Raytheon Challenges

I'm always up for hacking/forensic challenges so when I came across raytheon.com I decided to check them out. The goal is to complete a URL to get to the final page.

You can find the challenges here: http://rtncyberjobs.com

Challenge 1:

The first challenge is very basic and shouldn't take anyone more than a few seconds to figure out. The answer is right in the text on the image:

Right click and view the page source like the text says. Upon scrolling down there is a large comment block containing the answer to the first challenge:

<!--    ********************************************************    -->
<!--    *             Identification Key = hiddengem           *    -->
<!--    ********************************************************    -->
<!--                                                                -->
<!--    Great job, you found the first identification key! Good     -->
<!--    thinking to look in the source code, but this was an        -->
<!--    easy one! You'll need to keep your eyes open and skills     -->
<!--    sharp in order to find and solve the other challenges.      -->
<!--                                                                -->
<!--     Choose to:                                                 -->
<!--     1. type the key "hiddengem" into the 'id key' textbox      -->
<!--        and see what's next                                     -->
<!--     2. solve the other 2 puzzles and find their keys           -->
<!--                                                                -->
<!--    ========================================================    -->

To complete the challenge you just append the Identification Key to the end of the URL: http://rtncyberjobs.com/hiddengem

Challenge Δ:

Challenge Δ was a bit trickier. Here is the image:

The first thing that came to mind was steganography. I saved the image locally and checked it with stegdetect:

# stegdetect puz1b.jpg
puz1b.jpg : negative

Nothing. The next thing that came to mind was checking the Exif data of the image:

# exif puz1b.jpg

EXIF tags in 'puz1b.jpg' ('Motorola' byte order):
--------------------+----------------------------------------------------------
Tag                 |Value
--------------------+----------------------------------------------------------
Image Description   |Getting warmer! Use concealment to uncover even more as yo
Manufacturer        |concealment
x-Resolution        |1.00
y-Resolution        |1.00
Resolution Unit     |Internal error (unknown value 1)
Artist              |concealment
YCbCr Positioning   |centered
Exif Version        |Exif Version 2.1
FlashPixVersion     |FlashPix Version 1.0
Color Space         |Internal error (unknown value 65535)
--------------------+----------------------------------------------------------

It appeared as though the Image Description was being truncated so I ran strings against the file:

# strings puz1b.jpg | more
JFIF
Exif
Getting warmer! Use concealment to uncover even more as you hunt for the solution string to this puzzle...like hide and seek...
concealment
concealment

I played around with scalpel which did give me (i think) a couple false positives. One was an rpm package that file couldn't detect, and another copy of the original jpg image. Hmm. What does this mean? I tried 'concealment' and a few variants but nothing worked. I'll have to think about it and come back. Onto the next challenge:

Challenge 3:

This next challenge was to decrypt the text, and then figure out who said the quote. At first glance looks like it could take quite some time to figure out. It turned out to be a simple crytogram. I just used an online crytogram solver and pasted in the text from the image:

Cryptogram:

TDS JPBBPS IB IV BA NDSP KIZGBX BGIQZV, BA WIQ ZEASIAFV BSIFKCGV, PRPQ BGAFZG LGPLUPSPN JX TDIEFSP, BGDQ BA BDUP SDQU WIBG BGAVP CAAS VCISIBV WGA QPIBGPS PQMAX KFLG QAS VFTTPS KFLG, JPLDFVP BGPX EIRP IQ BGP ZSDX BWIEIZGB BGDB UQAWV QPIBGPS RILBASX QAS NPTPDB.

Deciphered Text:

far better it is to dare mighty things, to win glorious triumphs, even though checkered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the gray twilight that knows neither victory nor defeat.

Once the message was deciphered I just pasted it into Google. According to Google that was a quote from Theodore Roosevelt. I tried the key of 'roosevelt' which was correct.

Challenge Σ:

At the top was this message:

The key for this part of the challenge is the key to this cypher text:

Ntf zdym cvhcze khy Hjxehqsv ccbivr, fulv afx qflsmmghunfkiw ojghydt, zs na ezsagjje jxbznnqyk lyfuvr zdfhuyzdzem, iizcb uokelrfiem ijkh u euiacsikfidxrrx mqglcobkiiz pw flqrlehoz rnuxzjim. Rpi iheurnwq, jw P ce uye gatk flqrlehf mvtnqs zn u ojghyd uvxn iifsy bmrihffot ce je Ehsmzsb, aov mcsik soeqvcn firt J opiryeqfnxe uf E, vqdrumq F zs ntf domf giekgfetfk vjex xfktyd je Ehsmzsb. Tpnepqs, lsczh khy Hjxehqsv ccbivr, Y obe by qotijtfiex mt uizrfiehf dzpbqskerf mvtnqsj an pjwfydfet jajetm uo khy yfjsusf, khoe evfymuzna ejdpfq giekgfecs morlsejj.

I used another online tool to decipher the text:

The idea behind the Vigenere cipher like all polyalphabetic ciphers is to disguise plaintext letter frequencies which interferes with a straightforward application of frequency analysis. For instance if P is the most frequent letter in a cipher text whose plaintext is in English one might suspect that P corresponds to E because E is the most frequently used letter in English. However using the Vigenere cipher E can be enciphered as different ciphertext letters at different points in the message thus defeating simple frequency analysis.

At first I thought that the word 'vingenere' was the key to this challenge, but it wasn't. Next I had to figure out what the key to this cipher was. I used this tool to figure that out (it took forever).

Key: UMBRA


When I get some free time I'll go back and figure out that steganography challenge. At least I think that's what I need to do.