Who Is Real?
This was a change of pace from what a lot of the CTF has been; lots of malware and deobfuscation. In this challenge we’re tasked with figuring out which faces are real and which have been AI generated.
Before starting the challenge, I familiarized myself with
https://whichfaceisreal.com/learn.html
It gave me good ideas of things to look for regarding teeth, glasses, earrings, other faces in photos, etc.
Eventually, I was able to get 5 right in a row.
Operation Eradication
Let’s take a look at the configuration file.
This looks like a config file for rclone.
Using this information, and the url provided from the challenge, we can update our rclone config file.
Now using rclone we can connect to the remote location and hopefully start deleting these ‘sensitive’ files. If only it were so easy.
I was able to get a directory listing, so I knew that my credentials were successfully connecting.
I was all over the command options at https://rclone.org. Every DELETE or SYNC operation I could think of was failing.
At my wit’s end I pinged a friend who suggested trying to overwrite the files with a 0 bit file. If successful the files would still be there, but the content gone – so essentially, they’d be safe again.
Using the file listing from the server, I wrote a PowerShell script that would touch, or create a 0 byte file, locally for each file names.
Next the script would run the rclone copy command to copy the local 0 byte files to the network location.
I run the PowerShell script and then return to the webpage and refresh…
DOH! There was a typo in one line of the script. I’ll re-run the file listing command again. All but one file have the 0 byte file size.
Run the copy command one more time to take care of our errant file and…
Success!
Use the tag #HuntressCTF on BakerStreetForensics.com to see all related posts and solutions for the 2023 Huntress CTF.
Baker Street Forensics 