Magnet Weekly CTF — Week 6

4 min readNov 16, 2020


This weeks challenge was a two parter. It looks like most people were able to get the first part right, but the second part seemed to stump quite a few folks. I did have a lot of trouble with the second part, but not nearly as much as last week’s challenge. The wording of the question was a bit wonky, but once I figured it out, it made sense.

Part 1

The first part of the question involved finding a dependency for Hadoop that failed to install and getting the error number associated with that error.

I first went snooping around the standard log locations and ended up in /var/log/apt

This folder had two files of interest:

Looking at the first one ‘history.log’, and searching for “error”, I found the following:

OK, so it looks like Java 7 was the dependency that did not install. Looking in the ‘term.log’ file and searching for “error” again, I found this:

Can’t be that easy right?

I thought this was unlikely the answer, but sure enough ‘404’ was the correct answer.

Part 2

This part was a bit more tricky:

Don’t panic about the failed dependency installation. A very closely related dependency was installed successfully at some point, which should do the trick. Where did it land? In that folder, compared to its binary neighbors nearby, this particular file seems rather an ELFant. Using the error code from your first task, search for symbols beginning with the same number (HINT: leading 0’s don’t count). There are three in particular whose name share a common word between them. What is the word?

Ok, hindsight makes this one way easier than it was, so let’s just break it down:

  1. Closely related dependency: Alright, well Java 7 failed, so were there any other java installs that worked? Yes, looking in the log right after the 404 error, looks like Java 8 installed properly.
  2. Where did it land? This was probably the crux of the matter, and it took me the longest to confirm I was in the right place, but eventually I found the following export lines in the .bash_history file:

3. In that folder, compared to its binary neighbors nearby, this particular file seems rather an ELFant: Wow, so this was very confusing. Going into the /usr/local/jdk1.8.0_151 folder, there are A LOT of ELF files, in fact, almost all of them are ELFs. So I spent a large amount of time trying to find another folder related to Java 8 that only had a single ELF. No luck. Finally I thought that maybe, the question was just asking for the largest ELF file in that folder.

The three largest files in the Java 8 directory

4. Search for symbols: This is the part where I learned something this week. My first attempt was to just simply do a grep for 404 on unpack200 and hope for the best. Nothing. Darn! Then I keyed in on the term ‘symbols’ and figured that perhaps Linux ELF files were similar to Windows executables and maybe there was a way to extract symbols or symbol tables from them. I was right, there’s a Linux command called ‘readelf’:

readelf --syms unpack200 | grep 404

Well I’m guessing the answer is deflate! Correct!