top of page

Country to Country (C2C) CTF Write-Up Part 1

  • Tejas Walke
  • Feb 24
  • 6 min read

Updated: May 25


Husky Hunt

Challenge page titled "Husky Hunt 100" with a cryptic clue and note to wrap the flag in C2C_CTF{...}. Dark background, white text.

Solution:

  1. I identified that the text was in Base64 format.

  2. I decoded it using a standard Base64 decoder.

  3. After decoding, I took the first word from the output as the flag.

  4. Flag: KRENTZMAN

    Base64 encoding tool with encoded text in a dark interface. Buttons labeled Encrypt, Clear, and Decrypt. Decoded text reads Kilo Romeo Echo November Tango Zulu Mike Alpha November.

Paws Hideout

Challenge text on dark background: "Paws' Hideout", "100", "Super Easy". Link: "c2c-ctf-2025.org". Buttons: "Flag", "Submit". Mood: playful intrigue.

Solution:

Step 1: Extracting the ZIP File

I downloaded and extracted the Paws_Hideout.zip file, which contained a text file named directions.

Step 2: Inspecting the File Contents

I used the cat command to view the contents:

cat directions

The output contained repeated sequences of the words "up" and "down", such as:

up down up up up down down up down up up up...
Terminal screen displaying a command and output: "cat directions" followed by repeated "updown" sequences in green text on a black background.

Step 3: Recognizing a Binary Pattern

Observing the pattern, I realized that "up" and "down" could represent binary digits (0s and 1s). I made the following assumption for conversion:

  • up → 0

  • down → 1

Using a text editor with find-and-replace functionality, I replaced "up" with 1 and "down" with 0, obtaining a binary string.

Text editor and Find/Replace dialog on a dark abstract background. "down" is searched and replaced with "1," showing 173 matches.
Binary text in a code editor with a find and replace window open. Dark abstract background with shiny black and blue textures.

Step 4: Converting Binary to Text (ASCII/UTF-8)

The binary string was then converted to readable text using an online binary-to-text converter with ASCII/UTF-8 encoding.

Binary-to-text converter interface with binary code input. The result shows "C2C_CTF{binary_substitution_for_da_win}" in a text box.

Step 5: Extracting the Flag

Upon conversion, the output revealed the flag:

Flag: C2C_CTF{binary_substitution_for_da_win}


Husky Hash

"CTF challenge 'Husky Hash', 200 points. Text gives hints to unlock a zip file. Link: c2c-ctf-2025.org/files/Husky_Hash.zip. Mood: challenging."

Solution:

Step 1: Extracting the First ZIP File

I downloaded and extracted Husky_Hash.zip, which contained:

  • passwd (a hashed password file)

  • wordlist.txt (a list of potential passwords)

  • flag.zip (a second password-protected ZIP file)

Dark-themed desktop showing two text editor windows. One displays a hashed password, the other a list of common passwords. Background is abstract.

Step 2: Cracking the Password with John the Ripper

Since the passwd file contained a hash, I used John the Ripper to crack it:

john --wordlist=words.txt --format=md5crypt passwd

After running the command, John successfully cracked the hash and revealed the password: 📌 Password: husky

Step 3: Extracting flag.zip

Using the password, I extracted flag.zip

unzip -P husky flag.zip

This extracted an image file.

Silhouette of 14 birds sitting on a wire against a white background. Birds are evenly spaced, creating a simple and serene pattern.

Step 4: Analyzing the Image (Birds-On-A-Wire Cipher)

The extracted image showed silhouettes of birds sitting on a wire, which looked like a cipher.

I recognized it as the Birds-On-A-Wire cipher, a pictographic substitution cipher where each unique bird position represents a letter.

I used the provided Birds-On-A-Wire cipher translation table to decode the bird positions into letters.

Step 5: Extracting the Flag

By carefully translating each bird's position, I obtained the plaintext:

Flag: HOWLINGHUSKIE


Picture Game

Image of a challenge titled "Picture Game 450" with 63 solves. The task is to find a location for a flag. Includes a link and flag format.

Solution:

Step 1: Observing the Image

When I opened the provided image, I noticed:

  1. A traditional Japanese shrine with a red roof.

  2. A distinct banner with a black-and-white symbol in the center.

  3. And the Japan flag all over the image :p

At this point, I was confident that the image was taken somewhere in Japan, but I needed to narrow down the location.

Step 2: Identifying Key Features

Analyzing the Black-and-White Symbol

One of the most distinctive features was the black-and-white symbol on the banner. It looked circular with three curved sections, resembling a shuriken (throwing star) or a swirling pattern.

To investigate further, I:

  1. Took a screenshot of the symbol.

  2. Used Google Lens to perform a reverse image search, but I didn’t get immediate results.

  3. Then, I manually searched Google using terms like:"Japanese shrine black and white symbol""Japanese temple swirl symbol"

Collage of Japanese shrines with red roofs, featuring torii gates. A digital illustration highlights a distinct shrine with bold red elements.

This led me to a symbol known as Tomoe (巴), particularly the Mitsu-Domoe (三つ巴), which consists of three comma-like shapes forming a swirl.

Three commas form a tomoe symbol against a white background, representing earth, sky, and human. Text describes its cultural significance.

Step 3: Understanding the Symbol - Mitsu-Domoe

Now that I had identified the symbol as Mitsu-Domoe, I needed to find where it was commonly used.

From my research, I learned:

  • Mitsu-Domoe is associated with Shinto shrines and samurai culture.

  • It is often seen on shrine banners, drums, and roof tiles.

  • The symbol is believed to represent the elements of earth, sky, and water, and it is widely used in Okinawan religious sites.

Text about magatama beads, their historical use, and significance. Includes three tomoe symbols with translations: Single, Double, Triple Tomoe.
Grid of black spiral patterns on white background, each with labels. Designs vary from simple to intricate, creating a formal, structured look.

This meant I had to focus on Shinto shrines in Japan, particularly in Okinawa.

Step 4: Searching for a Shrine with Mitsu-Domoe

With this information, I refined my Google search to:

  • "Japanese shrine Mitsu-Domoe symbol"

  • "Okinawa Shinto shrine red roof"

This led me to Naminoue Shrine, a famous Shinto shrine in Naha, Okinawa.

To confirm, I compared images of Naminoue Shrine with the CTF image and found a perfect match: ✅ The red roof ✅ The banners with Mitsu-Domoe ✅ The Japanese flags with similar text.

A man approaches a red and white traditional temple with purple banners and kanji. Greenery surrounds the vibrant, serene setting.

Step 5: Formatting and Submitting the Flag

The challenge specified the flag format as: C2C_CTF{Something_Something_City}

From my findings, the shrine’s full name and location were:

  • Naminoue Shrine (神社)

  • Located in Naha, Okinawa, Japan

Thus, the correct flag submission was:

Flag: C2C_CTF{Naminoue_Shinto_Naha}


Unknown File Type

Challenge screen with "Unknown File type 100" text. Super Easy tag, goal with unsure file purpose, flag template, and link visible.

Solution:

Step 1: Extracting the ZIP File

I downloaded the Forensics-SuperEasy.zip file and extracted its contents. Inside the folder, I found:

  • Forensics-SuperEasy.zip (which I had already extracted)

  • OSINT-SuperEasy.gb

The .gb file extension immediately caught my attention, as .gb files are associated with Game Boy ROMs.

File manager window showing two files: a zip named "Forensics-SuperEasy.zip" and a disk image "OSINT-SuperEasy.gb" on a dark theme.

Step 2: Identifying the File Type

To confirm the file type, I used the file command in Linux:

file OSINT-SuperEasy.gb

The output verified that it was indeed a Game Boy ROM. Since ROMs are executable game files, the next logical step was to run the ROM in an emulator.

Step 3: Running the Game Boy ROM

To run the ROM, I needed a Game Boy emulator. I installed VisualBoyAdvance, a popular emulator for playing Game Boy games, using:

sudo apt install visualboyadvance
Terminal window on Kali Linux, showing installation of VisualBoyAdvance using sudo apt. Background features Kali logo. Text in green.

After installation, I launched the ROM with:

visualboyadvance OSINT-SuperEasy.gb
Terminal running a VisualBoyAdvance emulator. Green text on black shows file paths and system info. Emulator displays "C2C - CTF, Get your flag!"

Step 4: Extracting the Flag

Once the emulator opened, I was greeted with a black screen displaying “C2C - CTF” and a prompt saying "Press Start".

I pressed Enter (which functions as the Start button in the emulator), and after navigating the game, the flag was revealed on the screen:

Terminal on Linux shows commands and outputs for "VisualBoyAdvance" with a pop-up displaying code on a dark background.

HuskySniff

Challenge screen titled "HuskySniff" with 100 points, "Super Easy" tag. Shows 99 solves, a URL, and fields for flag entry and submission.

Solution:

Step 1: Identifying the File Type

The file had no extension, so the first step was to check what kind of file it was.

I used the file command in Linux:

file huskysniff

The output showed that it was an ELF (Executable and Linkable Format) binary, meaning it was an executable file for Linux.

To further confirm, I uploaded the file to an online file type checker, which also identified it as an ELF 64-bit dynamically linked executable.

CheckFileType success page showing ELF file info. Buttons for "Show Meta Data" and "Convert File" below. Feedback icons displayed.

Step 2: Running the Binary Analysis

Since the file was an executable, I ran it using

./huskysniff

This produced a text output, hinting some clue, so I ran the strings command using

strings huskysniff

This produced a huge amount of text output, so I decided to filter it for anything relevant by looking for c2c or ctf, as flags often follow a recognizable pattern.

Linux desktop interface showing a terminal running commands in green text. Folders like Desktop and Documents are visible on the sidebar.
Terminal window showing code in green text on black background. Message: "Word on campus is the Northeastern Husky sniffed out the hidden flag. Woof you waiting for? Happy hacking!"

Step 3: Extracting the Flag

To efficiently find the flag, I used:

strings huskysniff > husky.txt

This created a txt file with the output from the strings command being copied to the txt file. Then I opened the created txt file with command output and searched for "c2c" and voila!

Text editor open on a dark-themed desktop showing scrambled text. Highlighted text "c2c_ctf{fzwcnztgmgfqfbjc}" in the document. Screenshot notification.

Husky Walk

Challenge screen with title "Husky Walk", 200 points, marked easy. Text: "Bring huksy to the right park." Includes a URL link.

Step 1: Identifying the File

After downloading the file huskywalk, I noticed it had no extension. To determine its type, I ran the file command:

file huskywalk

The output confirmed that it was an ELF 64-bit executable, meaning it was a Linux binary.

Step 2: Running the Executable

Before running any unknown binary, it's always good practice to check for potential malicious behavior. Since this was a CTF challenge, I decided to execute it in a controlled environment.

I first made the file executable using:

chmod +x huskywalk

Then, I ran it:

./huskywalk

The program displayed a message:

Hey hooman! Can we pleaaase go to the park? I wanna run super fast, sniff all the things, and maybe make some new furry friends! Pretty please with extra belly rubs? Which park are we going to?!
Dark mode desktop displaying a terminal window. Green text in the terminal discusses going to a park, with playful and humorous dialogue.

It seemed like the program was expecting some input.

Step 3: Finding Clues

I tried entering random inputs, but the program responded with:

Umm, hooman… not that park! It’s boring, no good sniffs, and no fun friends to play with! Can we go somewhere way more exciting instead? Pleaaase?

Since guessing the correct input blindly wasn't efficient, I needed to analyze the binary for hidden clues.

Step 4: Extracting Hidden Strings

To find useful hints, I used the strings command, which extracts readable text from binary files:

strings 
huskywalk > walk.txt

This saved the output to a text file named walk.txt.

A dark-themed Notepad++ window displaying lines of numbers and text. The environment is a typical coding interface with menu and toolbar.

Next, I opened the file and searched for "c2c" and found the flag!


Husky Play

Challenge interface labeled "Husky Play 351" with medium difficulty. Task: give husky the right toy. Shows 62 solves and a link for more info.

Solution:

The same ELF process I mentioned earlier,

  1. Determine Filetype

  2. Ran the file using ./

  3. Got some clue

  4. Copied the strings output to a txt file and searched for c2c.

Dark-themed terminal on a desktop shows green text dialogue about a dog's toy. File explorer with "huskyplay" icon is open. Calm setting.

However, I couldn't find anything with "c2c", so I started analyzing the contents in depth. And found a phrase that had relevancy with the earlier flag format, just not "c2c".

Text editor displaying random alphanumeric text over a black background. The interface is in dark mode with a menu bar at the top.

It had y2y_ypb which is a strong indication of Caesar's Cipher. So I ran it and voila! Got the Flag!

Cryptii interface showing plaintext "Y}-yoE|trik|rc{refrcfsezYkh" encoded via Caesar cipher with shift 4 to ciphertext "C}-cssf{ppo{vieguwmegi".

There is a Part 2, but I will post that in a few days!


This was the qualifier round, and I’ve made it to the finals! The in-person event will be held at Northeastern University from July 6-10, and I couldn’t be more excited!


The C2C CTF Qualifier Round was incredible, with each challenge offering a valuable learning experience. I secured 81st place globally, earning 2360 points, and I'm eagerly looking forward to competing in the finals!

 
 
bottom of page