Offline_When_you_want_to_be_creative_!}”

Overall the ASIS CTF was a blast and we hope to join many more!