Added CTFlearn writeups

This commit is contained in:
rishitsaiya 2020-07-31 18:48:25 +05:30
commit 53fd30619d
151 changed files with 15249 additions and 0 deletions

View File

@ -0,0 +1,15 @@
## Favorite Color
The main idea finding the flag is exploiting the Buffer Overflow of the Binary file.
#### Step-1:
After logging into the remote access with `ssh color@104.131.79.111 -p 1001` and password as `guest`,
my system got completely crashed due to several DDoS attacks. So, I directly looked up for solution and understood from there.
https://www.embeddedhacker.com/2020/01/hacking-walkthrough-ctflearn-binary-medium/
#### Step-2:
Finally the flag becomes:
`flag{c0lor_0f_0verf1ow}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 45 KiB

View File

@ -0,0 +1,22 @@
## Lazy Game Challenge
The main idea finding the flag is thinking differently to break the logic in binary file.
#### Step-1:
After pwning into the given machine: `nc thekidofarcrania.com 10001`, we are asked to play a betting game.
#### Step-2:
I input <strong>Y</strong> and proceed to see the game. According to given scenario, I seemed to lose every bet of 100$. So I had to do something differently.
#### Step-3:
This time I placed a bet of a hefty number like 1000000$ which I didn't even possess. I spit out errors. :(
#### Step-4:
But the main idea in pwning lies in abnormal thinking and that's where you focus. I tried out negative number this time for the bet like -100000$. I still could play, it shows there was a program logic flaw there.
Now I went wild to give all numbers (which I had to guess below 10) greater than 10. Finally it gave me flag.
<img src="Flag.png">
#### Step-3:
Finally the flag becomes:
`CTFlearn{d9029a08c55b936cbc9a30_i_wish_real_betting_games_were_like_this!}`

View File

@ -0,0 +1,14 @@
import numpy as np
arr = np.arange(65,90).reshape(5, 5) # Array of alphabet
arr = np.where(arr <75, arr, arr+1) # Array without 'K'
cells = ["1-3","4-4","2-1","{","4-4","2-3","4-5","3-2","1-2","4-3","_","4-5","3-5","}"]
for i in cells:
if(ord(i[0])>=48 and ord(i[0])<=57):
x=int(i[0])-1
y=int(i[2])-1
print(chr(arr[x][y]),end="")
else:
print(i[0],end="")
print("\n")

View File

@ -0,0 +1,47 @@
## 5x5 Crypto
The main idea finding the flag is by simple pairs.
#### Step-1:
After reading the given text:
`Ever heard of the 5x5 secret message system? If not, basically it's a 5x5 grid with all letters of the alphabet in order, without k because c is represented to make the k sound only. Google it if you need to. A letter is identified by Row-Column. All values are in caps. Try: 1-3,4-4,2-1,{,4-4,2-3,4-5,3-2,1-2,4-3,_,4-5,3-5,}`
#### Step-2:
So, basically the table is:
<img src="Table.png">
We can decode the message according to given inputs in message above to get the flag.
#### Step-3:
Instead I wrote a `Flag.py` script to get the flag.
```
import numpy as np
arr = np.arange(65,90).reshape(5, 5) # Array of alphabet
arr = np.where(arr <75, arr, arr+1) # Array without 'K'
cells = ["1-3","4-4","2-1","{","4-4","2-3","4-5","3-2","1-2","4-3","_","4-5","3-5","}"]
for i in cells:
if(ord(i[0])>=48 and ord(i[0])<=57):
x=int(i[0])-1
y=int(i[2])-1
print(chr(arr[x][y]),end="")
else:
print(i[0],end="")
print("\n")
```
#### Step-4:
If we execute this script by `python3 Flag.py`, I got the following output:
```
CTF{THUMBS_UP}
```
#### Step-5:
Finally the flag becomes:
`CTF{THUMBS_UP}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 10 KiB

View File

@ -0,0 +1,29 @@
## ALEXCTF CR2: Many time secrets
The main idea finding the flag is decomposing the Hex dump and finding the public key.
#### Step-1:
After we download `msg(4)` from the cloud, we get the following data.
`0529242a631234122d2b36697f13272c207f2021283a6b0c79082f28202a302029142c653f3c7f2a2636273e3f2d653e25217908322921780c3a235b3c2c3f207f372e21733a3a2b37263b3130122f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d283f652c2b31661426292b653a292c372a2f20212a316b283c0929232178373c270f682c216532263b2d3632353c2c3c2a293504613c37373531285b3c2a72273a67212a277f373a243c20203d5d
243a202a633d205b3c2d3765342236653a2c7423202f3f652a182239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c263e203d63232f0f20653f207f332065262c31683137223679182f2f372133202f142665212637222220733e383f2426386b`
Working out:
https://youtu.be/p4DIab6NKOY?t=307
The link for this tool is below:
https://github.com/SpiderLabs/cribdrag
#### Step-2:
I didn't have complete idea on proceeding on this challenge, so I took help from online and got this.
https://youtu.be/p4DIab6NKOY?t=307
#### Step-3:
Alternatively, same flag can be approached in another way also.
https://www.embeddedhacker.com/2020/01/hacking-walkthrough-ctflearn-crypto-medium/
#### Step-4:
Finally the flag becomes:
`ALEXCTF{HERE_GOES_THE_KEY}`

View File

@ -0,0 +1,104 @@
#!/usr/bin/python
##########################
# cribdrag - An interactive crib dragging tool
# Daniel Crowley
# Copyright (C) 2013 Trustwave Holdings, Inc.
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
##########################
import sys
import re
import argparse
def sxor(ctext,crib):
# convert strings to a list of character pair tuples
# go through each tuple, converting them to ASCII code (ord)
# perform exclusive or on the ASCII code
# then convert the result back to ASCII (chr)
# merge the resulting array of characters as a string
results = []
single_result = ''
crib_len = len(crib)
positions = len(ctext)-crib_len+1
for index in xrange(positions):
single_result = ''
for a,b in zip(ctext[index:index+crib_len],crib):
single_result += chr(ord(a) ^ ord(b))
results.append(single_result)
return results
def print_linewrapped(text):
line_width = 40
text_len = len(text)
for chunk in xrange(0,text_len,line_width):
if chunk > text_len-line_width:
print str(chunk) + chr(9) + text[chunk:]
else:
print str(chunk) + chr(9) + text[chunk:chunk+line_width]
parser = argparse.ArgumentParser(description='cribdrag, the interactive crib dragging script, allows you to interactively decrypt ciphertext using a cryptanalytic technique known as "crib dragging". This technique involves applying a known or guessed part of the plaintext (a "crib") to every possible position of the ciphertext. By analyzing the result of each operation and the likelihood of the result being a successful decryption based on the expected format and language of the plaintext one can recover the plaintext by making educated guesses and adaptive application of the crib dragging technique.')
parser.add_argument('ciphertext', help='Ciphertext, encoded in an ASCII hex format (ie. ABC would be 414243)')
parser.add_argument('-c', '--charset', help='A regex-style character set to be used to identify best candidates for successful decryption (ex: for alphanumeric characters and spaces, use "a-zA-Z0-9 ")', default='a-zA-Z0-9.,?! :;\'"')
args = parser.parse_args()
ctext = args.ciphertext.decode('hex')
ctext_len = len(ctext)
display_ctext = "_" * ctext_len
display_key = "_" * ctext_len
charset = '^['+args.charset+']+$'
response = ''
while response != 'end':
print "Your message is currently:"
print_linewrapped(display_ctext)
print "Your key is currently:"
print_linewrapped(display_key)
crib = raw_input("Please enter your crib: ")
crib_len = len(crib)
results = sxor(ctext, crib)
results_len = len(results)
#Generate results
for result_index in xrange(results_len):
if (re.search(charset,results[result_index])):
print '*** ' + str(result_index) + ': "' + results[result_index] + '"'
else:
print str(result_index) + ': "' + results[result_index] + '"'
response = raw_input("Enter the correct position, 'none' for no match, or 'end' to quit: ")
#Replace part of the message or key
try:
response = int(response)
if (response < results_len):
message_or_key = ''
while (message_or_key != 'message' and message_or_key != 'key'):
message_or_key = raw_input("Is this crib part of the message or key? Please enter 'message' or 'key': ")
if(message_or_key == 'message'):
display_ctext = display_ctext[:response] + crib + display_ctext[response+crib_len:]
display_key = display_key[:response] + results[response] + display_key[response+crib_len:]
elif(message_or_key == 'key'):
display_key = display_key[:response] + crib + display_key[response+crib_len:]
display_ctext = display_ctext[:response] + results[response] + display_ctext[response+crib_len:]
else:
print 'Invalid response. Try again.'
except ValueError:
if (response == 'end'):
print "Your message is: " + display_ctext
print "Your key is: " + display_key
elif (response == 'none'):
print "No changes made."
else:
print "Invalid entry."

View File

@ -0,0 +1,11 @@
0529242a631234122d2b36697f13272c207f2021283a6b0c7908
2f28202a302029142c653f3c7f2a2636273e3f2d653e25217908
322921780c3a235b3c2c3f207f372e21733a3a2b37263b313012
2f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d
283f652c2b31661426292b653a292c372a2f20212a316b283c09
29232178373c270f682c216532263b2d3632353c2c3c2a293504
613c37373531285b3c2a72273a67212a277f373a243c20203d5d
243a202a633d205b3c2d3765342236653a2c7423202f3f652a18
2239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c
263e203d63232f0f20653f207f332065262c3168313722367918
2f2f372133202f142665212637222220733e383f2426386b

Binary file not shown.

After

Width:  |  Height:  |  Size: 47 KiB

View File

@ -0,0 +1,20 @@
## Base 2 2 the 6
The main idea finding the flag is $2^6$ = 64.
#### Step-1:
After we read the message given,
`Q1RGe0ZsYWdneVdhZ2d5UmFnZ3l9`
It is clearly Base64 encrypted.
#### Step-2:
I tried to decode it online here: https://www.base64decode.org/
I got the following result:
<img src="Decode.png">
#### Step-3:
Finally the flag becomes:
`CTF{FlaggyWaggyRaggy}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 246 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 172 KiB

View File

@ -0,0 +1,26 @@
## BruXOR
The main idea finding the flag is XOR Bruteforce.
#### Step-1:
After reading the message in the question,
`There is a technique called bruteforce. Message: q{vpln'bH_varHuebcrqxetrHOXEj No key! Just brute .. brute .. brute ... :D`
The first thing I searched online was XOR Bruteforce and I got some helpful results.
#### Step-2:
I followed the URL: https://www.dcode.fr/xor-cipher
Since in the message, it is clearly that there is no key, my inputs were as follows: (Only Bruteforce xP)
<img src="Input.png">
#### Step-3:
After decrypting, we get the following results, amidst which I found the flag.
<img src="Flag.png">
#### Step-4:
Finally the flag becomes:
`flag{y0u_Have_bruteforce_XOR}`

View File

@ -0,0 +1,16 @@
## Character Encoding
The main idea finding the flag using simple Hex to text conversion.
#### Step-1:
Generally, I don't criticize any challenge, but this one crossed limits. It was too Ez. xP.
We have been given simple Hex code: `41 42 43 54 46 7B 34 35 43 31 31 5F 31 35 5F 55 35 33 46 55 4C 7D`
#### Step-2:
Convert it online here to text:
http://www.unit-conversion.info/texttools/hexadecimal/
#### Step-3:
Finally the flag becomes:
`ABCTF{45C11_15_U53FUL}`

View File

@ -0,0 +1,29 @@
## Hextroadinary
The main idea finding the flag is to read the question properly and interpret.
#### Step-1:
After we read the given message:
`Meet ROXy, a coder obsessed with being exclusively the worlds best hacker. She specializes in short cryptic hard to decipher secret codes. The below hex values for example, she did something with them to generate a secret code, can you figure out what? Your answer should start with 0x.`
`0xc4115` `0x4cf8`
#### Step-2:
`Meet ROXy` - This should give us a simple idea that we have to XOR the 2 given Hex numbers.
#### Step-3:
So I tried it online here:
http://xor.pw/#
<img src="xor.png">
Note: Do not forget `0x` before flag.
#### Step-7:
Finally the flag becomes:
`CTFlearn{0xc0ded}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 236 KiB

View File

@ -0,0 +1,27 @@
## HyperStream Test #2
The main idea finding the flag is to know Baconian Cipher.
#### Step-1:
After reading the challenge properly,
```
I love the smell of bacon in the morning!
ABAAAABABAABBABBAABBAABAAAAAABAAAAAAAABAABBABABBAAAAABBABBABABBAABAABABABBAABBABBAABB
```
#### Step-2:
It is clear that it has to be Baconian Cipher. Those who are unaware of it, can refer here:
https://en.wikipedia.org/wiki/Bacon%27s_cipher
I then quickly looked for online Baconian Cipher decoders.
#### Step-3:
I followed URL: https://www.dcode.fr/bacon-cipher.
I got the following results:
<img src="Flag.png">
#### Step-4:
Finally the flag becomes:
`ILOUEBACONDONTYOU`

Binary file not shown.

After

Width:  |  Height:  |  Size: 41 KiB

View File

@ -0,0 +1,24 @@
## Morse Code
The main idea finding the flag is just having knowledge about Morse Code.
#### Step-1:
This is the message given to us:
`..-. .-.. .- --. ... .- -- ..- . .-.. -- --- .-. ... . .. ... -.-. --- --- .-.. -... -.-- - .... . .-- .- -.-- .. .-.. .. -.- . -.-. .... . . ...`
#### Step-2:
I used this URL to decode our answer:
https://cryptii.com/pipes/morse-code-to-text
#### Step-3:
This was my output:
<img src="Flag.png">
That's it. That's our flag.
#### Step-4:
Finally the flag becomes:
`flagsamuelmorseiscoolbythewayilikechees`

View File

@ -0,0 +1,17 @@
import gmpy2
from gmpy2 import mpz
e=mpz(3)
c=mpz(219878849218803628752496734037301843801487889344508611639028)
n=mpz(245841236512478852752909734912575581815967630033049838269083)
#use factordb
q=mpz(416064700201658306196320137931)
p=mpz(590872612825179551336102196593)
phi=gmpy2.mul(p-1,q-1)
d=gmpy2.invert(e,phi)
f=gmpy2.powmod(c,d,n)
g=bytes.fromhex(hex(f)[2:])
print("[+] Flag is : ",g)

View File

@ -0,0 +1,48 @@
## RSA Beginner
The main idea finding the flag using RSA function and its operations.
#### Step-1:
After we download `rsa (1).txt` from the cloud, we try to understand what is the content.
If anyone is unaware of RSA Encryption, they can checkout here:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
#### Step-2:
The contents of `rsa (1).txt` are as follows:
```
e: 3
c: 219878849218803628752496734037301843801487889344508611639028
n: 245841236512478852752909734912575581815967630033049838269083
```
#### Step-3:
We run a simple `Flag.py` script to get the flag.
```
import gmpy2
from gmpy2 import mpz
e=mpz(3)
c=mpz(219878849218803628752496734037301843801487889344508611639028)
n=mpz(245841236512478852752909734912575581815967630033049838269083)
#use factordb
q=mpz(416064700201658306196320137931)
p=mpz(590872612825179551336102196593)
phi=gmpy2.mul(p-1,q-1)
d=gmpy2.invert(e,phi)
f=gmpy2.powmod(c,d,n)
g=bytes.fromhex(hex(f)[2:])
print("[+] Flag is : ",g)
```
#### Step-4:
The output of `python3 Flag.py` is as follows:
`[+] Flag is : b'abctf{rs4_is_aw3s0m3}'`
#### Step-5:
Finally the flag becomes:
`abctf{rs4_is_aw3s0m3}`

View File

@ -0,0 +1,3 @@
e: 3
c: 219878849218803628752496734037301843801487889344508611639028
n: 245841236512478852752909734912575581815967630033049838269083

Binary file not shown.

After

Width:  |  Height:  |  Size: 53 KiB

View File

@ -0,0 +1,19 @@
from Crypto.Util.number import inverse
import binascii
e = 1
c = 9327565722767258308650643213344542404592011161659991421
n = 245841236512478852752909734912575581815967630033049838269083
# From factordb
p = 416064700201658306196320137931
q = 590872612825179551336102196593
phi = (p-1) * (q-1)
d = inverse(e,phi)
m = pow(c,d,n)
hex_str = hex(m)[2:] # Removing '0x'
print(binascii.unhexlify(hex_str))

View File

@ -0,0 +1,65 @@
## RSA Noob
The main idea finding the flag using RSA function and its operations.
#### Step-1:
After we download `rsanoob(1).txt` from the cloud, we try to understand what is the content.
If anyone is unaware of RSA Encryption, they can checkout here:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
#### Step-2:
The contents of `rsa (1).txt` are as follows:
```
e: 1
c: 9327565722767258308650643213344542404592011161659991421
n: 245841236512478852752909734912575581815967630033049838269083
```
#### Step-3:
'e' and 'n' - Public key.
'c' - Cipher text.
Given `n` to us, we try to find `p` & `q` online from http://factordb.com/index.php
#### Step-4:
We get the `p` & `q` online as follows:
<img src="Factorize.png">
Now we can feed inputs manually to yield flag.
#### Step-5:
Running this `Flag.py` script:
```
from Crypto.Util.number import inverse
import binascii
e = 1
c = 9327565722767258308650643213344542404592011161659991421
n = 245841236512478852752909734912575581815967630033049838269083
# From factordb
p = 416064700201658306196320137931
q = 590872612825179551336102196593
phi = (p-1) * (q-1)
d = inverse(e,phi)
m = pow(c,d,n)
hex_str = hex(m)[2:] # Removing '0x'
print(binascii.unhexlify(hex_str))
```
#### Step-6:
We get the flag by `python3 Flag.py`
We get this output:
`b'abctf{b3tter_up_y0ur_e}'`
#### Step-7:
Finally the flag becomes:
`abctf{b3tter_up_y0ur_e}`

View File

@ -0,0 +1,3 @@
e: 1
c: 9327565722767258308650643213344542404592011161659991421
n: 245841236512478852752909734912575581815967630033049838269083

Binary file not shown.

After

Width:  |  Height:  |  Size: 29 KiB

View File

@ -0,0 +1,25 @@
## Reverse Polarity
The main idea finding the flag is Binary to ASCII conversion.
#### Step-1:
After seeing the text, we get the following:
`I got a new hard drive just to hold my flag, but I'm afraid that it rotted. What do I do? The only thing I could get off of it was this: `
```
01000011010101000100011001111011010000100110100101110100010111110100011001101100011010010111000001110000011010010110111001111101
```
I tried to convert the given Binary text to ASCII.
#### Step-2:
I followed the URL: https://www.convertbinary.com/to-text/
I got the following result:
<img src="Covert.png">
Voila, we have it.
#### Step-3:
Finally the flag becomes:
`CTF{Bit_Flippin}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 506 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 441 KiB

View File

@ -0,0 +1,27 @@
## Substitution Cipher
The main idea finding the flag is using Substitution Cipher.
#### Step-1:
After downloading `Substitution.txt` from the cloud, we get the following data from it:
```
MIT YSAU OL OYGFSBDGRTKFEKBHMGCALSOQTMIOL. UTFTKAMTR ZB DAKQGX EIAOF GY MIT COQOHTROA HAUT GF EASXOF AFR IGZZTL. ZT CTKT SGFU, MIT YSACL GF A 2005 HKTLTFM MODTL MIAF LMADOFA GK A CTTQSB LWFRAB, RTETDZTK 21, 1989 1990, MIT RKTC TROMGKL CAL WHKGGMTR TXTKB CGKSR EAF ZT YGWFR MIT EGFMOFWTR MG CGKQ AM A YAOMIYWS KTHSOTL CITKT IGZZTL, LMBST AOD EASXOF, AMMAEQ ZGMI LORTL MG DAKQL, "CIAM RG EGFMKGSSOFU AF AEMWAS ZGAKR ZGVTL OF MIT HKTHAKTFML FADT, OL ODHWSLOXT KADHAUTL OF CIOEI ASCABL KTYTKTFETL MIT HALLCGKR, CIOEI DGFTB, AFR MITB IAR SOMMST YKGFM BAKR IOL YKWLMKAMTR EGSGK WFOJWT AZOSOMB COMI AFR OFROLHTFLAMT YGK MTAEI GMITK LMWROTL, AKT ACAKRL ZARUTL, HWZSOLITR ZTYGKT CTSS AL A YOKT UKGLL HSAFL CTKT GKOUOFASSB EIAKAEMTKL OF MIT LMKOH MG CIOEI LTTD MG OM CITF MTDHTKTR OF AFR IASSGCOFU MITB'KT LODHSB RKACOFU OF UOXTL GF" HKOFEOHAS LHOMMST ROLMGKM, KTARTKL EGDOEL AKT WLT, CAMMTKLGF MGGQ MCG 16-DGFMIL AYMTK KTLOLMAQTL A DGKT EKTAM RTAS MG EASXOF GYMTF IGZZTL MG ARDOML "LSODB, "ZWM OM'L FADTR A FOUIM GWM LIT OL HGOFM GY FGM LTTF IGZZTL MIT ZGGQL AM MIAM O KTDAOFOFU ZGGQ IADLMTK IWTB AKT AHHTAKAFET: RTETDZTK 6, 1995 DGD'L YKADTL GY EASXOF UOXTF A CAUGF, LGDTMODTL MIAM LG OM'L YAMITKT'L YADOSB FG EAFETSSAMOGFLIOH CAL HKTLTFML YKGD FGXTDZTK 21, 1985 SALM AHHTAK AZLTFET OF AFGMITKCOLT OM IAHHB MG KWF OM YGK MIOL RAR AL "A SOMMST MG MGSTKAMT EASXOF'L YADOSB RKACF ASDGLM EGDDTFRTR WH ZTOFU HTGHST OFLMAFET, UTM DAKKOTR ZB A RAFET EASXOF'L GWMSAFROLOFU MIT FTCLHAHTK GK MAZSGOR FTCLHAHTK ZWLOFTLL LIGC OL GF!" AFR LHKOFML GY EIOSRKTF'L RAR'L YKWLMKAMTR ZB MWKF IWDGK, CAL HWZSOE ROASGU MITKT'L FGM DWEI AL "'94 DGRTKFOLD" CAMMTKLGF IAL RTSOUIML GY YAFMALB SOYT CAMMTKLGF LABL LTKXTL AL AF AKMOLML OL RTLMKWEMOGF ZWLOFTLL, LHAETYAKTK GY MIT GHHGKMWFOMOTL BGW ZGMI A MGHOE YGK IOL IGDT MGFUWT-OF-EITTQ HGHWSAK MIAM OM CAL "IGF" AFR JWAKMTK HAUT DGKT LHAEOGWL EAFETSSAMOGF MIT HAOK AKT ESTAKSB OF HLBEIOE MKAFLDGUKOYOTK'L "NAH" LGWFR TYYTEM BGW MIOFQTK CAMMTKLGF ASLG UKTC OFEKTROZST LHAET ZWBL OF EGDDGFSB CIOST GMITKCOLT OM'L FADT OL FGMAZST LMGKBSOFT UAXT MIT GHHGKMWFOMOTL BGW EAFETSSAMOGF MIT "EASXOF GYYTK MG DAQT IOD OFEGKKTEM AFLCTKL CAMMTK AKMCGKQ GMITK GYMTF CIOEI OL TXORTFM MG GMITK LMKOH OL MG MITOK WLT GY KWSTL MIAM LIGCF GF LAFROYTK, CIG WLTL A EKGCJWOSS ZT LTTF "USWTR" MG MIT GFSB HTKL AFR IOL YAMITK LWHHGKM OL SWFEISOFT UAXT MITLT MIOF A BTAK OF DWSMODAMTKOAS AFR GZMAOF GF LAFMALB, IOL WLT, CAMMTKL ROASGUWT OL AF "AKMOLM'L LMAMWL AL "A ROD XOTC OF MIT TLLTFMOASSB MG DAQT IOD LTTD MG OFESWRTR MIAM EASXOF OL AF GRR ROASGUWT DGLM GY MIT ESWZ IAL TVHKTLLOGF GWMLORT AXAOSAZST MG
```
#### Step-2:
So, I tried to decode here: https://www.dcode.fr/monoalphabetic-substitution
My inputs are as follows:
<img src="Input.png">
#### Step-3:
I got the output as follows:
<img src="Flag.png">
There we have it. Our flag.
#### Step-4:
Finally the flag becomes:
`IFONLYMODERNCRYPTOWASLIKETHIS`

View File

@ -0,0 +1 @@
MIT YSAU OL OYGFSBDGRTKFEKBHMGCALSOQTMIOL. UTFTKAMTR ZB DAKQGX EIAOF GY MIT COQOHTROA HAUT GF EASXOF AFR IGZZTL. ZT CTKT SGFU, MIT YSACL GF A 2005 HKTLTFM MODTL MIAF LMADOFA GK A CTTQSB LWFRAB, RTETDZTK 21, 1989 1990, MIT RKTC TROMGKL CAL WHKGGMTR TXTKB CGKSR EAF ZT YGWFR MIT EGFMOFWTR MG CGKQ AM A YAOMIYWS KTHSOTL CITKT IGZZTL, LMBST AOD EASXOF, AMMAEQ ZGMI LORTL MG DAKQL, "CIAM RG EGFMKGSSOFU AF AEMWAS ZGAKR ZGVTL OF MIT HKTHAKTFML FADT, OL ODHWSLOXT KADHAUTL OF CIOEI ASCABL KTYTKTFETL MIT HALLCGKR, CIOEI DGFTB, AFR MITB IAR SOMMST YKGFM BAKR IOL YKWLMKAMTR EGSGK WFOJWT AZOSOMB COMI AFR OFROLHTFLAMT YGK MTAEI GMITK LMWROTL, AKT ACAKRL ZARUTL, HWZSOLITR ZTYGKT CTSS AL A YOKT UKGLL HSAFL CTKT GKOUOFASSB EIAKAEMTKL OF MIT LMKOH MG CIOEI LTTD MG OM CITF MTDHTKTR OF AFR IASSGCOFU MITB'KT LODHSB RKACOFU OF UOXTL GF" HKOFEOHAS LHOMMST ROLMGKM, KTARTKL EGDOEL AKT WLT, CAMMTKLGF MGGQ MCG 16-DGFMIL AYMTK KTLOLMAQTL A DGKT EKTAM RTAS MG EASXOF GYMTF IGZZTL MG ARDOML "LSODB, "ZWM OM'L FADTR A FOUIM GWM LIT OL HGOFM GY FGM LTTF IGZZTL MIT ZGGQL AM MIAM O KTDAOFOFU ZGGQ IADLMTK IWTB AKT AHHTAKAFET: RTETDZTK 6, 1995 DGD'L YKADTL GY EASXOF UOXTF A CAUGF, LGDTMODTL MIAM LG OM'L YAMITKT'L YADOSB FG EAFETSSAMOGFLIOH CAL HKTLTFML YKGD FGXTDZTK 21, 1985 SALM AHHTAK AZLTFET OF AFGMITKCOLT OM IAHHB MG KWF OM YGK MIOL RAR AL "A SOMMST MG MGSTKAMT EASXOF'L YADOSB RKACF ASDGLM EGDDTFRTR WH ZTOFU HTGHST OFLMAFET, UTM DAKKOTR ZB A RAFET EASXOF'L GWMSAFROLOFU MIT FTCLHAHTK GK MAZSGOR FTCLHAHTK ZWLOFTLL LIGC OL GF!" AFR LHKOFML GY EIOSRKTF'L RAR'L YKWLMKAMTR ZB MWKF IWDGK, CAL HWZSOE ROASGU MITKT'L FGM DWEI AL "'94 DGRTKFOLD" CAMMTKLGF IAL RTSOUIML GY YAFMALB SOYT CAMMTKLGF LABL LTKXTL AL AF AKMOLML OL RTLMKWEMOGF ZWLOFTLL, LHAETYAKTK GY MIT GHHGKMWFOMOTL BGW ZGMI A MGHOE YGK IOL IGDT MGFUWT-OF-EITTQ HGHWSAK MIAM OM CAL "IGF" AFR JWAKMTK HAUT DGKT LHAEOGWL EAFETSSAMOGF MIT HAOK AKT ESTAKSB OF HLBEIOE MKAFLDGUKOYOTK'L "NAH" LGWFR TYYTEM BGW MIOFQTK CAMMTKLGF ASLG UKTC OFEKTROZST LHAET ZWBL OF EGDDGFSB CIOST GMITKCOLT OM'L FADT OL FGMAZST LMGKBSOFT UAXT MIT GHHGKMWFOMOTL BGW EAFETSSAMOGF MIT "EASXOF GYYTK MG DAQT IOD OFEGKKTEM AFLCTKL CAMMTK AKMCGKQ GMITK GYMTF CIOEI OL TXORTFM MG GMITK LMKOH OL MG MITOK WLT GY KWSTL MIAM LIGCF GF LAFROYTK, CIG WLTL A EKGCJWOSS ZT LTTF "USWTR" MG MIT GFSB HTKL AFR IOL YAMITK LWHHGKM OL SWFEISOFT UAXT MITLT MIOF A BTAK OF DWSMODAMTKOAS AFR GZMAOF GF LAFMALB, IOL WLT, CAMMTKL ROASGUWT OL AF "AKMOLM'L LMAMWL AL "A ROD XOTC OF MIT TLLTFMOASSB MG DAQT IOD LTTD MG OFESWRTR MIAM EASXOF OL AF GRR ROASGUWT DGLM GY MIT ESWZ IAL TVHKTLLOGF GWMLORT AXAOSAZST MG

Binary file not shown.

After

Width:  |  Height:  |  Size: 52 KiB

View File

@ -0,0 +1,33 @@
## Vigenere Cipher
The main idea finding the flag is just having knowledge about Vigenere Cipher.
#### Step-1:
Its very easy if you have basic idea of Vigenere Cipher. If you don't know, please refer :
https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
So this is what is given in the message of challenge:
```
The vignere cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers based on the letters of a keyword.<br />
Im not sure what this means, but it was left lying around: blorpy
gwox{RgqssihYspOntqpxs}
```
#### Step-2:
One thing is important to know that Vigenere Cipher requires a <strong>key</strong> to decode any message.
I used this URL to decode my message and used given key as : `blorpy`
https://cryptii.com/
#### Step-3:
This was my output:
<img src="Flag.png">
That's it. That's our flag.
#### Step-4:
Finally the flag becomes:
`flag{CiphersAreAwesome}`

BIN
Forensics/07601/AGT.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 426 KiB

364
Forensics/07601/README.md Normal file
View File

@ -0,0 +1,364 @@
## 07601
The main idea finding the flag using basic forensics techniques.
#### Step-1:
After we download the given image `AGT.png` from the cloud, we just try simple techniques.
<img src="AGT.jpg">
#### Step-2:
I first tried a very basic `strings AGT.png` & `strings AGT.png | grep {`.
I got the following output, through which I came to know about existing hidden directories.
```
v{n,
n.l{
qYv{
,nO{
2[{oO
{^UH
i{WY*
ABCTF{fooled_ya_dustin}
{u4j,\
B-{4B
}UXG{
{`(k
cB{V,
7{Ul
{$48
~9{;b
ECG{~'8
{Rf:
M}fS{
{{*7'
cGc{qlt'5
DD2{
{f8-Z
{R[7
UJL{
ez {Rz
,K{^b
WL{?
1?{M
YJ{.
E{'+
ZQ9{
1{@S
\s{)
mDEH{
qz{*
{d"&
{QuH%
,97{{
.~>{
F{E`{;
46B{
Le*{
HrZl{T
^{K>
_4={
EHLl{V
{Wh>
{:4
B{Cl
g{:i
Z{e&
:{S/\
{:%|Ium#
_E{Wj
S{5U
S{Eh
r{}%
ht{{
;Xc{
ST{{
{>eG
2eN{
A{b5
wu{@
y.V{j0^
8~x{
{;F#
.{|6m
{%0[
{~u(
TB{b
i{Hhm
=Z{"4
v.aa{
j-@l{
DsB{
4{C$v`
"Y1!{I
B{^
X>{I
KNzO{
_I{[-
%{*e
B-{4B
}UXG{
{`(k
cB{V,
7{Ul
{$48
~9{;b
ECG{~'8
{Rf:
M}fS{
{{*7'
cGc{qlt'5
DD2{
{f8-Z
{R[7
UJL{
ez {Rz
,K{^b
WL{?
1?{M
YJ{.
E{'+
ZQ9{
1{@S
\s{)
mDEH{
qz{*
{d"&
{QuH%
,97{{
.~>{
F{E`{;
46B{
Le*{
HrZl{T
^{K>
_4={
EHLl{V
{Wh>
{:4
B{Cl
g{:i
Z{e&
:{S/\
{:%|Ium#
_E{Wj
S{5U
S{Eh
r{}%
ht{{
;Xc{
ST{{
{>eG
2eN{
A{b5
wu{@
y.V{j0^
8~x{
{;F#
.{|6m
{%0[
{~u(
TB{b
i{Hhm
=Z{"4
v.aa{
j-@l{
DsB{
4{C$v`
"Y1!{I
B{^
X>{I
KNzO{
_I{[-
%{*e
Dwnc{E
B-{4B
}UXG{
{`(k
cB{V,
7{Ul
{$48
~9{;b
ECG{~'8
{Rf:
M}fS{
{{*7'
cGc{qlt'5
DD2{
{f8-Z
{R[7
f{KR
,K{^b
WL{?
1?{M
YJ{.
E{'+
ZQ9{
1{@S
\s{)
mDEH{
qz{*
{d"&
{QuH%
,97{{
.~>{
F{E`{;
46B{
Le*{
HrZl{T
^{K>
_4={
EHLl{V
daIj{
fz{]
{gy5
i{1"Aj
rr@{
C_,{
WoIx{
<6\`{
%{-N(
|B{~
{t^l
dNDM'{
k/{|
{_ G
);bW{
?XG>z{
=k{-
{Y6g
K5g{2
mz{S
2eF{
{y4^(
GB{%
E{/Y
{p`w?
mE-{
~*{+
.{|6m
{%0[
{~u(
TB{b
i{Hhm
=Z{"4
v.aa{
j-@l{
DsB{
4{C$v`
"Y1!{I
B{^
X>{I
KNzO{
_I{[-
%{*e
```
#### Step-3:
I tried this `ABCTF{fooled_ya_dustin}` flag, but it showed incorrect. So let's explore the hidden folders.
#### Step-4:
I tried `binwalk -e AGT.png`. I get a new directory called `_AGT.png.extracted`. Let's get into this.
#### Step-5:
The contents of which are some of the images and directory. I directly, tried
`strings I Warned You.jpeg | grep {`
#### Step-6:
I got this output:
```
{P|I
{zRhc
{>ch
^|){O
rU<o{
R3w{x
o {p
=d{]i
w{3)Z:
uYz}{
{uBH
*}{MD
}"W{
:Ja{
.?{M$f
!0{8
{/!s
tM,o{
{tLL
q{dG
b[{MTF
{Y1W
ABCTF{Du$t1nS_D0jo}1r
1{wl
{Y,x
6fr{+
q{:zG
Nv{%M#
{+ -"
Qa{+
tx"{
{!f'WkQV
XUg{
!{;xV
?Khh{
w#{]U#
JGdD{n
W]L{`g
{Z.W\
r"w{
.$A{
)cn_P{V
b{5
:\7{{
gk{|(qwC
Vv{;t[Tjy#r
NR{{]
Pv{]JS
{'R-
${zT
Ac{*:]#
{Mj9
. 6{4
w{Y[8o
{zY\4
q{:g#g
roO{
F{Dfx$
mJ{#
OgRZho{
Ug3{x
'{u^n
b%{l^
r&*$b{
M|vMH{.
[R'{_
{P7v+
b{+W
/{+w
F{~aLVF
{:el
sIS{
8r:s{
I{M5
e%K#{
u5{1j
Bww{
{XW+
$v{/O
+6,{~aV
iNc{
{R8c
y)8{{0q
1{]'%<B
R{.x
{533
1{ue
:?{#&2B
{%c]2U
;#Y{
```
Luckily, here the flag worked.
#### Step-7:
Finally the flag becomes:
`ABCTF{Du$t1nS_D0jo}1r`

Binary file not shown.

After

Width:  |  Height:  |  Size: 41 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 262 KiB

View File

@ -0,0 +1,36 @@
## A CAPture of a Flag
The main idea finding the flag is exploring the given PCAP file in Wireshark.
#### Step-1:
After downloading `flag (4)` (a PCAP file) from the cloud, I directly opened it in Wireshark application.
For those, who are unaware om how to filter streams or use this application, please do your homework here:
https://www.wireshark.org/
#### Step-2:
I tried to check TCP stream for some clues and then I tried UDP streams for some clues. Finally, I used the filter to get only HTTP requests.
<img src="HTTP.png">
#### Step-3:
I went through all requests and this request caught my eye.
`247 2.270670 10.50.203.75 185.21.216.190 HTTP 504 GET /?msg=ZmxhZ3tBRmxhZ0luUENBUH0= HTTP/1.1 `
It has a Base64 encrypted message.
#### Step-4:
So finally, I decoded it online at: https://www.base64decode.org/
I got the flag there:
<img src="Base64.png">
Voila, we have it here.
#### Step-4:
Finally the flag becomes:
`flag{AFlagInPCAP}`

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 161 KiB

View File

@ -0,0 +1,32 @@
## Binwalk
The main idea finding the flag using Binwalk commands and its extensions.
#### Step-1:
After downloading `PurpleThing.jpeg` from the cloud, I tried `strings PurpleThing.jpeg | grep {`.
I couldn't find anything special.
#### Step-2:
So I tried `binwalk PurpleThing.jpeg` as the question suggests.
It showed me following output:
```
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 PNG image, 780 x 720, 8-bit/color RGBA, non-interlaced
41 0x29 Zlib compressed data, best compression
153493 0x25795 PNG image, 802 x 118, 8-bit/color RGBA, non-interlaced
```
Clearly, there is hidden data in there, let's extract that.
#### Step-3:
I input a command of `binwalk -D 'image:png' PurpleThing.jpeg` and I get a directory named `_PurpleThing.jpeg.extracted`.
The contents are different files. In it `25795.png` has the flag.
#### Step-4:
Finally the flag becomes:
`ABCTF{b1nw4lk_is_us3ful}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 39 KiB

View File

@ -0,0 +1,36 @@
## Digital Camouflage
The main idea finding the flag is Network Interception and some Crytographic Techniques.
#### Step-1:
After downloading `data.pcap` from the cloud, I directly opened it in Wireshark.
For those, who are unaware of how to use this tool for Network Interception, can refer here:
https://www.wireshark.org/
I tried to check the Hex Dump, but couldn't find something special.
#### Step-2:
So, I tried to check the TCP stream in different frames. For those, who are unaware on how to do this:
- Open `data.pcap` in Wireshark.
- In the filters, put on TCP and then Enter to get all the TCP traffic of the network.
<img src="TCP_Stream.png">
- I wanted to check each and every frame as question is somewhat hinting in that direction, so to check that, Analyse -> Follow -> TCP Stream
<img src="TCP_Stream_Eq_0.png">
- We can alter streams by changing the counter in bottom right corner.
- As I reached 3rd stream, I observed some credentials there.
<img src="TCP_Stream_Eq_3.png">
`userid=hardawayn&pswrd=UEFwZHNqUlRhZQ%3D%3D`
#### Step-3:
So, it is clear that password is Base64 encrypted and in web URLs, %3D is to be replaced by =.
So I tried to decode the Base64 encryption online at: https://www.base64decode.org/
<img src="Base64.png">
It had the flag in it. Voila.
#### Step-4:
Finally the flag becomes:
`PApdsjRTae`

Binary file not shown.

After

Width:  |  Height:  |  Size: 206 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 163 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 92 KiB

Binary file not shown.

View File

@ -0,0 +1,44 @@
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class Decryptor
{
public static final String FLAG = "S+kUZtaHEYpFpv2ixuTnqBdORNzsdVJrAxWznyOljEo=";
private static class Password
{
private byte[] passHash;
public Password(char[] pass) throws Exception
{
MessageDigest digest = MessageDigest.getInstance("SHA-256");
this.passHash = Arrays.copyOf(digest.digest(new String(pass).getBytes("UTF-8")), 16);
}
public byte[] encrypt(byte[] msg) throws Exception
{
SecretKeySpec spec = new SecretKeySpec(passHash, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, spec);
return cipher.doFinal(msg);
}
public byte[] decrypt(byte[] msg) throws Exception
{
SecretKeySpec spec = new SecretKeySpec(passHash, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, spec);
return cipher.doFinal(msg);
}
}
public static void main(String[] args) throws Exception
{
Password pass = new Password(System.console().readPassword("Enter password to decrypt flag: "));
System.out.println(new String(pass.decrypt(Base64.getDecoder().decode(FLAG.getBytes()))));
Thread.sleep(5000); //We did a heap dump right here.
}
}

View File

@ -0,0 +1,12 @@
## Dumpster
The main idea finding the flag is Java coding.
#### Step-1:
I tried hard to understand the question and solve it, but I couldn't do it, so I had to look up for writeup.
https://github.com/EladBeber/CTFlearn-Writeups/tree/master/Forensics/Medium/DUMPSTER
#### Step-2:
Finally the flag becomes:
`stCTF{h34p_6ump5_r_c00l!11!!}`

Binary file not shown.

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 54 KiB

62
Forensics/Exif/README.md Normal file
View File

@ -0,0 +1,62 @@
## Exif
The main idea finding the flag is to have Exiftool.
#### Step-1:
After I downloaded `Computer-Password-Security-Hacker - Copy.jpg`, I immediately tried to open it using Exiftool.
<img src="Computer-Password-Security-Hacker - Copy.jpg">
#### Step-2:
If you have some experience in CTF before, [Exiftool](https://exiftool.org/) is quite widely used. So I input `exiftool Computer-Password-Security-Hacker\ -\ Copy.jpg`
Output:
```bash
ExifTool Version Number : 11.88
File Name : Computer-Password-Security-Hacker - Copy.jpg
Directory : .
File Size : 54 kB
File Modification Date/Time : 2020:07:31 14:04:06+05:30
File Access Date/Time : 2020:07:31 14:04:06+05:30
File Inode Change Date/Time : 2020:07:31 14:04:06+05:30
File Permissions : rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.02
X Resolution : 100
Y Resolution : 100
Exif Byte Order : Big-endian (Motorola, MM)
Resolution Unit : None
Y Cb Cr Positioning : Centered
Exif Version : 0231
Components Configuration : Y, Cb, Cr, -
Flashpix Version : 0100
Owner Name : flag{3l1t3_3x1f_4uth0r1ty_dud3br0}
GPS Latitude Ref : South
GPS Longitude Ref : East
Quality : 60%
DCT Encode Version : 100
APP14 Flags 0 : [14], Encoded with Blend=1 downsampling
APP14 Flags 1 : (none)
Color Transform : YCbCr
Image Width : 660
Image Height : 371
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1)
Image Size : 660x371
Megapixels : 0.245
GPS Latitude : 77 deg 17' 2.62" S
GPS Longitude : 44 deg 4' 7.30" E
GPS Position : 77 deg 17' 2.62" S, 44 deg 4' 7.30" E
```
#### Step-3:
Voila! I got the flag there. I don't have any idea why this challenge was in hard.
#### Step-5:
Finally the flag becomes:
`flag{3l1t3_3x1f_4uth0r1ty_dud3br0}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.5 KiB

View File

@ -0,0 +1,143 @@
## Forensics 101
The main idea finding the flag using basic forensics training.
#### Step-1:
After we download the given image `95f6edfb66ef42d774a5a34581f19052.jpg` from the cloud, we just try simple techniques.
<img src="95f6edfb66ef42d774a5a34581f19052.jpg">
#### Step-2:
I first tried a very basic `strings 95f6edfb66ef42d774a5a34581f19052.jpg`
#### Step-3:
It just gave me this output:
```
JFIF
, #&')*)
-0-(0%()(
((((((((((((((((((((((((((((((((((((((((((((((((((
L?~f
:UwR
y>2|
*'?-
yhH_&
Lmz'
+f[
!"1$246B`35A
au>
~b*D
F_X:D
[ElC
him8
lr|.
L{2^
]]te
tBfE
j_s7Os/[i
W="'
"fkO
G&,ke:
eM_F
8O:J
9)/m>&
[P{!
}EI5#
a~Wt,1
]<e<
g:rc
"1Pa
ujM^P
P#3a
vFGO
ZniFi
%a ?}
2AQaq 0B#@r
\xr>
\37g
4=i#N
F:Jx
.`Ot
v[xU
|='u
{~T{@
LX.9
?mBx
L1QG
lIYB+
|] %
QTj?:
$*,-
pk4D
4R gX
$mmk
_QSK
b)^L
a[T=
mpj<N;
!1AQaq
x'<L
we|C{
iiR8
"'A*
aZ(4
cj}+
NL7'4
u-kF3n
x cd
s}F3_Y
$+Ym
zrsq
f}]@
L&/F
&F'$,
| *
ktWxn
yLX*s]
pT)J
eR-3
SG=3\Y
JK%0
h"(p
!01Q
%^cJ
H|cO
!10AQ
'([P
!1AQaq
s`%"
X`3d'
'P]!
;#_l
ABx=~
"r&"
0YAP
ch-h
XoXrl
l0Je
V^_W
xp7p
v{*{8
=k"$TW3G
1)j!
7y}U
<~0GD
n%CeoQ=m8
`"n<P
i}\D
X`(
8kF=
~9%]Tn
flag{wow!_data_is_cool}
$lqU
AG{u
Xm*CnC
@'hnQ
ax+p
bdQG
D_ O
```
#### Step-4:
Finally the flag becomes:
`flag{wow!_data_is_cool}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 70 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

View File

@ -0,0 +1,36 @@
## GandalfTheWise
The main idea finding the flag is XOR strings.
#### Step-1:
After downloading `Gandalf.jpg`, I tried `strings Gandalf.jpg` and got this output. These are initial strings embedded in Meta data of image.
```
JFIF
+Q1RGbGVhcm57eG9yX2lzX3lvdXJfZnJpZW5kfQo=
+xD6kfO2UrE5SnLQ6WgESK4kvD/Y/rDJPXNU45k/p
+h2riEIj13iAp29VUPmB+TadtZppdw3AuO7JRiDyU
...
```
#### Step-2:
I decrypted the 1<sup>st</sup> Base64 encrypted string i.e. `Q1RGbGVhcm57eG9yX2lzX3lvdXJfZnJpZW5kfQo=` at https://cryptii.com/.
<img src="String1.png">
It gives a false flag `CTFlearn{xor_is_your_friend}`, but on a brighter side it gives idea of XOR'ing the next 2 strings.
#### Step-3:
So, I decrypted remaining 2 strings to get hexadecimal texts because in that RFC, ASCII text isn't possible.
<img src="String2.png">
<img src="String3.png">
#### Step-4:
I XOR them online at: http://xor.pw/ to get the flag.
<img src="Flag.png">
#### Step-5:
Finally the flag becomes:
`CTFlearn{Gandalf.BilboBaggins}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 33 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 45 KiB

View File

@ -0,0 +1,101 @@
## Taking LS
The main idea finding the flag using simple Git commands to find hidden passwords and flag.
#### Step-1:
After we download the given zip `gitIsGood.zip` from the cloud, we just try simple techniques.
After we unzip, we get a directory called `gitisGood`.
#### Step-2:
I went into `gitisGood` directory and tried
`ls -al` command to get following output:
```
total 16
drwxr-xr-x 3 rishit rishit 4096 Oct 30 2016 .
drwxr-xr-x 3 rishit rishit 4096 Jul 10 16:43 ..
-rw-r--r-- 1 rishit rishit 15 Oct 30 2016 flag.txt
drwxr-xr-x 8 rishit rishit 4096 Oct 30 2016 .git
```
#### Step-3:
Next, I tried `cat flag.txt`, but seems like that flag `flag{REDACTED}` is incorrect.
#### Step-4:
So we try to explore the `.git` directory. Get into that directory to know the changes that were done on the `flag.txt`
#### Step-5:
I tried `git log` and came to know that the file was changed 3 times by the following output:
```
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:33:18 2016 -0400
Edited files
commit 195dd65b9f5130d5f8a435c5995159d4d760741b
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:32:44 2016 -0400
Edited files
commit 6e824db5ef3b0fa2eb2350f63a9f0fdd9cc7b0bf
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:32:11 2016 -0400
edited files
```
#### Step-6:
So to know the changes we need to add some additional flag and the command becomes:
`git log -p`
The output is as follows:
```
commit d10f77c4e766705ab36c7f31dc47b0c5056666bb (HEAD -> master)
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:33:18 2016 -0400
Edited files
diff --git a/flag.txt b/flag.txt
index 8684e68..c5250d0 100644
--- a/flag.txt
+++ b/flag.txt
@@ -1 +1 @@
-flag{protect_your_git}
+flag{REDACTED}
commit 195dd65b9f5130d5f8a435c5995159d4d760741b
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:32:44 2016 -0400
Edited files
diff --git a/flag.txt b/flag.txt
index c5250d0..8684e68 100644
--- a/flag.txt
+++ b/flag.txt
@@ -1 +1 @@
-flag{REDACTED}
+flag{protect_your_git}
commit 6e824db5ef3b0fa2eb2350f63a9f0fdd9cc7b0bf
Author: LaScalaLuke <lascala.luke@gmail.com>
Date: Sun Oct 30 14:32:11 2016 -0400
edited files
diff --git a/flag.txt b/flag.txt
new file mode 100644
index 0000000..c5250d0
--- /dev/null
+++ b/flag.txt
@@ -0,0 +1 @@
+flag{REDACTED}
```
#### Step-7:
Finally the flag becomes:
`flag{protect_your_git}`

Binary file not shown.

View File

@ -0,0 +1 @@
flag{REDACTED}

View File

@ -0,0 +1,112 @@
## Milk's Best Friend
The main idea finding the flag is to find the hidden files and apply basic forensics techniques.
#### Step-1:
After we download `oreo.jpg` from the cloud, I tried `strings oreo.jpg`, there I couldn't find the correct flag. So I tried for some hidden data in the image.
<img src="oreo.jpg">
#### Step-2:
I tried out `binwalk oreo.jpg` and got the following output:
```
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
9515 0x252B RAR archive data, version 4.x, first volume type: MAIN_HEAD
```
This clears that we have a RAR file inside the image.
#### Step-3:
To extract all, I used `binwalk -D oreo.jpg` and I got a directory `_oreo.jpg.extracted` at that location.
I checked its contents and it had a directory called `1` & a zip file `252B.rar`. I chose to explore `1` first.
#### Step-4:
In `1`, I got a file `a` & `b.jpg`. So my next instinct was to try out `strings b.jpg` and Voila it worked.
<img src="b.jpg">
I got the following output:
```
JFIF
"1$%)+...
383-7(-.+
%----------------------+----------------------+---7
!1AQqa
\5n`]
xsLy
.y fk
vSk:M
DzuMb
_NZ@
]ETyn
Xg3H
nBC_
]95r
C^^[p
Q`';
q`7'
\\o*
. &
04KZ
)Qc&
Q{k~
st&[
NW89
Lk$[
1Y79
a0\A
$;6g
%mG+$
DysM
2em7
6M>f
Ztn`$F
qUhTmjN
+67*
e6hi
0d$j
-ko)'
CH;^u
&Du=
$t$Lv
1/i
/1-6n
Gx#GA
M8n!
iT0?
kVI8
`.}v
gPl,c
bsDKw
O]=6V1
Rx|!
\l&>
!G=*
HSayi-9
#X3i
c>R2
$+cmk1
u|h]a
tEp#
&Z 2`
ZMmG
a;}V
{2sRpo7%V
0=Q-C:
[e[!A
|5xk
+NgU
;HO+dD
D272}
`h :
K`8m:-
Finally, flag{eat_more_oreos}
```
#### Step-5:
Finally the flag becomes:
`flag{eat_more_oreos}`

View File

@ -0,0 +1,3 @@
This is not the flag you are looking for.

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 16 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

View File

@ -0,0 +1,58 @@
## PikesPeak
The main idea finding the flag using simple forensic techniques.
#### Step-1:
After we download `PikesPeak.jpg`, we try to open and see the flag and check if we find any.
<img src="PikesPeak.jpg">
#### Step-2:
I tried simple techniques and easily found answer when we send the command:
`strings PikesPeak.jpg | grep {`
I and got this as output:
```
CTFLEARN{PikesPeak}
CTFLearn{Colorado}
%ctflearn{MountainMountainMountain}
#cTfLeArN{CTFMountainCTFmOUNTAIN}
CTF{AsPEN.Vail}
CTFlearn{Gandalf}
ctflearning{AUCKLAND}
ctfLEARN{MtDoom}
6ctflearninglearning{Mordor.TongariroAlpineCrossing}
+CTFLEARN{MountGedePangrangoNationalPark}
$ctflearncTfLeARN{MountKosciuszko}
{rof
#&f{
Y\GC{(
{r%681G
{t(@Q
{5$<
)%)`{
N{eI&
]N&{
NKxf{
K;{Dk
8pGM{
d=q{
|PV{
xw{1
#{;W
}s7h{
V{K[\d
b%\{%
```
#### Step-4:
I tried all the flags up there xP.
However one of them worked out.
#### Step-5:
Finally the flag becomes:
`CTFlearn{Gandalf}`

View File

@ -0,0 +1,106 @@
## Rubber Duck
The main idea finding the flag using easiest forensics techniques.
#### Step-1:
After we download `RubberDuck.jpg`, we try to open and see the flag and check if we find any.
<img src="RubberDuck.jpg">
#### Step-2:
I tried simple techniques and easily found answer when we send the command:
`strings RubberDuck.jpg | grep {`
Note: Although some general techniques also include `strings RubberDuck.jpg | grep flag` & `strings RubberDuck.jpg | grep ctf`.
#### Step-3:
We get the following output:
```
CTFlearn{ILoveJakarta}
e{8{"
i~{
S:{s
^{Ec
2\G;{J
s9y{x
]^y{
=\u^{F
-{~?
{VVj
)@{1
G-%#{
".k{;y;3
U{U_
Bu{S/
n{b/
T{#G
*H{cF:
oT{S
!yl[ru{
\{t|
"{x0
iE7q,4${
Or/hr{
{c8w
{Qjjr
NYY,{
=F{?a
z{x^
q{X4
V{2n
`pY{
#:J^Z{
f{'z
{|D7
{43P
${X<a`
<H{OH
F{UbP
rjM#{+
Op{K
sp{A:`
bMm{e
u#y{g
jG\{
Q{Io
l{y
9{Df
Yc{6
d9};{7
i:{#
{nh|q$7/
F#({4
o=#}0^{
Qx{M
{{~eG
{%.xp
c{Efeqf
QS]{
~{YE
1J{y
kQ.{
I{n1
+?y{c
\{@Q
_d9{
PA{h
{C)r
QI{)A
{@<J
:{!?
h%7{
v/Y{
e*P{
{b_&
TAr{
@{R#eq
+l?{
sPUj{t
{ Q`_
```
#### Step-4:
Finally the flag becomes:
`CTFlearn{ILoveJakarta}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 192 KiB

File diff suppressed because one or more lines are too long

Binary file not shown.

After

Width:  |  Height:  |  Size: 103 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 103 KiB

Binary file not shown.

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 102 KiB

Binary file not shown.

View File

@ -0,0 +1,40 @@
## Taking LS
The main idea finding the flag using simple LS commands to find hidden passwords and flag.
#### Step-1:
After we download the given zip `The Flag.zip` from the cloud, we just try simple techniques.
After we unzip the 2 folders in it, we get 2 directories named `__MACOSX` & `The Flag`.
#### Step-2:
I went into `The Flag` directory and tried
`ls -al` command to get following output:
```
total 40
drwxr-xr-x 3 rishit rishit 4096 Oct 30 2016 .
drwxr-xr-x 4 rishit rishit 4096 Jul 10 16:13 ..
-rw-r--r-- 1 rishit rishit 6148 Oct 30 2016 .DS_Store
-rw-r--r-- 1 rishit rishit 16647 Oct 30 2016 'The Flag.pdf'
drwxr-xr-x 2 rishit rishit 4096 Oct 30 2016 .ThePassword
```
Note: `The Flag.pdf` is password protected.
We need to retrieve the password.
#### Step-3:
Next, I got into `.ThePassword` directory and tried `ls` command to get this:
```
ThePassword.txt
```
#### Step-4:
Let's do a `cat ThePassword.txt` to get the Password.
`Nice Job! The Password is "Im The Flag".`
#### Step-5:
Let's try this password on `The Flag.pdf` and its works!
#### Step-7:
Finally the flag becomes:
`ABCTF{T3Rm1n4l_is_C00l}`

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,387 @@
## The Keymaker
The main idea finding the flag using some forensics and Crypto concepts.
#### Step-1:
After we download `The-Keymaker.jpg`, we try to open and see the flag and check if we find any.
<img src="The-Keymaker.jpg">
#### Step-2:
I tried simple techniques and easily found answer when we send the command:
`strings PikesPeak.jpg`
I and got this as output:
```
JFIF
CTFlearn{TheKeymakerIsK00l}
b3BlbnNzbCBlbmMgLWQgLWFlcy0yNTYtY2JjIC1pdiBTT0YwIC1LIFNPUyAtaW4gZmxhZy5lbmMg
LW91dCBmbGFnIC1iYXNlNjQKCml2IGRvZXMgbm90IGluY2x1ZGUgdGhlIG1hcmtlciBvciBsZW5n
dGggb2YgU09GMAoKa2V5IGRvZXMgbm90IGluY2x1ZGUgdGhlIFMwUyBtYXJrZXIKCg==
CmmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY
, #&')*)
-0-(0%()(
((((((((((((((((((((((((((((((((((((((((((((((((((
RR=,Q
)n}}
ZY&H
1(m{iR
!AE3
J/>E
]m4us
/fuY
*0W[
YDkR&
-(ah!
X*EY#
}up07%
FPvV
[T);
uZD
[vK4
O>a\U
L.dY[
KK$h
Xn6<|
_@[O
+$KIQ;
A7~B.A]B
l-nvQ
i+2n
+K0x
{b:W
h4Yf7s;
1RTI
ZR^C
[Yf#r
U]+U4
{5}n
%SAL
IJ4\7
>_@M=<b
F*%J
X\lp
f=+kn9
e+^@
S`=+
JZ$D
W,C;
Se=I
!I7$/
?\UIn
Jjm.
Kn/ql>#'o
F\z>y
npU7
{D[i
-:*C
-;5r
%Ciw
V],Is
,I ~
hE#Q
2jz/(
itO,
er.](
sj9d
biF:
o~19F.-
m.uX,rzB.
PI8xc
MR,(_T`
|;jOoS$
jJ7e
'Y$]
znRK
C$+8
,!~th}
7nS*
~pE=
dMh&
KsHw
QTHZ
S-~u=
:RB9uFr
ER #
A-.kx%
/qm_,FZN
j#2*
@,T[{
Ksri
6kYB
1u23
e%I/Q
%fJm
tM:v
M+I<M
)!U5
@e%H
tHrw
U_G_
^m4B
ue:E
gR/.
6b !v
*-40E-S
;`)FN
MU.KN
JN%F
+%MD3E*M*K
`W)'
Q$04
:IpKI^2
5ev$o
CRb4
fS|<`S
iMD1RT
`bX>
yU^[K
NAP_r
WFZN
iU_=B
jwX
R=:F
2g4m
Vu=9
&jHj
Q,h6>
$j`7
xTGP
Y]MZ
KQ--
CH:T
8hGt{
%)tG
'*Z`
BQZ1
aQY&^
pl}(N
K[_MBFZ
IM!Q
TZiQ
<h5!I
NNAwM
`JQ%$ut
"Uid1
U59m8S
4;Lup
PD4GO
r*TU
po~7
o},}
yQe!_
&3:E
!+E,
#9g |
E=_e*h
9A"O
:4P_2
(:k,
9id$I
05An
YfqT
IW]CQOB
RW^&
$)<0
8QoQ[
-l/|
l,nB
~xx)(
@Art
h+s\
d9>aUQqU
M9S\
3eA,
S\q0
A6;x
bU4u
LoIR
%)5&
w#X
5B7Q
AEO*UH
~IN{
P56c]B:
&PdR
Uw[s}
&&#{
{q|,t
_[WV%
(Bm,
/jDh
U$t.
%aUX
8}WSSf
TRg4b
bUbs
-9J1Q
2*et
GSJL&
nHym
JQ9mE
SWQ+
T}6_
U)SB|K
*j`i+
YuFqS
]GMm
T#>_C
M$4u'
qwWK
OVnF
.HBm~
SFw$
pRrT
$iY@0
T%X
Hg%!`
HUtz
^Pw'
Qtm2U
9_LW
&WHh
^?l_
DUPv
e-%Q
T$NA
#3Lf
LqV-
|uY%j
\Xsl
Wmz}B
P0se
:^u.
-[-,3
iceW
IuvC
A`.
K$YlO
plqx
!hAq
;[H$
VIA$
uacp
K?/ht
Qi%@\
C"V4OK
[QY#
gRKCRY
/b6+
7$JI
M^eQ
9k"c"@
`} l
-Q42
F6ui*E
#Tj(
%%Na
;Q9\
1@_},C
+=E=B
6zzy"
h{!"
olNj
Wc$TY}fT
STjfD
/#gNC
uV_C[)
n,Bj
?dy[
LT}T
jcHB
T7QV
*(N\
GVi9NV
)i"U
DZ_H
-;'Q
P,ZA
m~|b5r@
()*^
,B^7
u'wI
M=k"
1OQv6
iNSJ
M9c&
_QM]
WGlll-r
s4 4
\o|w
WSM)e
Pwhj
jzw.
u4tU9
&YL K1S
?BlF:c
Qmt@*
iY]9
#m#"6
PEP@
mrpV
```
#### Step-4:
Try the flag and it is incorrect. Now the following part looks like Base64 encryption:
```
b3BlbnNzbCBlbmMgLWQgLWFlcy0yNTYtY2JjIC1pdiBTT0YwIC1LIFNPUyAtaW4gZmxhZy5lbmMg
LW91dCBmbGFnIC1iYXNlNjQKCml2IGRvZXMgbm90IGluY2x1ZGUgdGhlIG1hcmtlciBvciBsZW5n
dGggb2YgU09GMAoKa2V5IGRvZXMgbm90IGluY2x1ZGUgdGhlIFMwUyBtYXJrZXIKCg==
```
When we decode it online, we get the following:
```
openssl enc -d -aes-256-cbc -iv SOF0 -K SOS -in flag.enc -out flag -base64
iv does not include the marker or length of SOF0
key does not include the S0S marker
```
#### Step-5:
This is a hint, the flag is encoded with AES-256-CBC, then we need to find 128 bits of _iv_ and 256 bits of _key_ to decode and find the flag.
#### Step-6:
Open the image with hex editor, we find SOF0 with `0xff` `0xc0`, the length of SOF0 is `0x00` `0x11`.
If you don't have idea of mark identifiers of an image, refer below:
http://vip.sugovica.hu/Sardi/kepnezo/JPEG%20File%20Layout%20and%20Format.htm
Then, the _iv_ is: `0800be00c803011100021101031101ff`
#### Step-7:
We find S0S with `0xff` `0xda`, the _key_ is:
`000c03010002110311003f00f9766bfc44beda8f3f5c031b92cb0e92d6bdc952`
#### Step-8:
We have a comment left, this is the encoded flag:
`mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY`
#### Step-9:
According to the command, input we need to create a `flag.enc` which includes the above comment.
So, finally the contents of flag.enc become : `mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY`
#### Step-10:
According to previous given Base64 decryption, we have put the following command:
`openssl enc -d -aes-256-cbc -iv 0800be00c803011100021101031101ff -K 000c03010002110311003f00f9766bfc44beda8f3f5c031b92cb0e92d6bdc952 -in flag.enc -out flag -base64`
#### Step-11:
This will create a file `flag` in the same directory and then we can read the contents by just `cat flag`
#### Step-12:
Finally the flag becomes:
`CTFlearn{Ne0.TheMatrix}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 20 KiB

View File

@ -0,0 +1 @@
CTFlearn{Ne0.TheMatrix}

View File

@ -0,0 +1 @@
mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY

Binary file not shown.

After

Width:  |  Height:  |  Size: 318 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 420 KiB

View File

@ -0,0 +1,35 @@
## The adventures of Boris Ivanov. Part 1.
The main idea finding the flag is to tangle image RGB filters with Stegsolver.
#### Step-1:
After downloading `Boris_Ivanov_1.jpg` from the cloud, I tried all basic Forensics Techniques, but I got nothing.
<img src="Boris_Ivanov_1.jpg">
NULL. NATA. ZIP.
#### Step-2:
I tried to use the Stegsolver application. For those who don't have it, can get the script from here:
https://github.com/zardus/ctf-tools/tree/master/stegsolve
After installation is complete, running `./stegsolver.jar` will launch the application.
#### Step-3:
After reading the challenge again and again we can notice the word KGB may bay relate to Steganography by RGB.
In Stegsolver, there are 1000 offsets possible.
#### Step-4:
Luckily, after analyzing the image, I started to filter backwards and got flag at <strong>898</strong> offset.
I got the flag there.
<img src="Flag.png">
#### Step-5:
Finally the flag becomes:
`flag{d0nt_m3s5_w1th_th3_KGB}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 82 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 45 KiB

View File

@ -0,0 +1,280 @@
## Up For A Little Challenge?
The main idea finding the flag is to consecutively use Forensics commands.
#### Step-1:
After we download `Begin Hack.jpg` from the cloud, we try to understand what is the content. <br>
<img src="Begin Hack.jpg">
#### Step-2:
Then I tried `strings Begin hack.jpg` and got the following output:
```
JFIF
Exif
8Photoshop 3.0
8BIM
8BIM
S@%c
&T6d
'E7e
()*89:HIJWXYZghijwxyz
0"2Q
3#aB
c6p&ET
()*789:FGHIJUVWXYZdefghijstuvwxyz
mQ15
TLMm
[m[mQ15
*tMD
"k4J
Rs]n
<zbpM
;ELN
*gEN
=a?6m
bj'j
:5LN
[m[m[mZ4
_|RW
zgm19
-{{?_
:UWXV
A_~{
[mRQ.
MtMm
_b|g
)bum
Q;TLMm
j&5i
\_s5sH
mQ:j6
mQ15
[mFw\j
y0X,
Yyrx
iKJ
DC(jC)dwC
?HxC
Cl|G
/sPj
MJ,h`
550]
4KvwUp
QYj,
n7~$N[$
-g0L
Gmu5
i*iSJ
]ZIsk
g<W1M
LE4l^\
wdc.)
:}^Xs
ML ~
1bdM;V
Lub
%)p_
d(3D
gqm6
[y|7
Qoq-
)kAO
j.YJ
t)9m
U>iy
}p.<E1
.Xm5
Yu>6p
_f;>Yd$W
&MBo
X?$6
bjCL
k)p$
W&YL
19b$
^8/_
l',r
%pRG
H4\p
R/C,^
7l#Y
Oi?h
w +V
|^7V*
QXmG5_?
/E'C
.$%er
o%))
:?ab
y+q\
5O9e?%j?
_&j"
1,G$+
CS@?
*zHr
Z#8CLQ_$#
1exh
1yjyw(
'Trj
`- https://mega.nz/#!z8hACJbb!vQB569ptyQjNEoxIwHrUhwWu5WCj1JWmU-OFjf90Prg -N17hGnFBfJliykJxXu8 -
=u}B
{Y4B
R_:/
/bTK
T8(w
}SPF*
.YRi,
m%<p
7<S:
CdRR
5Ol=
7Ge'
!1AQaq
0@P`p
rK2*
=611y
*E%9
M`H0X_
_W]y
!{u~
$V/
r%LL
;3;;
vj54
=}pW
5p^-
?s$X0?]
4@a4
=reg#
9*fL'
Mp real_unlock_key: Nothing Is As It SeemsU
~t>?
pb}X8a
;>)I$
A16hM
O9]F
K_Es
OQcc
{8OI
<T|pF
t<?EK*
)#0=n
b_74
^x<sN
1u{k
Nitr
b9R6
(Q{T
F>_
bK(1
c <AI<a
JxAD
AQa q
0@P`p
]!ql>
-L_Q
c<gg
c='I
_l2A5
5~Fh
89]M}+
^Jx(
)_4b
LQ")
zy=>
n66k
NuHPO
;(hO
+vU8*
+CL@
NiiJo
"Y#).3
kw]}
1|yq
UB!1/OV1
nt }
0+<$<
:Rgh
Qo"P
?a>^
)gN0e&W
Xzbg
T 7JA
bZ<R
N: r@
%r",r
#=#
U@!e
H/ga
8HK/
iPi5
|XPr
yJ6P
KeMLx
bQvs
MSU}
"*OL
Y@dmf
J\yE
%PEuW
yDYUE
password: Really? Again
3oC=
S MWX
lwPBj
XR0W'
@t-%
flag{Not_So_Simple...}
?@};
7b,,*
W*)^
#zZ&
Oqq
uS%f
yB1+!
w)% >
y:O @
tt'8
1F?jn
;'"K
|q=_
=U$a
FS `
8nzo a~
Trqe@
(~CK9&
Jq$?
@a:O>
ea!%!
e$Ef
yQ(u$65
4"<
s^)V
```
#### Step-3:
This output has opened a lot of gateways for us to explore. So let's try to visit the URL given to us:
https://mega.nz/file/z8hACJbb#vQB569ptyQjNEoxIwHrUhwWu5WCj1JWmU-OFjf90Prg
We get a new zip file there named `Up For A Little Challenge.zip`.
#### Step-4:
After we unzip and try to find content (including all hidden files, by `ls -al`), I found the directory `Did I Forget Again?` and in that I found an image and another compressed file called `.Processing.cerb4`.
#### Step-5:
When I tried to unzip it, I found an image `skycoder.jpg` which was encrypted.
This is the time you have to be little smart and try the password from given things only. I tried to search above strings search and found password there: `Nothing Is As It Seems`.
#### Step-6:
Finally we get this image. Flag is right bottom corner.
<a href="https://ibb.co/3pb7kpN"><img src="https://i.ibb.co/HtyVXtz/skycoder.jpg" alt="skycoder" border="0"></a>
#### Step-7:
Finally the flag becomes:
`flag{hack_complete}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 101 KiB

Some files were not shown because too many files have changed in this diff Show More