304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

Bank of America CTF - DerbyCon 8 Coin

Bank of America CTF – Challenge Coins @ DerbyCon 9

I took part in the Bank of America CTF during the last DerbyCon, and I wanted to share some of my write-ups.

Bank of America CTF – Introduction

Just like last year’s DerbyCon, the Bank of America team was hosting a CTF for anyone at the conference.

I won a challenge coin from this last year, and it was sweet-looking.

Bank of America CTF - DerbyCon 8 Coin

This year wasn’t about trying to win, but I was hoping to score 200 points and win another challenge coin!

You can still find the challenges and scoreboard

For another write-up, I recommend the following post

It looks like BofA will run the CTF again during Technica, so I will hold off on posting everything until that ends!


Steganography (15 points)

The first challenge that I solved was image steganography and was found here.

First, I opened the image in Stegsolve.jar

Bank of America CTF - Stegsolve

Once I changed to the image negative, I was able to easily read the flag in the bottom left corner.

Bank of America CTF - Inverted

Note that Chrome made this even easier, and I could have avoided another program entirely.

Bank of America CTF - Steg Chrome

I entered in the flag, ‘8f8c2ca5c4bed32e4b364fe26df7f048’, and got some points on the board.

Password Cracking – Zip (10 points)

My next challenge was Zip password cracking.

First, I downloaded the archive.

root@kali:~/bofa# wget --no-check-certificate
--2019-09-05 14:01:00--
Resolving (
Connecting to (||:443... connected.
WARNING: The certificate of '' is not trusted.
WARNING: The certificate of '' hasn't got a known issuer.
HTTP request sent, awaiting response... 200 OK
Length: 234 [application/zip]
Saving to: ''             100%[===================>]     234  --.-KB/s    in 0s      

2019-09-05 14:01:05 (451 MB/s) - '' saved [234/234]

Next, I used zip2john to get a crackable pkzip hash.

root@kali:~/bofa# zip2john
ver a  efh 5455  efh 7875>flag.txt PKZIP Encr: 2b chk, TS_chk, cmplen=52, decmplen=40, crc=B9F36741$pkzip2$1*2*2*0*34*28*b9f36741*0*42*0*34*b9f3*8468*f80798210ffe881c173582f883279cff09de606c168d3f225c5e638f60aec160508d97fae4fe41018fb2e31dcb749df37edaf9cc*$/pkzip2$
root@kali:~/bofa# zip2john > zip_hash
ver a  efh 5455  efh 7875>flag.txt PKZIP Encr: 2b chk, TS_chk, cmplen=52, decmplen=40, crc=B9F36741

Finally, I used John to crack the hash, and get the password of ‘887766’.

root@kali:~/bofa# john zip_hash -incremental=digits
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
887766           (
1g 0:00:00:00 DONE (2019-09-05 14:10) 7.142g/s 4034Kp/s 4034Kc/s 4034KC/s 887737..887273
Use the "--show" option to display all of the cracked passwords reliably
Session completed

Using the password, I was able to get the flag of ‘e081129432efb65d52150e47f45899d1’.

root@kali:~/bofa# unzip
[] flag.txt password:
extracting: flag.txt                
root@kali:~/bofa# cat flag.txt
Flag = e081129432efb65d52150e47f45899d1

Bank of America CTF – Trivia (2 point each)

I moved on to the trivia questions next, as I figured they would be an easy 10 points.

  1. Who crashed 1507 computers in a single day? (Zero Cool
  2. What season/episode of Mr Robot featured the Derbycon founder’s name used as a fake name by the protagonist? Submit as S#E# (S3E5)
  3. What is the name of the default wallpaper in Windows XP? (Bliss)
  4. 300 of these counterfeit processors were sold to New Egg submit as XX-XXX. (i7-920)
  5. What is the FCC chairman’s favorite candy? (Reese’s)

Nesting Dolls (25 points)

The nesting dolls challenge was like other ones that I’ve seen in CTFs before.

First, I tried to extract every archive manually, but that was taking forever.

Bank of America CTF - Nesting Dolls

Next, I spent some time and got this awesome one-liner working. It will check the current directory for any archive, extract it, and then delete the original. When I ran it, it (eventually) worked perfectly, and extracted until there were no archives left.

root@kali:~/bofa/nesting# while [ "`find ./ -type f \( -iname '*.zip' -o -iname '*.tar' -o -iname '*.tar.gz' -o -iname "*.7z" -o -iname "*.bz2" \) | wc -l`" -gt 0 ]; do find ./ -type f \( -iname '*.zip' -o -iname '*.tar' -o -iname '*.tar.gz' -o -iname "*.7z" -o -iname "*.bz2" \) -exec 7z e -- '{}' \; -exec rm -- '{}' \;; done

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,1 CPU Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz (806EA),ASM,AES-NI)

Scanning the drive for archives:
1 file, 51502 bytes (51 KiB)

Extracting archive: ./BQPBDUYW.tar.bz2
Path = ./BQPBDUYW.tar.bz2
Type = bzip2

Everything is Ok   

Size:       61440
Compressed: 51502

... < snip > ...

Extracting archive: ./
Path = ./
Type = zip
Physical Size = 4755

Everything is Ok

Size:       4641
Compressed: 4755

The final file was flag.png, which was a screenshot of a flag.txt file.

Bank of America CTF - Nested flag

Once I typed it correctly, I submitted the flag of ‘5ebc96d7-c768-46f2-8555-2c582b7c450e’ and earned my points.

Bank of America CTF – Break and Scoreboard Check

At this point, I decided that it was time to take a quick break. I took a quick look at the scoreboard, and I was in first place still!

Bank of America CTF - Scoreboard

Cryptogram (20 points)

For the cryptogram, the challenge gave the text below.


Using quipqiup, I was able to automatically solve the challenge.

There were a few possibilities, but the following made the most sense.


While I didn’t have my copy of the Red Team Field Manual (RTFM) handy, I was able to look at the preview on Amazon.

I checked the Index and found that ‘TCPDump’ was the second entry.

More Ciphers (25 points)

Next, for “More ciphers”, the challenge gave the following instructions:

"Decrypt and submit the MD5 of the last word in the sentence:"

V nz n pvcure, n pvcure jenccrq va na ravtzn, WLASZ AALEH RNYBT ARZFC XVIDY

First, using the super secure ROT13 algorithm, I was able to decode the first half of the cipher.

I am a cipher, a cipher wrapped in an enigma, JYNFM NNYRU EALOG NEMSP KIVQL

Next, using the super subtle ‘enigma’ hint, combined with CyberChef, I was able to decode the second half.

Bank of America CTF - CyberChef Enigma

While it isn’t obvious, it makes more sense upon rearranging the spacing.



I got the MD5 hash of ‘dressing’ and submitted the flag for my points!

root@kali:~/bofa# md5 -s 'dressing'
MD5 ("dressing") = cebaea92f732a6a8392f329925d3fccf

Bank of America CTF – Conclusion

This is my first post out of 2 (or 3), but I covered a lot of the challenges.

Please let me know if you have any questions or feedback about the ones that I’ve already covered.

In the meantime, stay tuned for my other conference and CTF posts!

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.