So, here’s my favorite flag from our most recent EnRichMinds CTF, and a clear example of ‘haxors gonna hack.’ Since we cover core linux concepts in some of our labs, we wanted to include some linuxy-type stuff, but fun it up and get the students thinking a bit about how sometimes it’s important to see things in a particular order. One of my cohorts (Josh) and I came up with an idea for a flag based on listing out the contents of a directory. Our original intent was that performing a ‘ls -ltr’ would list out the flag in the file name or the contents. Josh came up with a better idea. . . spell out the flag in ASCII art. Awesome idea!
Here’s how we thought the haxors would go about solving the flag:
1) Do an ‘ls’ and get this:
2) Do an ‘ls -l’ and get this:
3) Look at the timestamps, maybe think a little on the problem, or use the hint we gave them, and finally do an ‘ls -ltr’ to get this:
Yes. Literally the word “FLAG” was the flag.
Of course, the students did not solve the flag as we hoped they would (silly haxors). Instead of using the ‘ls -ltr’ command as intended, they simply did an ‘ls -l,’ copy-pasted the output into notepad, and rearranged until the FLAG revealed itself. Either way, this was easily one of my favorite flags. Now to think up some ideas on how to make it better, and less ‘hackable.’ Maybe multiple lines? Maybe turn the word sideways?
Got any ideas for awesome simple flags like this? I’d love to hear ’em @billy_macco