27
Jan
2012

MozillaCTF 2012 – Hail Atlantian

“Deep beneath the Kritiko Pelagos lie the ruins of lost Atlantis… one who wrote this challenge will reward those who hail from his fair city!”

Challenge 9 was more about cryptic words and smart searching, than about technology. We first thought that we had to work with the Kritiko Pelagos location. Since it was a promotion for a mobile web browser, we figured we might get lucky if we used a mobile browsing device with the (fake) GPS locations for the little bit of sea outside Santorini Island. This did not when just browsing the site, but it took us a long time to find that out, since the server platform was constantly unavailable. We then re-examined the original challenge text and came up with the idea that Yvan Boily, who wrote it, might be referring to his own home town. After some frantic web searches on duckduckgo, we discovered he lived either in, or very near Vancouver Canada. Setting GPS locations to somewhere in Vancouver did not give us the results we hoped for either. We then decided they might actually wanted us to use the exact GPS locations for the Mozilla office building in Vancouver. Again, no success with just a plain visit of the home page.

We then decided that creating an account on the web site where we would fill in our location manually in the register/boost section as either Kritiko Pelagos, Santorini Island or Vancouver would possibly work. It still took us over an hour to get a successful entrance in for all three. Of course, Murhphy was hard at work and our last attempt, Vancouver, finally yielded us with the flag:

“Welcome, fellow Atlantean!”

Afterwards, we learned via IRC that if we would have registered for the boost while browsing with GPS location Vancouver, it would work as well, but we gave up browsing around and trying things on the overloaded server before we got there. Also, examining the source, would have given us a http POST form https://ocean.mozillactf.org/en-US/m/boost1 where we could have filled in the GPS locations of Vancouver. All three solutions should work. Obviously, more experienced team members working on this challenge and a better working server would have yielded results much faster.