CTF Writeup: LA CTF 2023

This weekend I participated in LA CTF 2023, which went on between 11 Feb. 2023, 04:00 UTC — 12 Feb. 2023, 22:00 UTC.

This blog post contains the writeups for the challenges I solved.

Table of Contents

• Misc: CATS!
• Misc: EBE
• Misc: hike to where?

Misc: CATS!

The challenge is the following,

We are given an image called CATS.jpeg ,

As this was a .jpeg file, I assumed it might contain some location metadata. I went to PIC2MAP to check the EXIF data.

The address was
Kaupili Road, Maui County, Hawaii, 96763, United States . I looked that address up on Google,

The Google search results showed Lanai Cat Sanctuary . I searched Lanai Cat Sanctuary to find the official site.

The flag is the domain of the official website,

Therefore the flag is,

lactf{lanaicatsanctuary.org}

Misc: EBE

The challenge is the following,

We are given a PCAP file that contains UDP packets,

Following the UDP stream showed a bunch of characters,

The challenge says it “sent extra bytes” and “abided by RFC 3514”. The UDP stream contains unwanted characters, so our task here is to remove them and get the flag.

I checked the packets’ flags. For example, Packet 1 had Reserved Bit: Set .

Packet 5 had Reserved Bit: Not Set .

Some packets had Reserved Bit: Set , while some had Reserved Bit: Not Set. This bit is associated with the “Evil Bit”.

The packets that we want should have Reserved Bit: Not Set , so I applied the filter ip.flags.rb == 0 .

The UDP stream for the packets with Reserved Bit: Not Set showed the following,

Therefore, the flag is,

lactf{3V1L_817_3xf1l7R4710N_4_7H3_W1N_51D43c8000034d0c}

Misc: hike to where?

The challenge is the following,

We are given an image called picture.jpg , which showed the following,

I first checked PIC2MAP for the EXIF data, but no location data was found in the image. There were also no relevant images found via reverse image search.

I noticed that this person was wearing a “Computer Science, ACM at UCLA” T-shirt. I assumed that this picture might be from an ACM at UCLA field trip, so I decided to do some OSINT research on acm at UCLA.

I started off with ACM at UCLA’s Facebook page.

I looked through the Photos,

After scrolling down for a while, I found the person in the picture. I tried looking for his name so I can do more OSINT research.

I found his name in one of the pictures, which was Carey Nachenberg .

I did some Google searches on Carey Nachenberg ,

I looked through his Official website, but couldn’t find a picture of him hiking in his ACM at UCLA shirt.

So I did another Google search with the search query Carey Nachenberg hike acm .

I found an Instagram page called Peaks & Professors at UCLA.

I found a picture of him hiking in his “ACM at UCLA” T-shirt,

The picture description contained the location name, which was Skull Rock .

Therefore, the flag is,

lactf{skull_rock}