Patriot CTF | Coffee Shop
Who doesn’t love a little JAVA!
This challenge starts with a .zip file called CoffeeShop.zip
After inflating the zip we can see that is contains a .jar file.
A JAR file is a package file format typically used to aggregate many Java class files and associated metadata and resources into one file for distribution. JAR files are archive files that include a Java-specific manifest file. They are built on the ZIP format and typically have a .jar file extension.
That being said a JAR file is identical to a zip file format. Both compresses a group of files (including directories) into a single file to reduce the total size, as well as retain the directory structure of the files.
We can then inflate the .jar with the command
jar -xvf CoffeeShop.jar
We now have a META-INF directory and a CoffeeShop.class
We can target this .class file to see how the program inter-workings are.
Let’s use the command to look inside this .class file
javap -c CoffeeShop.class
Nice Work!
If we peer into the developer comments in the main function we can see that there is a checking function that looks for very specific string values. Thankfully the Dev left them for us to find!
We now can take the three methods that checks for a string.
java/lang/String.endsWith: NoZXI=
java/lang/String.startsWith: R2FsZU
java/lang/String.substring: JvZXR0aW
So all in all we can put the string together : R2FsZUJvZXR0aWNoZXI=
Good thing we can see there is a method BASE64 encoding so now all we have to do is decode the BASE64 string!
BOOM got that flag!
