
Getting the hints
In order to get the hints we talk to Tinsel Upatree who ask to help him wih Strace Ltrace Retrace terminal.

When executed the make_the_candy binary asked about a configuration file that doesn’t exist. The goal is to debug the binary in order to get and idea about this conf file and create it.

Let’s start by a ltrace:
kotton_kandy_co@2cb88d57cec7:~$ ltrace ./make_the_candy
fopen("registration.json", "r") = 0
puts("Unable to open configuration fil"...Unable to open configuration file.
) = 35
+++ exited (status 1) +++
It says that it cannot find registration.json. So let’s create a file we name it registration.json, fill it with some chars and make another ltrace:
kotton_kandy_co@636947d8d142:~$ echo "aaaaaaaaaaaaaaaa" > registration.json
kotton_kandy_co@636947d8d142:~$ ltrace ./make_the_candy
fopen("registration.json", "r") = 0x562e83f62260
getline(0x7ffddcf06980, 0x7ffddcf06988, 0x562e83f62260, 0x7ffddcf06988) = 29
strstr("aaaaaaaaaaaaaaaa\n", "Registration") = nil
getline(0x7ffddcf06980, 0x7ffddcf06988, 0x562e83f62260, 0x7ffddcf06988) = -1
puts("Unregistered - Exiting."Unregistered - Exiting.
) = 24
+++ exited (status 1) +++
This time it fails when trying to find “Registration” in the content of the file we provided. So lets puts test with another file that contains only “Registration”.
kotton_kandy_co@636947d8d142:~$ echo "Registration" > registration.json
kotton_kandy_co@636947d8d142:~$ ltrace ./make_the_candy
fopen("registration.json", "r") = 0x5579312a1260
getline(0x7ffff9ef6310, 0x7ffff9ef6318, 0x5579312a1260, 0x7ffff9ef6318) = 13
strstr("Registration\n", "Registration") = "Registration\n"
strchr("Registration\n", ':') = nil
getline(0x7ffff9ef6310, 0x7ffff9ef6318, 0x5579312a1260, 0x7ffff9ef6318) = -1
puts("Unregistered - Exiting."Unregistered - Exiting.
) = 24
+++ exited (status 1) +++
So now it is looking for the character ‘:’ within the file. Let’s add it after Registration.
kotton_kandy_co@636947d8d142:~$ echo "Registration:" > registration.json
kotton_kandy_co@636947d8d142:~$ ltrace ./make_the_candy
fopen("registration.json", "r") = 0x55a824bf6260
getline(0x7ffdb1281550, 0x7ffdb1281558, 0x55a824bf6260, 0x7ffdb1281558) = 14
strstr("Registration:\n", "Registration") = "Registration:\n"
strchr("Registration:\n", ':') = ":\n"
strstr(":\n", "True") = nil
getline(0x7ffdb1281550, 0x7ffdb1281558, 0x55a824bf6260, 0x7ffdb1281558) = -1
puts("Unregistered - Exiting."Unregistered - Exiting.
) = 24
+++ exited (status 1) +++
It now looks for the string “True” after “:” let’a add it.

It worked and we got the hints!
The Challenge
Thanks to the hints, we now that we can filter by ip.flags.rb in Wirehsark

When I used this filter with 0x0 as a value I got the following result:

It is about a complain sent from the room 1024 and with an unusual troll_id. I then filtered 1024 (room number) and the opposite ip.flags.rb and I got the following results that are the three complains sent by the trolls

The answer is “Flud Hagg Yaqh“