🌐 Some Assembly Required 2

A detailed write-up of the Web challenge 'Some Assembly Required 2' from PicoCTF - 2021

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/PicoGym/PicoCTF-2021/Web

01/03/2025 418 words 2 minutes

Contents

/images/PicoGym/PicoCTF-2021/SomeAssemblyRequired2/challenge_presentation.png — Challenge Presentation

📊 Challenge Overview

Category Details Additional Info

🏆 Event PicoGym Event Link

🔰 Category Web 🌐

💎 Points 500 Out of 500 total

⭐ Difficulty 🟡 Medium Personal Rating: 1/10

👤 Author Sears Schulz Profile

🎮 Solves (At the time of flag submission) 7.544 solve rate

📅 Date 21-02-2025 PicoGym

🦾 Solved By mH4ck3r0n3 Team:

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points	500	Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: 1/10
👤 Author	Sears Schulz	Profile
🎮 Solves (At the time of flag submission)	7.544	solve rate
📅 Date	21-02-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

http://mercury.picoctf.net:53929/index.html

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

Site Presentation

I immediately opened the network section of ChromeDevTools, given the previous challenge Some Assembly Required 1. I quickly found the WASM file named aD8SvhyVkb, and the first thing I did was download it and run strings on it, just like I did for the first challenge in this series of three challenges:

Strings

The last string immediately caught my attention, and I suspected it might be the flag, possibly encoded. So, let’s proceed with the exploitation phase.

🔬 Vulnerability Analysis

Potential Vulnerabilities

XOR Encryption Weakness

🎯 Solution Path

Exploitation Steps

Initial setup

Having obtained the flag string, we can now proceed with the exploitation phase and decoding.

Exploitation

To analyze it, the first thing I did was insert it into CyberChef using the Magic filter with Intense Mode enabled, which successfully revealed the valid flag. As we can see from the next CyberChef screenshot, the encoding was simply done using an XOR operation with the character 8.

Flag capture

Manual Flag

🛠️ Exploitation Process

Approach

The automatic exploit downloads the wasm file from the server, then uses subprocess to execute strings on the downloaded file. It then extracts the last string from the output, removing the + character at the beginning. Finally, it applies an XOR operation with the character 8 and prints the flag.

Exploit

🚩 Flag Capture

Flag

Proof of Execution

Automated Flag

Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose

Python Exploit

Strings Static Analysis

CyberChef Decoding

Tool	Purpose
Python	Exploit
Strings	Static Analysis
CyberChef	Decoding

💡 Key Learnings

Time Optimization

When we have an encoded string, always try using the Magic filter and Intensive Mode in CyberChef.

Skills Improved

Binary Exploitation

Reverse Engineering

Web Exploitation

Cryptography

Forensics

OSINT

Miscellaneous

📚 References & Resources

[!info]+ Additional Information

Similar Challenges

Some Assembly Required 1

Learning Resources

https://it.wikipedia.org/wiki/Disgiunzione_esclusiva

📊 Final Statistics

Metric	Value	Notes
Time to Solve	00:02	From start to flag
Global Ranking (At the time of flag submission)		Challenge ranking
Points Earned	500	Team contribution

Created: 21-02-2025 • Last Modified: 21-02-2025 *Author: mH4ck3r0n3 • Team: *