Magnet Weekly CTF — Week 6

This weeks challenge was a two parter. It looks like most people were able to get the first part right, but the second part seemed to stump quite a few folks. I did have a lot of trouble with the second part, but not nearly as much as last week’s challenge. The wording of the question was a bit wonky, but once I figured it out, it made sense.

Part 1

The first part of the question involved finding a dependency for Hadoop that failed to install and getting the error number associated with that error.

I first went snooping around the standard log locations and ended up in

This folder had two files of interest:

Looking at the first one , and searching for “”, I found the following:

OK, so it looks like Java 7 was the dependency that did not install. Looking in the ‘’ file and searching for “” again, I found this:

Can’t be that easy right?

I thought this was unlikely the answer, but sure enough ‘404’ was the correct answer.

Part 2

This part was a bit more tricky:

Ok, hindsight makes this one way easier than it was, so let’s just break it down:

  1. Closely related dependency: Alright, well Java 7 failed, so were there any other java installs that worked? Yes, looking in the log right after the 404 error, looks like Java 8 installed properly.
  2. Where did it land? This was probably the crux of the matter, and it took me the longest to confirm I was in the right place, but eventually I found the following export lines in the file:

3. In that folder, compared to its binary neighbors nearby, this particular file seems rather an ELFant: Wow, so this was very confusing. Going into the /usr/local/jdk1.8.0_151 folder, there are A LOT of ELF files, in fact, almost all of them are ELFs. So I spent a large amount of time trying to find another folder related to Java 8 that only had a ELF. No luck. Finally I thought that , the question was just asking for the ELF file in that folder.

The three largest files in the Java 8 directory

4. Search for symbols:This is the part where I learned something this week. My first attempt was to just simply do a grep for 404 on unpack200 and hope for the best. Nothing. Darn! Then I keyed in on the term ‘symbols’ and figured that perhaps Linux ELF files were similar to Windows executables and maybe there was a way to extract symbols or symbol tables from them. I was right, there’s a Linux command called ‘’:

readelf --syms unpack200 | grep 404

Well I’m guessing the answer is ! Correct!