Bearcat CTF 2025
Last updated
Last updated
Hey, fellow hackers! 🏴☠️
Today, I’m dropping a writeup for the Bearcat CTF 2025 challenges!️. I teamed up with my squad, P4rad0x. Let’s jump straight into the action! 🚀
At first glance, it looks like a boring old login page to me. But, there’s always something more beneath the surface. Let’s break it down!
The challenge presents us with a simple login page asking for a username and password. My first instinct? I decided to peek at the page source
and found something very interesting—a JavaScript script handling authentication!
Now, what’s happening here?
The script takes the password entered by the user.
It hashes the password using SHA-256.
It compares the hashed value with a hardcoded hash.
If it matches, it redirects the user to a new page.
Key takeaway: The password isn't checked on the server
The script reveals the secret redirect location:
Visit the URL, the admin page was wide open, and sitting right there was our flag:
BCCTF{T1ck3t_t0_0wn3rsh1p!}
In this challenge, A Python script, it is a simple flag checking program.
In that the ciphertext, key and the encoder function is given, Let’s break it down step by step!
In this Python script, it does the following:
Takes user input (a string).
Encodes it using a function called encoder().
Compares the encoded result to a hardcoded ciphertext.
If they match, it prints "YAY you found the cat!", otherwise, it denies us.
Here’s the important part—the encoder function:
It’s basically modifying each character of the input based on the key "THECAT", then encoding it in base64.
Since I don’t know the original input that produced the given ciphertext, I need to reverse the encoding process.
Looking at the logic:
Each character in the input string is shifted using (ord(input[i]) + ord(key[i % len(key)])) % 256.
To undo it, we just reverse the shift:
BCCTF{D1d_y0U_h4v3_a_G0ud4_T1m3}
In this challenge, I am going to do a simple reverse engineering.
I am given an ELF executable file. This file prompts for user input and checks if it matches a hidden flag.
To peek inside, I uploaded the binary into Ghidra—a powerful tool for reverse engineering. I navigated to the main function, and guess what❓
There were a bunch of interesting lines dealing with variables and a mysterious XOR function!
XOR is a common trick used to encrypt and decrypt data. The program had a set of encrypted values, and it used a key to XOR them back into the original flag.
Here's how it worked:
The program stored some values in variables.
These values were passed into the XOR function along with a key (0x37333331).
The function returned the decrypted result, which was then compared with user input.
I found these values in the program:
Using Python’s struct module, I wrote a simple script to change the format to little endian.
This gave me the properly formatted encrypted flag. Using CyberChef’s XOR operation with the key 1337, I decrypted the hidden message.
BCCTF{7H47_w4snt_s0_H4rD}
The challenge, "What You See", gave me just a simple image file.
First things first, I ran the usual checks:
🛠 exiftool – Nothing suspicious in the metadata.
🛠 file command – Just a regular JPG file.
Hmm… no easy giveaways. Time to dig deeper!
Since the challenge hints were "Inspect, Extract, Reveal", I tried 🛠 StegSolve, a tool that used to analyze images in different planes by taking off bits of the image.
After sometime, Setting it to "Red Plane 6", I saw a hidden message in the image:
📝'the password is "ctf"'
Now, we had a password—but for what? 🤔
Knowing the file might contain embedded data, I turned to 🛠 StegHide, a steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven.
It asked for a password. I entered "ctf", and a hidden file popped out! 🎉
Inside the file "secret-text", there it was—the flag! 🏁
BCCTF{w34k_s4uc3_4_u}
This one had me seeing triple—literally! The challenge, "Seeing Triple", dropped a text file on us that looked like a wall of 3’s.
At first glance, the file was packed with endless 3’s and a few other numbers sprinkled in. The challenge name hinted at threes everywhere, so my first move was to remove all the 3’s.
❌ Bad idea. That left me with nothing useful.
Hmm… maybe the 3’s weren’t just noise? 🤔
Instead of removing all the 3’s, I looked for a pattern. Turns out, "3333333" (a long chain of 3’s) was acting as a separator!
By removing those big clusters before each different number, I was left with:
This looked a LOT like hex!. I used the xxd command to convert back into Ascii and 🎉 Boom! The flag!
BCCTF{Its_Jus#_H3x}
Here I was given a KML file, which is a geographic data file used by applications like Google Earth. Naturally, my first step was to upload it into Google Earth and see where it led me.
Once opened, the file pointed to a specific spot—the University of Cincinnati. But why? Looking closer,
The Title says "Cool Statue" makes me want to see the statue🧐, Then I saw a statue of a Cincinnati Bearcat, a well-known mascot of the university.
The flag was the scientific name of the animal. A quick search revealed that the Cincinnati Bearcat is actually an Arctictis binturong, commonly known as a binturong or “bearcat.”
BCCTF{arctictis_binturong}
This Challenge, I was given a photo of a building. ❌No coordinates—just an image. My job was to 🔎identify where this building was located.
Now hunting for the landmark, Since I had no immediate clues, I used a combination of:
Google Reverse Image Search
TinEye (another image search tool)
Browsing famous buildings in Zürich
After a long search, 🎉I finally found a match—it was the Swiss National Museum in Zürich, Switzerland!
BCCTF{Swiss_National_Museum}
