Added CTFlearn writeups
|
@ -0,0 +1,15 @@
|
||||||
|
## Favorite Color
|
||||||
|
The main idea finding the flag is exploiting the Buffer Overflow of the Binary file.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After logging into the remote access with `ssh color@104.131.79.111 -p 1001` and password as `guest`,
|
||||||
|
my system got completely crashed due to several DDoS attacks. So, I directly looked up for solution and understood from there.
|
||||||
|
|
||||||
|
https://www.embeddedhacker.com/2020/01/hacking-walkthrough-ctflearn-binary-medium/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{c0lor_0f_0verf1ow}`
|
After (image error) Size: 45 KiB |
|
@ -0,0 +1,22 @@
|
||||||
|
## Lazy Game Challenge
|
||||||
|
The main idea finding the flag is thinking differently to break the logic in binary file.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After pwning into the given machine: `nc thekidofarcrania.com 10001`, we are asked to play a betting game.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I input <strong>Y</strong> and proceed to see the game. According to given scenario, I seemed to lose every bet of 100$. So I had to do something differently.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
This time I placed a bet of a hefty number like 1000000$ which I didn't even possess. I spit out errors. :(
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
But the main idea in pwning lies in abnormal thinking and that's where you focus. I tried out negative number this time for the bet like -100000$. I still could play, it shows there was a program logic flaw there.
|
||||||
|
|
||||||
|
Now I went wild to give all numbers (which I had to guess below 10) greater than 10. Finally it gave me flag.
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTFlearn{d9029a08c55b936cbc9a30_i_wish_real_betting_games_were_like_this!}`
|
|
@ -0,0 +1,14 @@
|
||||||
|
import numpy as np
|
||||||
|
|
||||||
|
arr = np.arange(65,90).reshape(5, 5) # Array of alphabet
|
||||||
|
arr = np.where(arr <75, arr, arr+1) # Array without 'K'
|
||||||
|
|
||||||
|
cells = ["1-3","4-4","2-1","{","4-4","2-3","4-5","3-2","1-2","4-3","_","4-5","3-5","}"]
|
||||||
|
for i in cells:
|
||||||
|
if(ord(i[0])>=48 and ord(i[0])<=57):
|
||||||
|
x=int(i[0])-1
|
||||||
|
y=int(i[2])-1
|
||||||
|
print(chr(arr[x][y]),end="")
|
||||||
|
else:
|
||||||
|
print(i[0],end="")
|
||||||
|
print("\n")
|
|
@ -0,0 +1,47 @@
|
||||||
|
## 5x5 Crypto
|
||||||
|
The main idea finding the flag is by simple pairs.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After reading the given text:
|
||||||
|
|
||||||
|
`Ever heard of the 5x5 secret message system? If not, basically it's a 5x5 grid with all letters of the alphabet in order, without k because c is represented to make the k sound only. Google it if you need to. A letter is identified by Row-Column. All values are in caps. Try: 1-3,4-4,2-1,{,4-4,2-3,4-5,3-2,1-2,4-3,_,4-5,3-5,}`
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
So, basically the table is:
|
||||||
|
|
||||||
|
<img src="Table.png">
|
||||||
|
|
||||||
|
We can decode the message according to given inputs in message above to get the flag.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
Instead I wrote a `Flag.py` script to get the flag.
|
||||||
|
|
||||||
|
```
|
||||||
|
import numpy as np
|
||||||
|
|
||||||
|
arr = np.arange(65,90).reshape(5, 5) # Array of alphabet
|
||||||
|
arr = np.where(arr <75, arr, arr+1) # Array without 'K'
|
||||||
|
|
||||||
|
cells = ["1-3","4-4","2-1","{","4-4","2-3","4-5","3-2","1-2","4-3","_","4-5","3-5","}"]
|
||||||
|
for i in cells:
|
||||||
|
if(ord(i[0])>=48 and ord(i[0])<=57):
|
||||||
|
x=int(i[0])-1
|
||||||
|
y=int(i[2])-1
|
||||||
|
print(chr(arr[x][y]),end="")
|
||||||
|
else:
|
||||||
|
print(i[0],end="")
|
||||||
|
print("\n")
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
If we execute this script by `python3 Flag.py`, I got the following output:
|
||||||
|
|
||||||
|
```
|
||||||
|
CTF{THUMBS_UP}
|
||||||
|
|
||||||
|
```
|
||||||
|
#### Step-5:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTF{THUMBS_UP}`
|
After (image error) Size: 10 KiB |
|
@ -0,0 +1,29 @@
|
||||||
|
## ALEXCTF CR2: Many time secrets
|
||||||
|
The main idea finding the flag is decomposing the Hex dump and finding the public key.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `msg(4)` from the cloud, we get the following data.
|
||||||
|
|
||||||
|
`0529242a631234122d2b36697f13272c207f2021283a6b0c79082f28202a302029142c653f3c7f2a2636273e3f2d653e25217908322921780c3a235b3c2c3f207f372e21733a3a2b37263b3130122f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d283f652c2b31661426292b653a292c372a2f20212a316b283c0929232178373c270f682c216532263b2d3632353c2c3c2a293504613c37373531285b3c2a72273a67212a277f373a243c20203d5d
|
||||||
|
243a202a633d205b3c2d3765342236653a2c7423202f3f652a182239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c263e203d63232f0f20653f207f332065262c31683137223679182f2f372133202f142665212637222220733e383f2426386b`
|
||||||
|
|
||||||
|
Working out:
|
||||||
|
https://youtu.be/p4DIab6NKOY?t=307
|
||||||
|
|
||||||
|
The link for this tool is below:
|
||||||
|
https://github.com/SpiderLabs/cribdrag
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
|
||||||
|
I didn't have complete idea on proceeding on this challenge, so I took help from online and got this.
|
||||||
|
|
||||||
|
https://youtu.be/p4DIab6NKOY?t=307
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
Alternatively, same flag can be approached in another way also.
|
||||||
|
|
||||||
|
https://www.embeddedhacker.com/2020/01/hacking-walkthrough-ctflearn-crypto-medium/
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`ALEXCTF{HERE_GOES_THE_KEY}`
|
|
@ -0,0 +1,104 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
|
||||||
|
##########################
|
||||||
|
# cribdrag - An interactive crib dragging tool
|
||||||
|
# Daniel Crowley
|
||||||
|
# Copyright (C) 2013 Trustwave Holdings, Inc.
|
||||||
|
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
|
||||||
|
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||||
|
# You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
##########################
|
||||||
|
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import re
|
||||||
|
import argparse
|
||||||
|
|
||||||
|
def sxor(ctext,crib):
|
||||||
|
# convert strings to a list of character pair tuples
|
||||||
|
# go through each tuple, converting them to ASCII code (ord)
|
||||||
|
# perform exclusive or on the ASCII code
|
||||||
|
# then convert the result back to ASCII (chr)
|
||||||
|
# merge the resulting array of characters as a string
|
||||||
|
results = []
|
||||||
|
single_result = ''
|
||||||
|
crib_len = len(crib)
|
||||||
|
positions = len(ctext)-crib_len+1
|
||||||
|
for index in xrange(positions):
|
||||||
|
single_result = ''
|
||||||
|
for a,b in zip(ctext[index:index+crib_len],crib):
|
||||||
|
single_result += chr(ord(a) ^ ord(b))
|
||||||
|
results.append(single_result)
|
||||||
|
return results
|
||||||
|
|
||||||
|
def print_linewrapped(text):
|
||||||
|
line_width = 40
|
||||||
|
text_len = len(text)
|
||||||
|
for chunk in xrange(0,text_len,line_width):
|
||||||
|
if chunk > text_len-line_width:
|
||||||
|
print str(chunk) + chr(9) + text[chunk:]
|
||||||
|
else:
|
||||||
|
print str(chunk) + chr(9) + text[chunk:chunk+line_width]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description='cribdrag, the interactive crib dragging script, allows you to interactively decrypt ciphertext using a cryptanalytic technique known as "crib dragging". This technique involves applying a known or guessed part of the plaintext (a "crib") to every possible position of the ciphertext. By analyzing the result of each operation and the likelihood of the result being a successful decryption based on the expected format and language of the plaintext one can recover the plaintext by making educated guesses and adaptive application of the crib dragging technique.')
|
||||||
|
parser.add_argument('ciphertext', help='Ciphertext, encoded in an ASCII hex format (ie. ABC would be 414243)')
|
||||||
|
parser.add_argument('-c', '--charset', help='A regex-style character set to be used to identify best candidates for successful decryption (ex: for alphanumeric characters and spaces, use "a-zA-Z0-9 ")', default='a-zA-Z0-9.,?! :;\'"')
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
ctext = args.ciphertext.decode('hex')
|
||||||
|
ctext_len = len(ctext)
|
||||||
|
display_ctext = "_" * ctext_len
|
||||||
|
display_key = "_" * ctext_len
|
||||||
|
|
||||||
|
charset = '^['+args.charset+']+$'
|
||||||
|
|
||||||
|
response = ''
|
||||||
|
|
||||||
|
while response != 'end':
|
||||||
|
print "Your message is currently:"
|
||||||
|
print_linewrapped(display_ctext)
|
||||||
|
print "Your key is currently:"
|
||||||
|
print_linewrapped(display_key)
|
||||||
|
|
||||||
|
crib = raw_input("Please enter your crib: ")
|
||||||
|
crib_len = len(crib)
|
||||||
|
|
||||||
|
results = sxor(ctext, crib)
|
||||||
|
results_len = len(results)
|
||||||
|
|
||||||
|
#Generate results
|
||||||
|
for result_index in xrange(results_len):
|
||||||
|
if (re.search(charset,results[result_index])):
|
||||||
|
print '*** ' + str(result_index) + ': "' + results[result_index] + '"'
|
||||||
|
else:
|
||||||
|
print str(result_index) + ': "' + results[result_index] + '"'
|
||||||
|
|
||||||
|
response = raw_input("Enter the correct position, 'none' for no match, or 'end' to quit: ")
|
||||||
|
|
||||||
|
#Replace part of the message or key
|
||||||
|
try:
|
||||||
|
response = int(response)
|
||||||
|
if (response < results_len):
|
||||||
|
message_or_key = ''
|
||||||
|
while (message_or_key != 'message' and message_or_key != 'key'):
|
||||||
|
message_or_key = raw_input("Is this crib part of the message or key? Please enter 'message' or 'key': ")
|
||||||
|
if(message_or_key == 'message'):
|
||||||
|
display_ctext = display_ctext[:response] + crib + display_ctext[response+crib_len:]
|
||||||
|
display_key = display_key[:response] + results[response] + display_key[response+crib_len:]
|
||||||
|
elif(message_or_key == 'key'):
|
||||||
|
display_key = display_key[:response] + crib + display_key[response+crib_len:]
|
||||||
|
display_ctext = display_ctext[:response] + results[response] + display_ctext[response+crib_len:]
|
||||||
|
else:
|
||||||
|
print 'Invalid response. Try again.'
|
||||||
|
|
||||||
|
except ValueError:
|
||||||
|
if (response == 'end'):
|
||||||
|
print "Your message is: " + display_ctext
|
||||||
|
print "Your key is: " + display_key
|
||||||
|
elif (response == 'none'):
|
||||||
|
print "No changes made."
|
||||||
|
else:
|
||||||
|
print "Invalid entry."
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
0529242a631234122d2b36697f13272c207f2021283a6b0c7908
|
||||||
|
2f28202a302029142c653f3c7f2a2636273e3f2d653e25217908
|
||||||
|
322921780c3a235b3c2c3f207f372e21733a3a2b37263b313012
|
||||||
|
2f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d
|
||||||
|
283f652c2b31661426292b653a292c372a2f20212a316b283c09
|
||||||
|
29232178373c270f682c216532263b2d3632353c2c3c2a293504
|
||||||
|
613c37373531285b3c2a72273a67212a277f373a243c20203d5d
|
||||||
|
243a202a633d205b3c2d3765342236653a2c7423202f3f652a18
|
||||||
|
2239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c
|
||||||
|
263e203d63232f0f20653f207f332065262c3168313722367918
|
||||||
|
2f2f372133202f142665212637222220733e383f2426386b
|
After (image error) Size: 47 KiB |
|
@ -0,0 +1,20 @@
|
||||||
|
## Base 2 2 the 6
|
||||||
|
The main idea finding the flag is $2^6$ = 64.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we read the message given,
|
||||||
|
|
||||||
|
`Q1RGe0ZsYWdneVdhZ2d5UmFnZ3l9`
|
||||||
|
|
||||||
|
It is clearly Base64 encrypted.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I tried to decode it online here: https://www.base64decode.org/
|
||||||
|
|
||||||
|
I got the following result:
|
||||||
|
|
||||||
|
<img src="Decode.png">
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTF{FlaggyWaggyRaggy}`
|
After (image error) Size: 246 KiB |
After (image error) Size: 172 KiB |
|
@ -0,0 +1,26 @@
|
||||||
|
## BruXOR
|
||||||
|
The main idea finding the flag is XOR Bruteforce.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After reading the message in the question,
|
||||||
|
|
||||||
|
`There is a technique called bruteforce. Message: q{vpln'bH_varHuebcrqxetrHOXEj No key! Just brute .. brute .. brute ... :D`
|
||||||
|
|
||||||
|
|
||||||
|
The first thing I searched online was XOR Bruteforce and I got some helpful results.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I followed the URL: https://www.dcode.fr/xor-cipher
|
||||||
|
|
||||||
|
Since in the message, it is clearly that there is no key, my inputs were as follows: (Only Bruteforce xP)
|
||||||
|
|
||||||
|
<img src="Input.png">
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
After decrypting, we get the following results, amidst which I found the flag.
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{y0u_Have_bruteforce_XOR}`
|
|
@ -0,0 +1,16 @@
|
||||||
|
## Character Encoding
|
||||||
|
The main idea finding the flag using simple Hex to text conversion.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
Generally, I don't criticize any challenge, but this one crossed limits. It was too Ez. xP.
|
||||||
|
|
||||||
|
We have been given simple Hex code: `41 42 43 54 46 7B 34 35 43 31 31 5F 31 35 5F 55 35 33 46 55 4C 7D`
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
Convert it online here to text:
|
||||||
|
http://www.unit-conversion.info/texttools/hexadecimal/
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`ABCTF{45C11_15_U53FUL}`
|
|
@ -0,0 +1,29 @@
|
||||||
|
## Hextroadinary
|
||||||
|
|
||||||
|
The main idea finding the flag is to read the question properly and interpret.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
|
||||||
|
After we read the given message:
|
||||||
|
|
||||||
|
`Meet ROXy, a coder obsessed with being exclusively the worlds best hacker. She specializes in short cryptic hard to decipher secret codes. The below hex values for example, she did something with them to generate a secret code, can you figure out what? Your answer should start with 0x.`
|
||||||
|
|
||||||
|
`0xc4115` `0x4cf8`
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
|
||||||
|
`Meet ROXy` - This should give us a simple idea that we have to XOR the 2 given Hex numbers.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
|
||||||
|
So I tried it online here:
|
||||||
|
|
||||||
|
http://xor.pw/#
|
||||||
|
|
||||||
|
<img src="xor.png">
|
||||||
|
|
||||||
|
Note: Do not forget `0x` before flag.
|
||||||
|
|
||||||
|
#### Step-7:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTFlearn{0xc0ded}`
|
After (image error) Size: 38 KiB |
After (image error) Size: 236 KiB |
|
@ -0,0 +1,27 @@
|
||||||
|
## HyperStream Test #2
|
||||||
|
The main idea finding the flag is to know Baconian Cipher.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After reading the challenge properly,
|
||||||
|
|
||||||
|
```
|
||||||
|
I love the smell of bacon in the morning!
|
||||||
|
|
||||||
|
ABAAAABABAABBABBAABBAABAAAAAABAAAAAAAABAABBABABBAAAAABBABBABABBAABAABABABBAABBABBAABB
|
||||||
|
```
|
||||||
|
#### Step-2:
|
||||||
|
It is clear that it has to be Baconian Cipher. Those who are unaware of it, can refer here:
|
||||||
|
https://en.wikipedia.org/wiki/Bacon%27s_cipher
|
||||||
|
|
||||||
|
I then quickly looked for online Baconian Cipher decoders.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
I followed URL: https://www.dcode.fr/bacon-cipher.
|
||||||
|
|
||||||
|
I got the following results:
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`ILOUEBACONDONTYOU`
|
After (image error) Size: 41 KiB |
|
@ -0,0 +1,24 @@
|
||||||
|
## Morse Code
|
||||||
|
The main idea finding the flag is just having knowledge about Morse Code.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
|
||||||
|
This is the message given to us:
|
||||||
|
|
||||||
|
`..-. .-.. .- --. ... .- -- ..- . .-.. -- --- .-. ... . .. ... -.-. --- --- .-.. -... -.-- - .... . .-- .- -.-- .. .-.. .. -.- . -.-. .... . . ...`
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I used this URL to decode our answer:
|
||||||
|
https://cryptii.com/pipes/morse-code-to-text
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
This was my output:
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
That's it. That's our flag.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flagsamuelmorseiscoolbythewayilikechees`
|
|
@ -0,0 +1,17 @@
|
||||||
|
import gmpy2
|
||||||
|
from gmpy2 import mpz
|
||||||
|
|
||||||
|
e=mpz(3)
|
||||||
|
c=mpz(219878849218803628752496734037301843801487889344508611639028)
|
||||||
|
n=mpz(245841236512478852752909734912575581815967630033049838269083)
|
||||||
|
|
||||||
|
#use factordb
|
||||||
|
q=mpz(416064700201658306196320137931)
|
||||||
|
p=mpz(590872612825179551336102196593)
|
||||||
|
|
||||||
|
phi=gmpy2.mul(p-1,q-1)
|
||||||
|
d=gmpy2.invert(e,phi)
|
||||||
|
f=gmpy2.powmod(c,d,n)
|
||||||
|
g=bytes.fromhex(hex(f)[2:])
|
||||||
|
|
||||||
|
print("[+] Flag is : ",g)
|
|
@ -0,0 +1,48 @@
|
||||||
|
## RSA Beginner
|
||||||
|
The main idea finding the flag using RSA function and its operations.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `rsa (1).txt` from the cloud, we try to understand what is the content.
|
||||||
|
|
||||||
|
If anyone is unaware of RSA Encryption, they can checkout here:
|
||||||
|
|
||||||
|
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
The contents of `rsa (1).txt` are as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
e: 3
|
||||||
|
c: 219878849218803628752496734037301843801487889344508611639028
|
||||||
|
n: 245841236512478852752909734912575581815967630033049838269083
|
||||||
|
```
|
||||||
|
#### Step-3:
|
||||||
|
We run a simple `Flag.py` script to get the flag.
|
||||||
|
|
||||||
|
```
|
||||||
|
import gmpy2
|
||||||
|
from gmpy2 import mpz
|
||||||
|
|
||||||
|
e=mpz(3)
|
||||||
|
c=mpz(219878849218803628752496734037301843801487889344508611639028)
|
||||||
|
n=mpz(245841236512478852752909734912575581815967630033049838269083)
|
||||||
|
|
||||||
|
#use factordb
|
||||||
|
q=mpz(416064700201658306196320137931)
|
||||||
|
p=mpz(590872612825179551336102196593)
|
||||||
|
|
||||||
|
phi=gmpy2.mul(p-1,q-1)
|
||||||
|
d=gmpy2.invert(e,phi)
|
||||||
|
f=gmpy2.powmod(c,d,n)
|
||||||
|
g=bytes.fromhex(hex(f)[2:])
|
||||||
|
|
||||||
|
print("[+] Flag is : ",g)
|
||||||
|
```
|
||||||
|
#### Step-4:
|
||||||
|
The output of `python3 Flag.py` is as follows:
|
||||||
|
|
||||||
|
`[+] Flag is : b'abctf{rs4_is_aw3s0m3}'`
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`abctf{rs4_is_aw3s0m3}`
|
|
@ -0,0 +1,3 @@
|
||||||
|
e: 3
|
||||||
|
c: 219878849218803628752496734037301843801487889344508611639028
|
||||||
|
n: 245841236512478852752909734912575581815967630033049838269083
|
After (image error) Size: 53 KiB |
|
@ -0,0 +1,19 @@
|
||||||
|
from Crypto.Util.number import inverse
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
e = 1
|
||||||
|
c = 9327565722767258308650643213344542404592011161659991421
|
||||||
|
n = 245841236512478852752909734912575581815967630033049838269083
|
||||||
|
|
||||||
|
# From factordb
|
||||||
|
|
||||||
|
p = 416064700201658306196320137931
|
||||||
|
q = 590872612825179551336102196593
|
||||||
|
|
||||||
|
phi = (p-1) * (q-1)
|
||||||
|
|
||||||
|
d = inverse(e,phi)
|
||||||
|
m = pow(c,d,n)
|
||||||
|
|
||||||
|
hex_str = hex(m)[2:] # Removing '0x'
|
||||||
|
print(binascii.unhexlify(hex_str))
|
|
@ -0,0 +1,65 @@
|
||||||
|
## RSA Noob
|
||||||
|
The main idea finding the flag using RSA function and its operations.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `rsanoob(1).txt` from the cloud, we try to understand what is the content.
|
||||||
|
|
||||||
|
If anyone is unaware of RSA Encryption, they can checkout here:
|
||||||
|
|
||||||
|
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
The contents of `rsa (1).txt` are as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
e: 1
|
||||||
|
c: 9327565722767258308650643213344542404592011161659991421
|
||||||
|
n: 245841236512478852752909734912575581815967630033049838269083
|
||||||
|
```
|
||||||
|
#### Step-3:
|
||||||
|
'e' and 'n' - Public key.
|
||||||
|
'c' - Cipher text.
|
||||||
|
|
||||||
|
Given `n` to us, we try to find `p` & `q` online from http://factordb.com/index.php
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
We get the `p` & `q` online as follows:
|
||||||
|
<img src="Factorize.png">
|
||||||
|
|
||||||
|
Now we can feed inputs manually to yield flag.
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
|
||||||
|
Running this `Flag.py` script:
|
||||||
|
|
||||||
|
```
|
||||||
|
from Crypto.Util.number import inverse
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
e = 1
|
||||||
|
c = 9327565722767258308650643213344542404592011161659991421
|
||||||
|
n = 245841236512478852752909734912575581815967630033049838269083
|
||||||
|
|
||||||
|
# From factordb
|
||||||
|
|
||||||
|
p = 416064700201658306196320137931
|
||||||
|
q = 590872612825179551336102196593
|
||||||
|
|
||||||
|
phi = (p-1) * (q-1)
|
||||||
|
|
||||||
|
d = inverse(e,phi)
|
||||||
|
m = pow(c,d,n)
|
||||||
|
|
||||||
|
hex_str = hex(m)[2:] # Removing '0x'
|
||||||
|
print(binascii.unhexlify(hex_str))
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-6:
|
||||||
|
We get the flag by `python3 Flag.py`
|
||||||
|
|
||||||
|
We get this output:
|
||||||
|
`b'abctf{b3tter_up_y0ur_e}'`
|
||||||
|
|
||||||
|
#### Step-7:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`abctf{b3tter_up_y0ur_e}`
|
|
@ -0,0 +1,3 @@
|
||||||
|
e: 1
|
||||||
|
c: 9327565722767258308650643213344542404592011161659991421
|
||||||
|
n: 245841236512478852752909734912575581815967630033049838269083
|
After (image error) Size: 29 KiB |
|
@ -0,0 +1,25 @@
|
||||||
|
## Reverse Polarity
|
||||||
|
The main idea finding the flag is Binary to ASCII conversion.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After seeing the text, we get the following:
|
||||||
|
`I got a new hard drive just to hold my flag, but I'm afraid that it rotted. What do I do? The only thing I could get off of it was this: `
|
||||||
|
|
||||||
|
```
|
||||||
|
01000011010101000100011001111011010000100110100101110100010111110100011001101100011010010111000001110000011010010110111001111101
|
||||||
|
```
|
||||||
|
|
||||||
|
I tried to convert the given Binary text to ASCII.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I followed the URL: https://www.convertbinary.com/to-text/
|
||||||
|
|
||||||
|
I got the following result:
|
||||||
|
|
||||||
|
<img src="Covert.png">
|
||||||
|
|
||||||
|
Voila, we have it.
|
||||||
|
#### Step-3:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTF{Bit_Flippin}`
|
After (image error) Size: 506 KiB |
After (image error) Size: 441 KiB |
|
@ -0,0 +1,27 @@
|
||||||
|
## Substitution Cipher
|
||||||
|
The main idea finding the flag is using Substitution Cipher.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After downloading `Substitution.txt` from the cloud, we get the following data from it:
|
||||||
|
|
||||||
|
```
|
||||||
|
MIT YSAU OL OYGFSBDGRTKFEKBHMGCALSOQTMIOL. UTFTKAMTR ZB DAKQGX EIAOF GY MIT COQOHTROA HAUT GF EASXOF AFR IGZZTL. ZT CTKT SGFU, MIT YSACL GF A 2005 HKTLTFM MODTL MIAF LMADOFA GK A CTTQSB LWFRAB, RTETDZTK 21, 1989 1990, MIT RKTC TROMGKL CAL WHKGGMTR TXTKB CGKSR EAF ZT YGWFR MIT EGFMOFWTR MG CGKQ AM A YAOMIYWS KTHSOTL CITKT IGZZTL, LMBST AOD EASXOF, AMMAEQ ZGMI LORTL MG DAKQL, "CIAM RG EGFMKGSSOFU AF AEMWAS ZGAKR ZGVTL OF MIT HKTHAKTFML FADT, OL ODHWSLOXT KADHAUTL OF CIOEI ASCABL KTYTKTFETL MIT HALLCGKR, CIOEI DGFTB, AFR MITB IAR SOMMST YKGFM BAKR IOL YKWLMKAMTR EGSGK WFOJWT AZOSOMB COMI AFR OFROLHTFLAMT YGK MTAEI GMITK LMWROTL, AKT ACAKRL ZARUTL, HWZSOLITR ZTYGKT CTSS AL A YOKT UKGLL HSAFL CTKT GKOUOFASSB EIAKAEMTKL OF MIT LMKOH MG CIOEI LTTD MG OM CITF MTDHTKTR OF AFR IASSGCOFU MITB'KT LODHSB RKACOFU OF UOXTL GF" HKOFEOHAS LHOMMST ROLMGKM, KTARTKL EGDOEL AKT WLT, CAMMTKLGF MGGQ MCG 16-DGFMIL AYMTK KTLOLMAQTL A DGKT EKTAM RTAS MG EASXOF GYMTF IGZZTL MG ARDOML "LSODB, "ZWM OM'L FADTR A FOUIM GWM LIT OL HGOFM GY FGM LTTF IGZZTL MIT ZGGQL AM MIAM O KTDAOFOFU ZGGQ IADLMTK IWTB AKT AHHTAKAFET: RTETDZTK 6, 1995 DGD'L YKADTL GY EASXOF UOXTF A CAUGF, LGDTMODTL MIAM LG OM'L YAMITKT'L YADOSB FG EAFETSSAMOGFLIOH CAL HKTLTFML YKGD FGXTDZTK 21, 1985 SALM AHHTAK AZLTFET OF AFGMITKCOLT OM IAHHB MG KWF OM YGK MIOL RAR AL "A SOMMST MG MGSTKAMT EASXOF'L YADOSB RKACF ASDGLM EGDDTFRTR WH ZTOFU HTGHST OFLMAFET, UTM DAKKOTR ZB A RAFET EASXOF'L GWMSAFROLOFU MIT FTCLHAHTK GK MAZSGOR FTCLHAHTK ZWLOFTLL LIGC OL GF!" AFR LHKOFML GY EIOSRKTF'L RAR'L YKWLMKAMTR ZB MWKF IWDGK, CAL HWZSOE ROASGU MITKT'L FGM DWEI AL "'94 DGRTKFOLD" CAMMTKLGF IAL RTSOUIML GY YAFMALB SOYT CAMMTKLGF LABL LTKXTL AL AF AKMOLML OL RTLMKWEMOGF ZWLOFTLL, LHAETYAKTK GY MIT GHHGKMWFOMOTL BGW ZGMI A MGHOE YGK IOL IGDT MGFUWT-OF-EITTQ HGHWSAK MIAM OM CAL "IGF" AFR JWAKMTK HAUT DGKT LHAEOGWL EAFETSSAMOGF MIT HAOK AKT ESTAKSB OF HLBEIOE MKAFLDGUKOYOTK'L "NAH" LGWFR TYYTEM BGW MIOFQTK CAMMTKLGF ASLG UKTC OFEKTROZST LHAET ZWBL OF EGDDGFSB CIOST GMITKCOLT OM'L FADT OL FGMAZST LMGKBSOFT UAXT MIT GHHGKMWFOMOTL BGW EAFETSSAMOGF MIT "EASXOF GYYTK MG DAQT IOD OFEGKKTEM AFLCTKL CAMMTK AKMCGKQ GMITK GYMTF CIOEI OL TXORTFM MG GMITK LMKOH OL MG MITOK WLT GY KWSTL MIAM LIGCF GF LAFROYTK, CIG WLTL A EKGCJWOSS ZT LTTF "USWTR" MG MIT GFSB HTKL AFR IOL YAMITK LWHHGKM OL SWFEISOFT UAXT MITLT MIOF A BTAK OF DWSMODAMTKOAS AFR GZMAOF GF LAFMALB, IOL WLT, CAMMTKL ROASGUWT OL AF "AKMOLM'L LMAMWL AL "A ROD XOTC OF MIT TLLTFMOASSB MG DAQT IOD LTTD MG OFESWRTR MIAM EASXOF OL AF GRR ROASGUWT DGLM GY MIT ESWZ IAL TVHKTLLOGF GWMLORT AXAOSAZST MG
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
So, I tried to decode here: https://www.dcode.fr/monoalphabetic-substitution
|
||||||
|
|
||||||
|
My inputs are as follows:
|
||||||
|
|
||||||
|
<img src="Input.png">
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
I got the output as follows:
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
There we have it. Our flag.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`IFONLYMODERNCRYPTOWASLIKETHIS`
|
|
@ -0,0 +1 @@
|
||||||
|
MIT YSAU OL OYGFSBDGRTKFEKBHMGCALSOQTMIOL. UTFTKAMTR ZB DAKQGX EIAOF GY MIT COQOHTROA HAUT GF EASXOF AFR IGZZTL. ZT CTKT SGFU, MIT YSACL GF A 2005 HKTLTFM MODTL MIAF LMADOFA GK A CTTQSB LWFRAB, RTETDZTK 21, 1989 1990, MIT RKTC TROMGKL CAL WHKGGMTR TXTKB CGKSR EAF ZT YGWFR MIT EGFMOFWTR MG CGKQ AM A YAOMIYWS KTHSOTL CITKT IGZZTL, LMBST AOD EASXOF, AMMAEQ ZGMI LORTL MG DAKQL, "CIAM RG EGFMKGSSOFU AF AEMWAS ZGAKR ZGVTL OF MIT HKTHAKTFML FADT, OL ODHWSLOXT KADHAUTL OF CIOEI ASCABL KTYTKTFETL MIT HALLCGKR, CIOEI DGFTB, AFR MITB IAR SOMMST YKGFM BAKR IOL YKWLMKAMTR EGSGK WFOJWT AZOSOMB COMI AFR OFROLHTFLAMT YGK MTAEI GMITK LMWROTL, AKT ACAKRL ZARUTL, HWZSOLITR ZTYGKT CTSS AL A YOKT UKGLL HSAFL CTKT GKOUOFASSB EIAKAEMTKL OF MIT LMKOH MG CIOEI LTTD MG OM CITF MTDHTKTR OF AFR IASSGCOFU MITB'KT LODHSB RKACOFU OF UOXTL GF" HKOFEOHAS LHOMMST ROLMGKM, KTARTKL EGDOEL AKT WLT, CAMMTKLGF MGGQ MCG 16-DGFMIL AYMTK KTLOLMAQTL A DGKT EKTAM RTAS MG EASXOF GYMTF IGZZTL MG ARDOML "LSODB, "ZWM OM'L FADTR A FOUIM GWM LIT OL HGOFM GY FGM LTTF IGZZTL MIT ZGGQL AM MIAM O KTDAOFOFU ZGGQ IADLMTK IWTB AKT AHHTAKAFET: RTETDZTK 6, 1995 DGD'L YKADTL GY EASXOF UOXTF A CAUGF, LGDTMODTL MIAM LG OM'L YAMITKT'L YADOSB FG EAFETSSAMOGFLIOH CAL HKTLTFML YKGD FGXTDZTK 21, 1985 SALM AHHTAK AZLTFET OF AFGMITKCOLT OM IAHHB MG KWF OM YGK MIOL RAR AL "A SOMMST MG MGSTKAMT EASXOF'L YADOSB RKACF ASDGLM EGDDTFRTR WH ZTOFU HTGHST OFLMAFET, UTM DAKKOTR ZB A RAFET EASXOF'L GWMSAFROLOFU MIT FTCLHAHTK GK MAZSGOR FTCLHAHTK ZWLOFTLL LIGC OL GF!" AFR LHKOFML GY EIOSRKTF'L RAR'L YKWLMKAMTR ZB MWKF IWDGK, CAL HWZSOE ROASGU MITKT'L FGM DWEI AL "'94 DGRTKFOLD" CAMMTKLGF IAL RTSOUIML GY YAFMALB SOYT CAMMTKLGF LABL LTKXTL AL AF AKMOLML OL RTLMKWEMOGF ZWLOFTLL, LHAETYAKTK GY MIT GHHGKMWFOMOTL BGW ZGMI A MGHOE YGK IOL IGDT MGFUWT-OF-EITTQ HGHWSAK MIAM OM CAL "IGF" AFR JWAKMTK HAUT DGKT LHAEOGWL EAFETSSAMOGF MIT HAOK AKT ESTAKSB OF HLBEIOE MKAFLDGUKOYOTK'L "NAH" LGWFR TYYTEM BGW MIOFQTK CAMMTKLGF ASLG UKTC OFEKTROZST LHAET ZWBL OF EGDDGFSB CIOST GMITKCOLT OM'L FADT OL FGMAZST LMGKBSOFT UAXT MIT GHHGKMWFOMOTL BGW EAFETSSAMOGF MIT "EASXOF GYYTK MG DAQT IOD OFEGKKTEM AFLCTKL CAMMTK AKMCGKQ GMITK GYMTF CIOEI OL TXORTFM MG GMITK LMKOH OL MG MITOK WLT GY KWSTL MIAM LIGCF GF LAFROYTK, CIG WLTL A EKGCJWOSS ZT LTTF "USWTR" MG MIT GFSB HTKL AFR IOL YAMITK LWHHGKM OL SWFEISOFT UAXT MITLT MIOF A BTAK OF DWSMODAMTKOAS AFR GZMAOF GF LAFMALB, IOL WLT, CAMMTKL ROASGUWT OL AF "AKMOLM'L LMAMWL AL "A ROD XOTC OF MIT TLLTFMOASSB MG DAQT IOD LTTD MG OFESWRTR MIAM EASXOF OL AF GRR ROASGUWT DGLM GY MIT ESWZ IAL TVHKTLLOGF GWMLORT AXAOSAZST MG
|
After (image error) Size: 52 KiB |
|
@ -0,0 +1,33 @@
|
||||||
|
## Vigenere Cipher
|
||||||
|
The main idea finding the flag is just having knowledge about Vigenere Cipher.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
|
||||||
|
Its very easy if you have basic idea of Vigenere Cipher. If you don't know, please refer :
|
||||||
|
https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
|
||||||
|
|
||||||
|
So this is what is given in the message of challenge:
|
||||||
|
|
||||||
|
```
|
||||||
|
The vignere cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers based on the letters of a keyword.<br />
|
||||||
|
|
||||||
|
I’m not sure what this means, but it was left lying around: blorpy
|
||||||
|
|
||||||
|
gwox{RgqssihYspOntqpxs}
|
||||||
|
```
|
||||||
|
#### Step-2:
|
||||||
|
One thing is important to know that Vigenere Cipher requires a <strong>key</strong> to decode any message.
|
||||||
|
I used this URL to decode my message and used given key as : `blorpy`
|
||||||
|
https://cryptii.com/
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
This was my output:
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
That's it. That's our flag.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{CiphersAreAwesome}`
|
After (image error) Size: 426 KiB |
|
@ -0,0 +1,364 @@
|
||||||
|
## 07601
|
||||||
|
The main idea finding the flag using basic forensics techniques.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download the given image `AGT.png` from the cloud, we just try simple techniques.
|
||||||
|
|
||||||
|
<img src="AGT.jpg">
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I first tried a very basic `strings AGT.png` & `strings AGT.png | grep {`.
|
||||||
|
|
||||||
|
I got the following output, through which I came to know about existing hidden directories.
|
||||||
|
```
|
||||||
|
v{n,
|
||||||
|
n.l{
|
||||||
|
qYv{
|
||||||
|
,nO{
|
||||||
|
2[{oO
|
||||||
|
{^UH
|
||||||
|
i{WY*
|
||||||
|
ABCTF{fooled_ya_dustin}
|
||||||
|
{u4j,\
|
||||||
|
B-{4B
|
||||||
|
}UXG{
|
||||||
|
{`(k
|
||||||
|
cB{V,
|
||||||
|
7{Ul
|
||||||
|
{$48
|
||||||
|
~9{;b
|
||||||
|
ECG{~'8
|
||||||
|
{Rf:
|
||||||
|
M}fS{
|
||||||
|
{{*7'
|
||||||
|
cGc{qlt'5
|
||||||
|
DD2{
|
||||||
|
{f8-Z
|
||||||
|
{R[7
|
||||||
|
UJL{
|
||||||
|
ez {Rz
|
||||||
|
,K{^b
|
||||||
|
WL{?
|
||||||
|
1?{M
|
||||||
|
YJ{.
|
||||||
|
E{'+
|
||||||
|
ZQ9{
|
||||||
|
1{@S
|
||||||
|
\s{)
|
||||||
|
mDEH{
|
||||||
|
qz{*
|
||||||
|
{d"&
|
||||||
|
{QuH%
|
||||||
|
,97{{
|
||||||
|
.~>{
|
||||||
|
F{E`{;
|
||||||
|
46B{
|
||||||
|
Le*{
|
||||||
|
HrZl{T
|
||||||
|
^{K>
|
||||||
|
_4={
|
||||||
|
EHLl{V
|
||||||
|
{Wh>
|
||||||
|
{:4
|
||||||
|
B{Cl
|
||||||
|
g{:i
|
||||||
|
Z{e&
|
||||||
|
:{S/\
|
||||||
|
{:%|Ium#
|
||||||
|
_E{Wj
|
||||||
|
S{5U
|
||||||
|
S{Eh
|
||||||
|
r{}%
|
||||||
|
ht{{
|
||||||
|
;Xc{
|
||||||
|
ST{{
|
||||||
|
{>eG
|
||||||
|
2eN{
|
||||||
|
A{b5
|
||||||
|
wu{@
|
||||||
|
y.V{j0^
|
||||||
|
8~x{
|
||||||
|
{;F#
|
||||||
|
.{|6m
|
||||||
|
{%0[
|
||||||
|
{~u(
|
||||||
|
TB{b
|
||||||
|
i{Hhm
|
||||||
|
=Z{"4
|
||||||
|
v.aa{
|
||||||
|
j-@l{
|
||||||
|
DsB{
|
||||||
|
4{C$v`
|
||||||
|
"Y1!{I
|
||||||
|
B{^
|
||||||
|
X>{I
|
||||||
|
KNzO{
|
||||||
|
_I{[-
|
||||||
|
%{*e
|
||||||
|
B-{4B
|
||||||
|
}UXG{
|
||||||
|
{`(k
|
||||||
|
cB{V,
|
||||||
|
7{Ul
|
||||||
|
{$48
|
||||||
|
~9{;b
|
||||||
|
ECG{~'8
|
||||||
|
{Rf:
|
||||||
|
M}fS{
|
||||||
|
{{*7'
|
||||||
|
cGc{qlt'5
|
||||||
|
DD2{
|
||||||
|
{f8-Z
|
||||||
|
{R[7
|
||||||
|
UJL{
|
||||||
|
ez {Rz
|
||||||
|
,K{^b
|
||||||
|
WL{?
|
||||||
|
1?{M
|
||||||
|
YJ{.
|
||||||
|
E{'+
|
||||||
|
ZQ9{
|
||||||
|
1{@S
|
||||||
|
\s{)
|
||||||
|
mDEH{
|
||||||
|
qz{*
|
||||||
|
{d"&
|
||||||
|
{QuH%
|
||||||
|
,97{{
|
||||||
|
.~>{
|
||||||
|
F{E`{;
|
||||||
|
46B{
|
||||||
|
Le*{
|
||||||
|
HrZl{T
|
||||||
|
^{K>
|
||||||
|
_4={
|
||||||
|
EHLl{V
|
||||||
|
{Wh>
|
||||||
|
{:4
|
||||||
|
B{Cl
|
||||||
|
g{:i
|
||||||
|
Z{e&
|
||||||
|
:{S/\
|
||||||
|
{:%|Ium#
|
||||||
|
_E{Wj
|
||||||
|
S{5U
|
||||||
|
S{Eh
|
||||||
|
r{}%
|
||||||
|
ht{{
|
||||||
|
;Xc{
|
||||||
|
ST{{
|
||||||
|
{>eG
|
||||||
|
2eN{
|
||||||
|
A{b5
|
||||||
|
wu{@
|
||||||
|
y.V{j0^
|
||||||
|
8~x{
|
||||||
|
{;F#
|
||||||
|
.{|6m
|
||||||
|
{%0[
|
||||||
|
{~u(
|
||||||
|
TB{b
|
||||||
|
i{Hhm
|
||||||
|
=Z{"4
|
||||||
|
v.aa{
|
||||||
|
j-@l{
|
||||||
|
DsB{
|
||||||
|
4{C$v`
|
||||||
|
"Y1!{I
|
||||||
|
B{^
|
||||||
|
X>{I
|
||||||
|
KNzO{
|
||||||
|
_I{[-
|
||||||
|
%{*e
|
||||||
|
Dwnc{E
|
||||||
|
B-{4B
|
||||||
|
}UXG{
|
||||||
|
{`(k
|
||||||
|
cB{V,
|
||||||
|
7{Ul
|
||||||
|
{$48
|
||||||
|
~9{;b
|
||||||
|
ECG{~'8
|
||||||
|
{Rf:
|
||||||
|
M}fS{
|
||||||
|
{{*7'
|
||||||
|
cGc{qlt'5
|
||||||
|
DD2{
|
||||||
|
{f8-Z
|
||||||
|
{R[7
|
||||||
|
f{KR
|
||||||
|
,K{^b
|
||||||
|
WL{?
|
||||||
|
1?{M
|
||||||
|
YJ{.
|
||||||
|
E{'+
|
||||||
|
ZQ9{
|
||||||
|
1{@S
|
||||||
|
\s{)
|
||||||
|
mDEH{
|
||||||
|
qz{*
|
||||||
|
{d"&
|
||||||
|
{QuH%
|
||||||
|
,97{{
|
||||||
|
.~>{
|
||||||
|
F{E`{;
|
||||||
|
46B{
|
||||||
|
Le*{
|
||||||
|
HrZl{T
|
||||||
|
^{K>
|
||||||
|
_4={
|
||||||
|
EHLl{V
|
||||||
|
daIj{
|
||||||
|
fz{]
|
||||||
|
{gy5
|
||||||
|
i{1"Aj
|
||||||
|
rr@{
|
||||||
|
C_,{
|
||||||
|
WoIx{
|
||||||
|
<6\`{
|
||||||
|
%{-N(
|
||||||
|
|B{~
|
||||||
|
{t^l
|
||||||
|
dNDM'{
|
||||||
|
k/{|
|
||||||
|
{_ G
|
||||||
|
);bW{
|
||||||
|
?XG>z{
|
||||||
|
=k{-
|
||||||
|
{Y6g
|
||||||
|
K5g{2
|
||||||
|
mz{S
|
||||||
|
2eF{
|
||||||
|
{y4^(
|
||||||
|
GB{%
|
||||||
|
E{/Y
|
||||||
|
{p`w?
|
||||||
|
mE-{
|
||||||
|
~*{+
|
||||||
|
.{|6m
|
||||||
|
{%0[
|
||||||
|
{~u(
|
||||||
|
TB{b
|
||||||
|
i{Hhm
|
||||||
|
=Z{"4
|
||||||
|
v.aa{
|
||||||
|
j-@l{
|
||||||
|
DsB{
|
||||||
|
4{C$v`
|
||||||
|
"Y1!{I
|
||||||
|
B{^
|
||||||
|
X>{I
|
||||||
|
KNzO{
|
||||||
|
_I{[-
|
||||||
|
%{*e
|
||||||
|
```
|
||||||
|
#### Step-3:
|
||||||
|
I tried this `ABCTF{fooled_ya_dustin}` flag, but it showed incorrect. So let's explore the hidden folders.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
I tried `binwalk -e AGT.png`. I get a new directory called `_AGT.png.extracted`. Let's get into this.
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
The contents of which are some of the images and directory. I directly, tried
|
||||||
|
`strings I Warned You.jpeg | grep {`
|
||||||
|
|
||||||
|
#### Step-6:
|
||||||
|
|
||||||
|
I got this output:
|
||||||
|
```
|
||||||
|
{P|I
|
||||||
|
{zRhc
|
||||||
|
{>ch
|
||||||
|
^|){O
|
||||||
|
rU<o{
|
||||||
|
R3w{x
|
||||||
|
o {p
|
||||||
|
=d{]i
|
||||||
|
w{3)Z:
|
||||||
|
uYz}{
|
||||||
|
{uBH
|
||||||
|
*}{MD
|
||||||
|
}"W{
|
||||||
|
:Ja{
|
||||||
|
.?{M$f
|
||||||
|
!0{8
|
||||||
|
{/!s
|
||||||
|
tM,o{
|
||||||
|
{tLL
|
||||||
|
q{dG
|
||||||
|
b[{MTF
|
||||||
|
{Y1W
|
||||||
|
ABCTF{Du$t1nS_D0jo}1r
|
||||||
|
1{wl
|
||||||
|
{Y,x
|
||||||
|
6fr{+
|
||||||
|
q{:zG
|
||||||
|
Nv{%M#
|
||||||
|
{+ -"
|
||||||
|
Qa{+
|
||||||
|
tx"{
|
||||||
|
{!f'WkQV
|
||||||
|
XUg{
|
||||||
|
!{;xV
|
||||||
|
?Khh{
|
||||||
|
w#{]U#
|
||||||
|
JGdD{n
|
||||||
|
W]L{`g
|
||||||
|
{Z.W\
|
||||||
|
r"w{
|
||||||
|
.$A{
|
||||||
|
)cn_P{V
|
||||||
|
b{5
|
||||||
|
:\7{{
|
||||||
|
gk{|(qwC
|
||||||
|
Vv{;t[Tjy#r
|
||||||
|
NR{{]
|
||||||
|
Pv{]JS
|
||||||
|
{'R-
|
||||||
|
${zT
|
||||||
|
Ac{*:]#
|
||||||
|
{Mj9
|
||||||
|
. 6{4
|
||||||
|
w{Y[8o
|
||||||
|
{zY\4
|
||||||
|
q{:g#g
|
||||||
|
roO{
|
||||||
|
F{Dfx$
|
||||||
|
mJ{#
|
||||||
|
OgRZho{
|
||||||
|
Ug3{x
|
||||||
|
'{u^n
|
||||||
|
b%{l^
|
||||||
|
r&*$b{
|
||||||
|
M|vMH{.
|
||||||
|
[R'{_
|
||||||
|
{P7v+
|
||||||
|
b{+W
|
||||||
|
/{+w
|
||||||
|
F{~aLVF
|
||||||
|
{:el
|
||||||
|
sIS{
|
||||||
|
8r:s{
|
||||||
|
I{M5
|
||||||
|
e%K#{
|
||||||
|
u5{1j
|
||||||
|
Bww{
|
||||||
|
{XW+
|
||||||
|
$v{/O
|
||||||
|
+6,{~aV
|
||||||
|
iNc{
|
||||||
|
{R8c
|
||||||
|
y)8{{0q
|
||||||
|
1{]'%<B
|
||||||
|
R{.x
|
||||||
|
{533
|
||||||
|
1{ue
|
||||||
|
:?{#&2B
|
||||||
|
{%c]2U
|
||||||
|
;#Y{
|
||||||
|
```
|
||||||
|
|
||||||
|
Luckily, here the flag worked.
|
||||||
|
#### Step-7:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`ABCTF{Du$t1nS_D0jo}1r`
|
After (image error) Size: 41 KiB |
After (image error) Size: 262 KiB |
|
@ -0,0 +1,36 @@
|
||||||
|
## A CAPture of a Flag
|
||||||
|
The main idea finding the flag is exploring the given PCAP file in Wireshark.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After downloading `flag (4)` (a PCAP file) from the cloud, I directly opened it in Wireshark application.
|
||||||
|
|
||||||
|
For those, who are unaware om how to filter streams or use this application, please do your homework here:
|
||||||
|
|
||||||
|
https://www.wireshark.org/
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
|
||||||
|
I tried to check TCP stream for some clues and then I tried UDP streams for some clues. Finally, I used the filter to get only HTTP requests.
|
||||||
|
|
||||||
|
<img src="HTTP.png">
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
|
||||||
|
I went through all requests and this request caught my eye.
|
||||||
|
`247 2.270670 10.50.203.75 185.21.216.190 HTTP 504 GET /?msg=ZmxhZ3tBRmxhZ0luUENBUH0= HTTP/1.1 `
|
||||||
|
|
||||||
|
It has a Base64 encrypted message.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
So finally, I decoded it online at: https://www.base64decode.org/
|
||||||
|
|
||||||
|
I got the flag there:
|
||||||
|
|
||||||
|
<img src="Base64.png">
|
||||||
|
|
||||||
|
Voila, we have it here.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{AFlagInPCAP}`
|
After (image error) Size: 161 KiB |
|
@ -0,0 +1,32 @@
|
||||||
|
## Binwalk
|
||||||
|
The main idea finding the flag using Binwalk commands and its extensions.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After downloading `PurpleThing.jpeg` from the cloud, I tried `strings PurpleThing.jpeg | grep {`.
|
||||||
|
|
||||||
|
I couldn't find anything special.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
|
||||||
|
So I tried `binwalk PurpleThing.jpeg` as the question suggests.
|
||||||
|
|
||||||
|
It showed me following output:
|
||||||
|
|
||||||
|
```
|
||||||
|
DECIMAL HEXADECIMAL DESCRIPTION
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
0 0x0 PNG image, 780 x 720, 8-bit/color RGBA, non-interlaced
|
||||||
|
41 0x29 Zlib compressed data, best compression
|
||||||
|
153493 0x25795 PNG image, 802 x 118, 8-bit/color RGBA, non-interlaced
|
||||||
|
```
|
||||||
|
|
||||||
|
Clearly, there is hidden data in there, let's extract that.
|
||||||
|
#### Step-3:
|
||||||
|
I input a command of `binwalk -D 'image:png' PurpleThing.jpeg` and I get a directory named `_PurpleThing.jpeg.extracted`.
|
||||||
|
|
||||||
|
The contents are different files. In it `25795.png` has the flag.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`ABCTF{b1nw4lk_is_us3ful}`
|
After (image error) Size: 39 KiB |
|
@ -0,0 +1,36 @@
|
||||||
|
## Digital Camouflage
|
||||||
|
The main idea finding the flag is Network Interception and some Crytographic Techniques.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After downloading `data.pcap` from the cloud, I directly opened it in Wireshark.
|
||||||
|
|
||||||
|
For those, who are unaware of how to use this tool for Network Interception, can refer here:
|
||||||
|
https://www.wireshark.org/
|
||||||
|
|
||||||
|
I tried to check the Hex Dump, but couldn't find something special.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
So, I tried to check the TCP stream in different frames. For those, who are unaware on how to do this:
|
||||||
|
|
||||||
|
- Open `data.pcap` in Wireshark.
|
||||||
|
- In the filters, put on TCP and then Enter to get all the TCP traffic of the network.
|
||||||
|
<img src="TCP_Stream.png">
|
||||||
|
- I wanted to check each and every frame as question is somewhat hinting in that direction, so to check that, Analyse -> Follow -> TCP Stream
|
||||||
|
<img src="TCP_Stream_Eq_0.png">
|
||||||
|
- We can alter streams by changing the counter in bottom right corner.
|
||||||
|
- As I reached 3rd stream, I observed some credentials there.
|
||||||
|
<img src="TCP_Stream_Eq_3.png">
|
||||||
|
|
||||||
|
`userid=hardawayn&pswrd=UEFwZHNqUlRhZQ%3D%3D`
|
||||||
|
#### Step-3:
|
||||||
|
So, it is clear that password is Base64 encrypted and in web URLs, %3D is to be replaced by =.
|
||||||
|
|
||||||
|
So I tried to decode the Base64 encryption online at: https://www.base64decode.org/
|
||||||
|
|
||||||
|
<img src="Base64.png">
|
||||||
|
|
||||||
|
It had the flag in it. Voila.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`PApdsjRTae`
|
After (image error) Size: 206 KiB |
After (image error) Size: 163 KiB |
After (image error) Size: 92 KiB |
|
@ -0,0 +1,44 @@
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Base64;
|
||||||
|
|
||||||
|
import javax.crypto.Cipher;
|
||||||
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
|
||||||
|
public class Decryptor
|
||||||
|
{
|
||||||
|
public static final String FLAG = "S+kUZtaHEYpFpv2ixuTnqBdORNzsdVJrAxWznyOljEo=";
|
||||||
|
private static class Password
|
||||||
|
{
|
||||||
|
private byte[] passHash;
|
||||||
|
|
||||||
|
public Password(char[] pass) throws Exception
|
||||||
|
{
|
||||||
|
MessageDigest digest = MessageDigest.getInstance("SHA-256");
|
||||||
|
this.passHash = Arrays.copyOf(digest.digest(new String(pass).getBytes("UTF-8")), 16);
|
||||||
|
}
|
||||||
|
|
||||||
|
public byte[] encrypt(byte[] msg) throws Exception
|
||||||
|
{
|
||||||
|
SecretKeySpec spec = new SecretKeySpec(passHash, "AES");
|
||||||
|
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
|
||||||
|
cipher.init(Cipher.ENCRYPT_MODE, spec);
|
||||||
|
return cipher.doFinal(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public byte[] decrypt(byte[] msg) throws Exception
|
||||||
|
{
|
||||||
|
SecretKeySpec spec = new SecretKeySpec(passHash, "AES");
|
||||||
|
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
|
||||||
|
cipher.init(Cipher.DECRYPT_MODE, spec);
|
||||||
|
return cipher.doFinal(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void main(String[] args) throws Exception
|
||||||
|
{
|
||||||
|
Password pass = new Password(System.console().readPassword("Enter password to decrypt flag: "));
|
||||||
|
System.out.println(new String(pass.decrypt(Base64.getDecoder().decode(FLAG.getBytes()))));
|
||||||
|
Thread.sleep(5000); //We did a heap dump right here.
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
## Dumpster
|
||||||
|
The main idea finding the flag is Java coding.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
I tried hard to understand the question and solve it, but I couldn't do it, so I had to look up for writeup.
|
||||||
|
|
||||||
|
https://github.com/EladBeber/CTFlearn-Writeups/tree/master/Forensics/Medium/DUMPSTER
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`stCTF{h34p_6ump5_r_c00l!11!!}`
|
After (image error) Size: 54 KiB |
|
@ -0,0 +1,62 @@
|
||||||
|
## Exif
|
||||||
|
The main idea finding the flag is to have Exiftool.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After I downloaded `Computer-Password-Security-Hacker - Copy.jpg`, I immediately tried to open it using Exiftool.
|
||||||
|
|
||||||
|
<img src="Computer-Password-Security-Hacker - Copy.jpg">
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
If you have some experience in CTF before, [Exiftool](https://exiftool.org/) is quite widely used. So I input `exiftool Computer-Password-Security-Hacker\ -\ Copy.jpg`
|
||||||
|
|
||||||
|
Output:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ExifTool Version Number : 11.88
|
||||||
|
File Name : Computer-Password-Security-Hacker - Copy.jpg
|
||||||
|
Directory : .
|
||||||
|
File Size : 54 kB
|
||||||
|
File Modification Date/Time : 2020:07:31 14:04:06+05:30
|
||||||
|
File Access Date/Time : 2020:07:31 14:04:06+05:30
|
||||||
|
File Inode Change Date/Time : 2020:07:31 14:04:06+05:30
|
||||||
|
File Permissions : rw-r--r--
|
||||||
|
File Type : JPEG
|
||||||
|
File Type Extension : jpg
|
||||||
|
MIME Type : image/jpeg
|
||||||
|
JFIF Version : 1.02
|
||||||
|
X Resolution : 100
|
||||||
|
Y Resolution : 100
|
||||||
|
Exif Byte Order : Big-endian (Motorola, MM)
|
||||||
|
Resolution Unit : None
|
||||||
|
Y Cb Cr Positioning : Centered
|
||||||
|
Exif Version : 0231
|
||||||
|
Components Configuration : Y, Cb, Cr, -
|
||||||
|
Flashpix Version : 0100
|
||||||
|
Owner Name : flag{3l1t3_3x1f_4uth0r1ty_dud3br0}
|
||||||
|
GPS Latitude Ref : South
|
||||||
|
GPS Longitude Ref : East
|
||||||
|
Quality : 60%
|
||||||
|
DCT Encode Version : 100
|
||||||
|
APP14 Flags 0 : [14], Encoded with Blend=1 downsampling
|
||||||
|
APP14 Flags 1 : (none)
|
||||||
|
Color Transform : YCbCr
|
||||||
|
Image Width : 660
|
||||||
|
Image Height : 371
|
||||||
|
Encoding Process : Baseline DCT, Huffman coding
|
||||||
|
Bits Per Sample : 8
|
||||||
|
Color Components : 3
|
||||||
|
Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1)
|
||||||
|
Image Size : 660x371
|
||||||
|
Megapixels : 0.245
|
||||||
|
GPS Latitude : 77 deg 17' 2.62" S
|
||||||
|
GPS Longitude : 44 deg 4' 7.30" E
|
||||||
|
GPS Position : 77 deg 17' 2.62" S, 44 deg 4' 7.30" E
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
|
||||||
|
Voila! I got the flag there. I don't have any idea why this challenge was in hard.
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{3l1t3_3x1f_4uth0r1ty_dud3br0}`
|
After (image error) Size: 9.5 KiB |
|
@ -0,0 +1,143 @@
|
||||||
|
## Forensics 101
|
||||||
|
The main idea finding the flag using basic forensics training.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download the given image `95f6edfb66ef42d774a5a34581f19052.jpg` from the cloud, we just try simple techniques.
|
||||||
|
|
||||||
|
<img src="95f6edfb66ef42d774a5a34581f19052.jpg">
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I first tried a very basic `strings 95f6edfb66ef42d774a5a34581f19052.jpg`
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
It just gave me this output:
|
||||||
|
```
|
||||||
|
JFIF
|
||||||
|
, #&')*)
|
||||||
|
-0-(0%()(
|
||||||
|
((((((((((((((((((((((((((((((((((((((((((((((((((
|
||||||
|
L?~f
|
||||||
|
:UwR
|
||||||
|
y>2|
|
||||||
|
*'?-
|
||||||
|
yhH_&
|
||||||
|
Lmz'
|
||||||
|
+f[
|
||||||
|
!"1$246B`35A
|
||||||
|
au>
|
||||||
|
~b*D
|
||||||
|
F_X:D
|
||||||
|
[ElC
|
||||||
|
him8
|
||||||
|
lr|.
|
||||||
|
L{2^
|
||||||
|
]]te
|
||||||
|
tBfE
|
||||||
|
j_s7Os/[i
|
||||||
|
W="'
|
||||||
|
"fkO
|
||||||
|
G&,ke:
|
||||||
|
eM_F
|
||||||
|
8O:J
|
||||||
|
9)/m>&
|
||||||
|
[P{!
|
||||||
|
}EI5#
|
||||||
|
a~Wt,1
|
||||||
|
]<e<
|
||||||
|
g:rc
|
||||||
|
"1Pa
|
||||||
|
ujM^P
|
||||||
|
P#3a
|
||||||
|
vFGO
|
||||||
|
ZniFi
|
||||||
|
%a ?}
|
||||||
|
2AQaq 0B#@r
|
||||||
|
\xr>
|
||||||
|
\37g
|
||||||
|
4=i#N
|
||||||
|
F:Jx
|
||||||
|
.`Ot
|
||||||
|
v[xU
|
||||||
|
|='u
|
||||||
|
{~T{@
|
||||||
|
LX.9
|
||||||
|
?mBx
|
||||||
|
L1QG
|
||||||
|
lIYB+
|
||||||
|
|] %
|
||||||
|
QTj?:
|
||||||
|
$*,-
|
||||||
|
pk4D
|
||||||
|
4R gX
|
||||||
|
$mmk
|
||||||
|
_QSK
|
||||||
|
b)^L
|
||||||
|
a[T=
|
||||||
|
mpj<N;
|
||||||
|
!1AQaq
|
||||||
|
x'<L
|
||||||
|
we|C{
|
||||||
|
iiR8
|
||||||
|
"'A*
|
||||||
|
aZ(4
|
||||||
|
cj}+
|
||||||
|
NL7'4
|
||||||
|
u-kF3n
|
||||||
|
x cd
|
||||||
|
s}F3_Y
|
||||||
|
$+Ym
|
||||||
|
zrsq
|
||||||
|
f}]@
|
||||||
|
L&/F
|
||||||
|
&F'$,
|
||||||
|
| *
|
||||||
|
ktWxn
|
||||||
|
yLX*s]
|
||||||
|
pT)J
|
||||||
|
eR-3
|
||||||
|
SG=3\Y
|
||||||
|
JK%0
|
||||||
|
h"(p
|
||||||
|
!01Q
|
||||||
|
%^cJ
|
||||||
|
H|cO
|
||||||
|
!10AQ
|
||||||
|
'([P
|
||||||
|
!1AQaq
|
||||||
|
s`%"
|
||||||
|
X`3d'
|
||||||
|
'P]!
|
||||||
|
;#_l
|
||||||
|
ABx=~
|
||||||
|
"r&"
|
||||||
|
0YAP
|
||||||
|
ch-h
|
||||||
|
XoXrl
|
||||||
|
l0Je
|
||||||
|
V^_W
|
||||||
|
xp7p
|
||||||
|
v{*{8
|
||||||
|
=k"$TW3G
|
||||||
|
1)j!
|
||||||
|
7y}U
|
||||||
|
<~0GD
|
||||||
|
n%CeoQ=m8
|
||||||
|
`"n<P
|
||||||
|
i}\D
|
||||||
|
X`(
|
||||||
|
8kF=
|
||||||
|
~9%]Tn
|
||||||
|
flag{wow!_data_is_cool}
|
||||||
|
$lqU
|
||||||
|
AG{u
|
||||||
|
Xm*CnC
|
||||||
|
@'hnQ
|
||||||
|
ax+p
|
||||||
|
bdQG
|
||||||
|
D_ O
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{wow!_data_is_cool}`
|
After (image error) Size: 70 KiB |
After (image error) Size: 15 KiB |
|
@ -0,0 +1,36 @@
|
||||||
|
## GandalfTheWise
|
||||||
|
The main idea finding the flag is XOR strings.
|
||||||
|
#### Step-1:
|
||||||
|
After downloading `Gandalf.jpg`, I tried `strings Gandalf.jpg` and got this output. These are initial strings embedded in Meta data of image.
|
||||||
|
|
||||||
|
```
|
||||||
|
JFIF
|
||||||
|
+Q1RGbGVhcm57eG9yX2lzX3lvdXJfZnJpZW5kfQo=
|
||||||
|
+xD6kfO2UrE5SnLQ6WgESK4kvD/Y/rDJPXNU45k/p
|
||||||
|
+h2riEIj13iAp29VUPmB+TadtZppdw3AuO7JRiDyU
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I decrypted the 1<sup>st</sup> Base64 encrypted string i.e. `Q1RGbGVhcm57eG9yX2lzX3lvdXJfZnJpZW5kfQo=` at https://cryptii.com/.
|
||||||
|
|
||||||
|
<img src="String1.png">
|
||||||
|
|
||||||
|
It gives a false flag `CTFlearn{xor_is_your_friend}`, but on a brighter side it gives idea of XOR'ing the next 2 strings.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
So, I decrypted remaining 2 strings to get hexadecimal texts because in that RFC, ASCII text isn't possible.
|
||||||
|
|
||||||
|
<img src="String2.png">
|
||||||
|
|
||||||
|
<img src="String3.png">
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
I XOR them online at: http://xor.pw/ to get the flag.
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTFlearn{Gandalf.BilboBaggins}`
|
After (image error) Size: 33 KiB |
After (image error) Size: 44 KiB |
After (image error) Size: 45 KiB |
|
@ -0,0 +1,101 @@
|
||||||
|
## Taking LS
|
||||||
|
The main idea finding the flag using simple Git commands to find hidden passwords and flag.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download the given zip `gitIsGood.zip` from the cloud, we just try simple techniques.
|
||||||
|
|
||||||
|
After we unzip, we get a directory called `gitisGood`.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I went into `gitisGood` directory and tried
|
||||||
|
`ls -al` command to get following output:
|
||||||
|
|
||||||
|
```
|
||||||
|
total 16
|
||||||
|
drwxr-xr-x 3 rishit rishit 4096 Oct 30 2016 .
|
||||||
|
drwxr-xr-x 3 rishit rishit 4096 Jul 10 16:43 ..
|
||||||
|
-rw-r--r-- 1 rishit rishit 15 Oct 30 2016 flag.txt
|
||||||
|
drwxr-xr-x 8 rishit rishit 4096 Oct 30 2016 .git
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
Next, I tried `cat flag.txt`, but seems like that flag `flag{REDACTED}` is incorrect.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
So we try to explore the `.git` directory. Get into that directory to know the changes that were done on the `flag.txt`
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
I tried `git log` and came to know that the file was changed 3 times by the following output:
|
||||||
|
|
||||||
|
```
|
||||||
|
Author: LaScalaLuke <lascala.luke@gmail.com>
|
||||||
|
Date: Sun Oct 30 14:33:18 2016 -0400
|
||||||
|
|
||||||
|
Edited files
|
||||||
|
|
||||||
|
commit 195dd65b9f5130d5f8a435c5995159d4d760741b
|
||||||
|
Author: LaScalaLuke <lascala.luke@gmail.com>
|
||||||
|
Date: Sun Oct 30 14:32:44 2016 -0400
|
||||||
|
|
||||||
|
Edited files
|
||||||
|
|
||||||
|
commit 6e824db5ef3b0fa2eb2350f63a9f0fdd9cc7b0bf
|
||||||
|
Author: LaScalaLuke <lascala.luke@gmail.com>
|
||||||
|
Date: Sun Oct 30 14:32:11 2016 -0400
|
||||||
|
|
||||||
|
edited files
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-6:
|
||||||
|
So to know the changes we need to add some additional flag and the command becomes:
|
||||||
|
|
||||||
|
`git log -p`
|
||||||
|
|
||||||
|
The output is as follows:
|
||||||
|
```
|
||||||
|
commit d10f77c4e766705ab36c7f31dc47b0c5056666bb (HEAD -> master)
|
||||||
|
Author: LaScalaLuke <lascala.luke@gmail.com>
|
||||||
|
Date: Sun Oct 30 14:33:18 2016 -0400
|
||||||
|
|
||||||
|
Edited files
|
||||||
|
|
||||||
|
diff --git a/flag.txt b/flag.txt
|
||||||
|
index 8684e68..c5250d0 100644
|
||||||
|
--- a/flag.txt
|
||||||
|
+++ b/flag.txt
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-flag{protect_your_git}
|
||||||
|
+flag{REDACTED}
|
||||||
|
|
||||||
|
commit 195dd65b9f5130d5f8a435c5995159d4d760741b
|
||||||
|
Author: LaScalaLuke <lascala.luke@gmail.com>
|
||||||
|
Date: Sun Oct 30 14:32:44 2016 -0400
|
||||||
|
|
||||||
|
Edited files
|
||||||
|
|
||||||
|
diff --git a/flag.txt b/flag.txt
|
||||||
|
index c5250d0..8684e68 100644
|
||||||
|
--- a/flag.txt
|
||||||
|
+++ b/flag.txt
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-flag{REDACTED}
|
||||||
|
+flag{protect_your_git}
|
||||||
|
|
||||||
|
commit 6e824db5ef3b0fa2eb2350f63a9f0fdd9cc7b0bf
|
||||||
|
Author: LaScalaLuke <lascala.luke@gmail.com>
|
||||||
|
Date: Sun Oct 30 14:32:11 2016 -0400
|
||||||
|
|
||||||
|
edited files
|
||||||
|
|
||||||
|
diff --git a/flag.txt b/flag.txt
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..c5250d0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/flag.txt
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+flag{REDACTED}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-7:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{protect_your_git}`
|
|
@ -0,0 +1 @@
|
||||||
|
flag{REDACTED}
|
|
@ -0,0 +1,112 @@
|
||||||
|
## Milk's Best Friend
|
||||||
|
The main idea finding the flag is to find the hidden files and apply basic forensics techniques.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `oreo.jpg` from the cloud, I tried `strings oreo.jpg`, there I couldn't find the correct flag. So I tried for some hidden data in the image.
|
||||||
|
|
||||||
|
<img src="oreo.jpg">
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I tried out `binwalk oreo.jpg` and got the following output:
|
||||||
|
|
||||||
|
```
|
||||||
|
DECIMAL HEXADECIMAL DESCRIPTION
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
0 0x0 JPEG image data, JFIF standard 1.01
|
||||||
|
9515 0x252B RAR archive data, version 4.x, first volume type: MAIN_HEAD
|
||||||
|
```
|
||||||
|
|
||||||
|
This clears that we have a RAR file inside the image.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
To extract all, I used `binwalk -D oreo.jpg` and I got a directory `_oreo.jpg.extracted` at that location.
|
||||||
|
|
||||||
|
I checked its contents and it had a directory called `1` & a zip file `252B.rar`. I chose to explore `1` first.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
In `1`, I got a file `a` & `b.jpg`. So my next instinct was to try out `strings b.jpg` and Voila it worked.
|
||||||
|
|
||||||
|
<img src="b.jpg">
|
||||||
|
|
||||||
|
I got the following output:
|
||||||
|
|
||||||
|
```
|
||||||
|
JFIF
|
||||||
|
"1$%)+...
|
||||||
|
383-7(-.+
|
||||||
|
%----------------------+----------------------+---7
|
||||||
|
!1AQqa
|
||||||
|
\5n`]
|
||||||
|
xsLy
|
||||||
|
.y fk
|
||||||
|
vSk:M
|
||||||
|
DzuMb
|
||||||
|
_NZ@
|
||||||
|
]ETyn
|
||||||
|
Xg3H
|
||||||
|
nBC_
|
||||||
|
]95r
|
||||||
|
C^^[p
|
||||||
|
Q`';
|
||||||
|
q`7'
|
||||||
|
\\o*
|
||||||
|
. &
|
||||||
|
04KZ
|
||||||
|
)Qc&
|
||||||
|
Q{k~
|
||||||
|
st&[
|
||||||
|
NW89
|
||||||
|
Lk$[
|
||||||
|
1Y79
|
||||||
|
a0\A
|
||||||
|
$;6g
|
||||||
|
%mG+$
|
||||||
|
DysM
|
||||||
|
2em7
|
||||||
|
6M>f
|
||||||
|
Ztn`$F
|
||||||
|
qUhTmjN
|
||||||
|
+67*
|
||||||
|
e6hi
|
||||||
|
0d$j
|
||||||
|
-ko)'
|
||||||
|
CH;^u
|
||||||
|
&Du=
|
||||||
|
$t$Lv
|
||||||
|
1/i
|
||||||
|
/1-6n
|
||||||
|
Gx#GA
|
||||||
|
M8n!
|
||||||
|
iT0?
|
||||||
|
kVI8
|
||||||
|
`.}v
|
||||||
|
gPl,c
|
||||||
|
bsDKw
|
||||||
|
O]=6V1
|
||||||
|
Rx|!
|
||||||
|
\l&>
|
||||||
|
!G=*
|
||||||
|
HSayi-9
|
||||||
|
#X3i
|
||||||
|
c>R2
|
||||||
|
$+cmk1
|
||||||
|
u|h]a
|
||||||
|
tEp#
|
||||||
|
&Z 2`
|
||||||
|
ZMmG
|
||||||
|
a;}V
|
||||||
|
{2sRpo7%V
|
||||||
|
0=Q-C:
|
||||||
|
[e[!A
|
||||||
|
|5xk
|
||||||
|
+NgU
|
||||||
|
;HO+dD
|
||||||
|
D272}
|
||||||
|
`h :
|
||||||
|
K`8m:-
|
||||||
|
Finally, flag{eat_more_oreos}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{eat_more_oreos}`
|
|
@ -0,0 +1,3 @@
|
||||||
|
|
||||||
|
|
||||||
|
This is not the flag you are looking for.
|
After (image error) Size: 6.6 KiB |
After (image error) Size: 6.6 KiB |
After (image error) Size: 16 KiB |
After (image error) Size: 44 KiB |
|
@ -0,0 +1,58 @@
|
||||||
|
## PikesPeak
|
||||||
|
The main idea finding the flag using simple forensic techniques.
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `PikesPeak.jpg`, we try to open and see the flag and check if we find any.
|
||||||
|
|
||||||
|
<img src="PikesPeak.jpg">
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I tried simple techniques and easily found answer when we send the command:
|
||||||
|
|
||||||
|
`strings PikesPeak.jpg | grep {`
|
||||||
|
|
||||||
|
I and got this as output:
|
||||||
|
|
||||||
|
```
|
||||||
|
CTFLEARN{PikesPeak}
|
||||||
|
CTFLearn{Colorado}
|
||||||
|
%ctflearn{MountainMountainMountain}
|
||||||
|
#cTfLeArN{CTFMountainCTFmOUNTAIN}
|
||||||
|
CTF{AsPEN.Vail}
|
||||||
|
CTFlearn{Gandalf}
|
||||||
|
ctflearning{AUCKLAND}
|
||||||
|
ctfLEARN{MtDoom}
|
||||||
|
6ctflearninglearning{Mordor.TongariroAlpineCrossing}
|
||||||
|
+CTFLEARN{MountGedePangrangoNationalPark}
|
||||||
|
$ctflearncTfLeARN{MountKosciuszko}
|
||||||
|
{rof
|
||||||
|
#&f{
|
||||||
|
Y\GC{(
|
||||||
|
{r%681G
|
||||||
|
{t(@Q
|
||||||
|
{5$<
|
||||||
|
)%)`{
|
||||||
|
N{eI&
|
||||||
|
]N&{
|
||||||
|
NKxf{
|
||||||
|
K;{Dk
|
||||||
|
8pGM{
|
||||||
|
d=q{
|
||||||
|
|PV{
|
||||||
|
xw{1
|
||||||
|
#{;W
|
||||||
|
}s7h{
|
||||||
|
V{K[\d
|
||||||
|
b%\{%
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
I tried all the flags up there xP.
|
||||||
|
|
||||||
|
However one of them worked out.
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTFlearn{Gandalf}`
|
|
@ -0,0 +1,106 @@
|
||||||
|
## Rubber Duck
|
||||||
|
The main idea finding the flag using easiest forensics techniques.
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `RubberDuck.jpg`, we try to open and see the flag and check if we find any.
|
||||||
|
|
||||||
|
<img src="RubberDuck.jpg">
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I tried simple techniques and easily found answer when we send the command:
|
||||||
|
|
||||||
|
`strings RubberDuck.jpg | grep {`
|
||||||
|
|
||||||
|
Note: Although some general techniques also include `strings RubberDuck.jpg | grep flag` & `strings RubberDuck.jpg | grep ctf`.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
We get the following output:
|
||||||
|
```
|
||||||
|
CTFlearn{ILoveJakarta}
|
||||||
|
e{8{"
|
||||||
|
i~{
|
||||||
|
S:{s
|
||||||
|
^{Ec
|
||||||
|
2\G;{J
|
||||||
|
s9y{x
|
||||||
|
]^y{
|
||||||
|
=\u^{F
|
||||||
|
-{~?
|
||||||
|
{VVj
|
||||||
|
)@{1
|
||||||
|
G-%#{
|
||||||
|
".k{;y;3
|
||||||
|
U{U_
|
||||||
|
Bu{S/
|
||||||
|
n{b/
|
||||||
|
T{#G
|
||||||
|
*H{cF:
|
||||||
|
oT{S
|
||||||
|
!yl[ru{
|
||||||
|
\{t|
|
||||||
|
"{x0
|
||||||
|
iE7q,4${
|
||||||
|
Or/hr{
|
||||||
|
{c8w
|
||||||
|
{Qjjr
|
||||||
|
NYY,{
|
||||||
|
=F{?a
|
||||||
|
z{x^
|
||||||
|
q{X4
|
||||||
|
V{2n
|
||||||
|
`pY{
|
||||||
|
#:J^Z{
|
||||||
|
f{'z
|
||||||
|
{|D7
|
||||||
|
{43P
|
||||||
|
${X<a`
|
||||||
|
<H{OH
|
||||||
|
F{UbP
|
||||||
|
rjM#{+
|
||||||
|
Op{K
|
||||||
|
sp{A:`
|
||||||
|
bMm{e
|
||||||
|
u#y{g
|
||||||
|
jG\{
|
||||||
|
Q{Io
|
||||||
|
l{y
|
||||||
|
9{Df
|
||||||
|
Yc{6
|
||||||
|
d9};{7
|
||||||
|
i:{#
|
||||||
|
{nh|q$7/
|
||||||
|
F#({4
|
||||||
|
o=#}0^{
|
||||||
|
Qx{M
|
||||||
|
{{~eG
|
||||||
|
{%.xp
|
||||||
|
c{Efeqf
|
||||||
|
QS]{
|
||||||
|
~{YE
|
||||||
|
1J{y
|
||||||
|
kQ.{
|
||||||
|
I{n1
|
||||||
|
+?y{c
|
||||||
|
\{@Q
|
||||||
|
_d9{
|
||||||
|
PA{h
|
||||||
|
{C)r
|
||||||
|
QI{)A
|
||||||
|
{@<J
|
||||||
|
:{!?
|
||||||
|
h%7{
|
||||||
|
v/Y{
|
||||||
|
e*P{
|
||||||
|
{b_&
|
||||||
|
TAr{
|
||||||
|
@{R#eq
|
||||||
|
+l?{
|
||||||
|
sPUj{t
|
||||||
|
{ Q`_
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTFlearn{ILoveJakarta}`
|
After (image error) Size: 192 KiB |
After (image error) Size: 103 KiB |
After (image error) Size: 103 KiB |
After (image error) Size: 102 KiB |
|
@ -0,0 +1,40 @@
|
||||||
|
## Taking LS
|
||||||
|
The main idea finding the flag using simple LS commands to find hidden passwords and flag.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download the given zip `The Flag.zip` from the cloud, we just try simple techniques.
|
||||||
|
|
||||||
|
After we unzip the 2 folders in it, we get 2 directories named `__MACOSX` & `The Flag`.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I went into `The Flag` directory and tried
|
||||||
|
`ls -al` command to get following output:
|
||||||
|
```
|
||||||
|
total 40
|
||||||
|
drwxr-xr-x 3 rishit rishit 4096 Oct 30 2016 .
|
||||||
|
drwxr-xr-x 4 rishit rishit 4096 Jul 10 16:13 ..
|
||||||
|
-rw-r--r-- 1 rishit rishit 6148 Oct 30 2016 .DS_Store
|
||||||
|
-rw-r--r-- 1 rishit rishit 16647 Oct 30 2016 'The Flag.pdf'
|
||||||
|
drwxr-xr-x 2 rishit rishit 4096 Oct 30 2016 .ThePassword
|
||||||
|
```
|
||||||
|
Note: `The Flag.pdf` is password protected.
|
||||||
|
We need to retrieve the password.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
Next, I got into `.ThePassword` directory and tried `ls` command to get this:
|
||||||
|
|
||||||
|
```
|
||||||
|
ThePassword.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Let's do a `cat ThePassword.txt` to get the Password.
|
||||||
|
|
||||||
|
`Nice Job! The Password is "Im The Flag".`
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Let's try this password on `The Flag.pdf` and its works!
|
||||||
|
|
||||||
|
#### Step-7:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`ABCTF{T3Rm1n4l_is_C00l}`
|
|
@ -0,0 +1,387 @@
|
||||||
|
## The Keymaker
|
||||||
|
The main idea finding the flag using some forensics and Crypto concepts.
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `The-Keymaker.jpg`, we try to open and see the flag and check if we find any.
|
||||||
|
|
||||||
|
<img src="The-Keymaker.jpg">
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I tried simple techniques and easily found answer when we send the command:
|
||||||
|
|
||||||
|
`strings PikesPeak.jpg`
|
||||||
|
|
||||||
|
I and got this as output:
|
||||||
|
|
||||||
|
```
|
||||||
|
JFIF
|
||||||
|
CTFlearn{TheKeymakerIsK00l}
|
||||||
|
b3BlbnNzbCBlbmMgLWQgLWFlcy0yNTYtY2JjIC1pdiBTT0YwIC1LIFNPUyAtaW4gZmxhZy5lbmMg
|
||||||
|
LW91dCBmbGFnIC1iYXNlNjQKCml2IGRvZXMgbm90IGluY2x1ZGUgdGhlIG1hcmtlciBvciBsZW5n
|
||||||
|
dGggb2YgU09GMAoKa2V5IGRvZXMgbm90IGluY2x1ZGUgdGhlIFMwUyBtYXJrZXIKCg==
|
||||||
|
CmmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY
|
||||||
|
, #&')*)
|
||||||
|
-0-(0%()(
|
||||||
|
((((((((((((((((((((((((((((((((((((((((((((((((((
|
||||||
|
RR=,Q
|
||||||
|
)n}}
|
||||||
|
ZY&H
|
||||||
|
1(m{iR
|
||||||
|
!AE3
|
||||||
|
J/>E
|
||||||
|
]m4us
|
||||||
|
/fuY
|
||||||
|
*0W[
|
||||||
|
YDkR&
|
||||||
|
-(ah!
|
||||||
|
X*EY#
|
||||||
|
}up07%
|
||||||
|
FPvV
|
||||||
|
[T);
|
||||||
|
uZD
|
||||||
|
[vK4
|
||||||
|
O>a\U
|
||||||
|
L.dY[
|
||||||
|
KK$h
|
||||||
|
Xn6<|
|
||||||
|
_@[O
|
||||||
|
+$KIQ;
|
||||||
|
A7~B.A]B
|
||||||
|
l-nvQ
|
||||||
|
i+2n
|
||||||
|
+K0x
|
||||||
|
{b:W
|
||||||
|
h4Yf7s;
|
||||||
|
1RTI
|
||||||
|
ZR^C
|
||||||
|
[Yf#r
|
||||||
|
U]+U4
|
||||||
|
{5}n
|
||||||
|
%SAL
|
||||||
|
IJ4\7
|
||||||
|
>_@M=<b
|
||||||
|
F*%J
|
||||||
|
X\lp
|
||||||
|
f=+kn9
|
||||||
|
e+^@
|
||||||
|
S`=+
|
||||||
|
JZ$D
|
||||||
|
W,C;
|
||||||
|
Se=I
|
||||||
|
!I7$/
|
||||||
|
?\UIn
|
||||||
|
Jjm.
|
||||||
|
Kn/ql>#'o
|
||||||
|
F\z>y
|
||||||
|
npU7
|
||||||
|
{D[i
|
||||||
|
-:*C
|
||||||
|
-;5r
|
||||||
|
%Ciw
|
||||||
|
V],Is
|
||||||
|
,I ~
|
||||||
|
hE#Q
|
||||||
|
2jz/(
|
||||||
|
itO,
|
||||||
|
er.](
|
||||||
|
sj9d
|
||||||
|
biF:
|
||||||
|
o~19F.-
|
||||||
|
m.uX,rzB.
|
||||||
|
PI8xc
|
||||||
|
MR,(_T`
|
||||||
|
|;jOoS$
|
||||||
|
jJ7e
|
||||||
|
'Y$]
|
||||||
|
znRK
|
||||||
|
C$+8
|
||||||
|
,!~th}
|
||||||
|
7nS*
|
||||||
|
~pE=
|
||||||
|
dMh&
|
||||||
|
KsHw
|
||||||
|
QTHZ
|
||||||
|
S-~u=
|
||||||
|
:RB9uFr
|
||||||
|
ER #
|
||||||
|
A-.kx%
|
||||||
|
/qm_,FZN
|
||||||
|
j#2*
|
||||||
|
@,T[{
|
||||||
|
Ksri
|
||||||
|
6kYB
|
||||||
|
1u23
|
||||||
|
e%I/Q
|
||||||
|
%fJm
|
||||||
|
tM:v
|
||||||
|
M+I<M
|
||||||
|
)!U5
|
||||||
|
@e%H
|
||||||
|
tHrw
|
||||||
|
U_G_
|
||||||
|
^m4B
|
||||||
|
ue:E
|
||||||
|
gR/.
|
||||||
|
6b !v
|
||||||
|
*-40E-S
|
||||||
|
;`)FN
|
||||||
|
MU.KN
|
||||||
|
JN%F
|
||||||
|
+%MD3E*M*K
|
||||||
|
`W)'
|
||||||
|
Q$04
|
||||||
|
:IpKI^2
|
||||||
|
5ev$o
|
||||||
|
CRb4
|
||||||
|
fS|<`S
|
||||||
|
iMD1RT
|
||||||
|
`bX>
|
||||||
|
yU^[K
|
||||||
|
NAP_r
|
||||||
|
WFZN
|
||||||
|
iU_=B
|
||||||
|
jwX
|
||||||
|
R=:F
|
||||||
|
2g4m
|
||||||
|
Vu=9
|
||||||
|
&jHj
|
||||||
|
Q,h6>
|
||||||
|
$j`7
|
||||||
|
xTGP
|
||||||
|
Y]MZ
|
||||||
|
KQ--
|
||||||
|
CH:T
|
||||||
|
8hGt{
|
||||||
|
%)tG
|
||||||
|
'*Z`
|
||||||
|
BQZ1
|
||||||
|
aQY&^
|
||||||
|
pl}(N
|
||||||
|
K[_MBFZ
|
||||||
|
IM!Q
|
||||||
|
TZiQ
|
||||||
|
<h5!I
|
||||||
|
NNAwM
|
||||||
|
`JQ%$ut
|
||||||
|
"Uid1
|
||||||
|
U59m8S
|
||||||
|
4;Lup
|
||||||
|
PD4GO
|
||||||
|
r*TU
|
||||||
|
po~7
|
||||||
|
o},}
|
||||||
|
yQe!_
|
||||||
|
&3:E
|
||||||
|
!+E,
|
||||||
|
#9g |
|
||||||
|
E=_e*h
|
||||||
|
9A"O
|
||||||
|
:4P_2
|
||||||
|
(:k,
|
||||||
|
9id$I
|
||||||
|
05An
|
||||||
|
YfqT
|
||||||
|
IW]CQOB
|
||||||
|
RW^&
|
||||||
|
$)<0
|
||||||
|
8QoQ[
|
||||||
|
-l/|
|
||||||
|
l,nB
|
||||||
|
~xx)(
|
||||||
|
@Art
|
||||||
|
h+s\
|
||||||
|
d9>aUQqU
|
||||||
|
M9S\
|
||||||
|
3eA,
|
||||||
|
S\q0
|
||||||
|
A6;x
|
||||||
|
bU4u
|
||||||
|
LoIR
|
||||||
|
%)5&
|
||||||
|
w#X
|
||||||
|
5B7Q
|
||||||
|
AEO*UH
|
||||||
|
~IN{
|
||||||
|
P56c]B:
|
||||||
|
&PdR
|
||||||
|
Uw[s}
|
||||||
|
&&#{
|
||||||
|
{q|,t
|
||||||
|
_[WV%
|
||||||
|
(Bm,
|
||||||
|
/jDh
|
||||||
|
U$t.
|
||||||
|
%aUX
|
||||||
|
8}WSSf
|
||||||
|
TRg4b
|
||||||
|
bUbs
|
||||||
|
-9J1Q
|
||||||
|
2*et
|
||||||
|
GSJL&
|
||||||
|
nHym
|
||||||
|
JQ9mE
|
||||||
|
SWQ+
|
||||||
|
T}6_
|
||||||
|
U)SB|K
|
||||||
|
*j`i+
|
||||||
|
YuFqS
|
||||||
|
]GMm
|
||||||
|
T#>_C
|
||||||
|
M$4u'
|
||||||
|
qwWK
|
||||||
|
OVnF
|
||||||
|
.HBm~
|
||||||
|
SFw$
|
||||||
|
pRrT
|
||||||
|
$iY@0
|
||||||
|
T%X
|
||||||
|
Hg%!`
|
||||||
|
HUtz
|
||||||
|
^Pw'
|
||||||
|
Qtm2U
|
||||||
|
9_LW
|
||||||
|
&WHh
|
||||||
|
^?l_
|
||||||
|
DUPv
|
||||||
|
e-%Q
|
||||||
|
T$NA
|
||||||
|
#3Lf
|
||||||
|
LqV-
|
||||||
|
|uY%j
|
||||||
|
\Xsl
|
||||||
|
Wmz}B
|
||||||
|
P0se
|
||||||
|
:^u.
|
||||||
|
-[-,3
|
||||||
|
iceW
|
||||||
|
IuvC
|
||||||
|
A`.
|
||||||
|
K$YlO
|
||||||
|
plqx
|
||||||
|
!hAq
|
||||||
|
;[H$
|
||||||
|
VIA$
|
||||||
|
uacp
|
||||||
|
K?/ht
|
||||||
|
Qi%@\
|
||||||
|
C"V4OK
|
||||||
|
[QY#
|
||||||
|
gRKCRY
|
||||||
|
/b6+
|
||||||
|
7$JI
|
||||||
|
M^eQ
|
||||||
|
9k"c"@
|
||||||
|
`} l
|
||||||
|
-Q42
|
||||||
|
F6ui*E
|
||||||
|
#Tj(
|
||||||
|
%%Na
|
||||||
|
;Q9\
|
||||||
|
1@_},C
|
||||||
|
+=E=B
|
||||||
|
6zzy"
|
||||||
|
h{!"
|
||||||
|
olNj
|
||||||
|
Wc$TY}fT
|
||||||
|
STjfD
|
||||||
|
/#gNC
|
||||||
|
uV_C[)
|
||||||
|
n,Bj
|
||||||
|
?dy[
|
||||||
|
LT}T
|
||||||
|
jcHB
|
||||||
|
T7QV
|
||||||
|
*(N\
|
||||||
|
GVi9NV
|
||||||
|
)i"U
|
||||||
|
DZ_H
|
||||||
|
-;'Q
|
||||||
|
P,ZA
|
||||||
|
m~|b5r@
|
||||||
|
()*^
|
||||||
|
,B^7
|
||||||
|
u'wI
|
||||||
|
M=k"
|
||||||
|
1OQv6
|
||||||
|
iNSJ
|
||||||
|
M9c&
|
||||||
|
_QM]
|
||||||
|
WGlll-r
|
||||||
|
s4 4
|
||||||
|
\o|w
|
||||||
|
WSM)e
|
||||||
|
Pwhj
|
||||||
|
jzw.
|
||||||
|
u4tU9
|
||||||
|
&YL K1S
|
||||||
|
?BlF:c
|
||||||
|
Qmt@*
|
||||||
|
iY]9
|
||||||
|
#m#"6
|
||||||
|
PEP@
|
||||||
|
mrpV
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Try the flag and it is incorrect. Now the following part looks like Base64 encryption:
|
||||||
|
```
|
||||||
|
b3BlbnNzbCBlbmMgLWQgLWFlcy0yNTYtY2JjIC1pdiBTT0YwIC1LIFNPUyAtaW4gZmxhZy5lbmMg
|
||||||
|
LW91dCBmbGFnIC1iYXNlNjQKCml2IGRvZXMgbm90IGluY2x1ZGUgdGhlIG1hcmtlciBvciBsZW5n
|
||||||
|
dGggb2YgU09GMAoKa2V5IGRvZXMgbm90IGluY2x1ZGUgdGhlIFMwUyBtYXJrZXIKCg==
|
||||||
|
```
|
||||||
|
|
||||||
|
When we decode it online, we get the following:
|
||||||
|
```
|
||||||
|
openssl enc -d -aes-256-cbc -iv SOF0 -K SOS -in flag.enc -out flag -base64
|
||||||
|
|
||||||
|
iv does not include the marker or length of SOF0
|
||||||
|
|
||||||
|
key does not include the S0S marker
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
|
||||||
|
This is a hint, the flag is encoded with AES-256-CBC, then we need to find 128 bits of _iv_ and 256 bits of _key_ to decode and find the flag.
|
||||||
|
|
||||||
|
#### Step-6:
|
||||||
|
|
||||||
|
Open the image with hex editor, we find SOF0 with `0xff` `0xc0`, the length of SOF0 is `0x00` `0x11`.
|
||||||
|
|
||||||
|
If you don't have idea of mark identifiers of an image, refer below:
|
||||||
|
|
||||||
|
http://vip.sugovica.hu/Sardi/kepnezo/JPEG%20File%20Layout%20and%20Format.htm
|
||||||
|
|
||||||
|
Then, the _iv_ is: `0800be00c803011100021101031101ff`
|
||||||
|
|
||||||
|
#### Step-7:
|
||||||
|
|
||||||
|
We find S0S with `0xff` `0xda`, the _key_ is:
|
||||||
|
|
||||||
|
`000c03010002110311003f00f9766bfc44beda8f3f5c031b92cb0e92d6bdc952`
|
||||||
|
|
||||||
|
#### Step-8:
|
||||||
|
|
||||||
|
We have a comment left, this is the encoded flag:
|
||||||
|
|
||||||
|
`mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY`
|
||||||
|
|
||||||
|
#### Step-9:
|
||||||
|
|
||||||
|
According to the command, input we need to create a `flag.enc` which includes the above comment.
|
||||||
|
|
||||||
|
So, finally the contents of flag.enc become : `mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY`
|
||||||
|
|
||||||
|
#### Step-10:
|
||||||
|
According to previous given Base64 decryption, we have put the following command:
|
||||||
|
|
||||||
|
`openssl enc -d -aes-256-cbc -iv 0800be00c803011100021101031101ff -K 000c03010002110311003f00f9766bfc44beda8f3f5c031b92cb0e92d6bdc952 -in flag.enc -out flag -base64`
|
||||||
|
|
||||||
|
#### Step-11:
|
||||||
|
|
||||||
|
This will create a file `flag` in the same directory and then we can read the contents by just `cat flag`
|
||||||
|
|
||||||
|
#### Step-12:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`CTFlearn{Ne0.TheMatrix}`
|
After (image error) Size: 20 KiB |
|
@ -0,0 +1 @@
|
||||||
|
CTFlearn{Ne0.TheMatrix}
|
|
@ -0,0 +1 @@
|
||||||
|
mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY
|
After (image error) Size: 318 KiB |
After (image error) Size: 420 KiB |
|
@ -0,0 +1,35 @@
|
||||||
|
## The adventures of Boris Ivanov. Part 1.
|
||||||
|
The main idea finding the flag is to tangle image RGB filters with Stegsolver.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After downloading `Boris_Ivanov_1.jpg` from the cloud, I tried all basic Forensics Techniques, but I got nothing.
|
||||||
|
|
||||||
|
<img src="Boris_Ivanov_1.jpg">
|
||||||
|
|
||||||
|
NULL. NATA. ZIP.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
|
||||||
|
I tried to use the Stegsolver application. For those who don't have it, can get the script from here:
|
||||||
|
|
||||||
|
https://github.com/zardus/ctf-tools/tree/master/stegsolve
|
||||||
|
|
||||||
|
After installation is complete, running `./stegsolver.jar` will launch the application.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
|
||||||
|
After reading the challenge again and again we can notice the word KGB may bay relate to Steganography by RGB.
|
||||||
|
|
||||||
|
In Stegsolver, there are 1000 offsets possible.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Luckily, after analyzing the image, I started to filter backwards and got flag at <strong>898</strong> offset.
|
||||||
|
|
||||||
|
I got the flag there.
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{d0nt_m3s5_w1th_th3_KGB}`
|
After (image error) Size: 21 KiB |
After (image error) Size: 82 KiB |
After (image error) Size: 45 KiB |
|
@ -0,0 +1,280 @@
|
||||||
|
## Up For A Little Challenge?
|
||||||
|
The main idea finding the flag is to consecutively use Forensics commands.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After we download `Begin Hack.jpg` from the cloud, we try to understand what is the content. <br>
|
||||||
|
|
||||||
|
<img src="Begin Hack.jpg">
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
Then I tried `strings Begin hack.jpg` and got the following output:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
JFIF
|
||||||
|
Exif
|
||||||
|
8Photoshop 3.0
|
||||||
|
8BIM
|
||||||
|
8BIM
|
||||||
|
S@%c
|
||||||
|
&T6d
|
||||||
|
'E7e
|
||||||
|
()*89:HIJWXYZghijwxyz
|
||||||
|
0"2Q
|
||||||
|
3#aB
|
||||||
|
c6p&ET
|
||||||
|
()*789:FGHIJUVWXYZdefghijstuvwxyz
|
||||||
|
mQ15
|
||||||
|
TLMm
|
||||||
|
[m[mQ15
|
||||||
|
*tMD
|
||||||
|
"k4J
|
||||||
|
Rs]n
|
||||||
|
<zbpM
|
||||||
|
;ELN
|
||||||
|
*gEN
|
||||||
|
=a?6m
|
||||||
|
bj'j
|
||||||
|
:5LN
|
||||||
|
[m[m[mZ4
|
||||||
|
_|RW
|
||||||
|
zgm19
|
||||||
|
-{{?_
|
||||||
|
:UWXV
|
||||||
|
A_~{
|
||||||
|
[mRQ.
|
||||||
|
MtMm
|
||||||
|
_b|g
|
||||||
|
)bum
|
||||||
|
Q;TLMm
|
||||||
|
j&5i
|
||||||
|
\_s5sH
|
||||||
|
mQ:j6
|
||||||
|
mQ15
|
||||||
|
[mFw\j
|
||||||
|
y0X,
|
||||||
|
Yyrx
|
||||||
|
iKJ
|
||||||
|
DC(jC)dwC
|
||||||
|
?HxC
|
||||||
|
Cl|G
|
||||||
|
/sPj
|
||||||
|
MJ,h`
|
||||||
|
550]
|
||||||
|
4KvwUp
|
||||||
|
QYj,
|
||||||
|
n7~$N[$
|
||||||
|
-g0L
|
||||||
|
Gmu5
|
||||||
|
i*iSJ
|
||||||
|
]ZIsk
|
||||||
|
g<W1M
|
||||||
|
LE4l^\
|
||||||
|
wdc.)
|
||||||
|
:}^Xs
|
||||||
|
ML ~
|
||||||
|
1bdM;V
|
||||||
|
Lub
|
||||||
|
%)p_
|
||||||
|
d(3D
|
||||||
|
gqm6
|
||||||
|
[y|7
|
||||||
|
Qoq-
|
||||||
|
)kAO
|
||||||
|
j.YJ
|
||||||
|
t)9m
|
||||||
|
U>iy
|
||||||
|
}p.<E1
|
||||||
|
.Xm5
|
||||||
|
Yu>6p
|
||||||
|
_f;>Yd$W
|
||||||
|
&MBo
|
||||||
|
X?$6
|
||||||
|
bjCL
|
||||||
|
k)p$
|
||||||
|
W&YL
|
||||||
|
19b$
|
||||||
|
^8/_
|
||||||
|
l',r
|
||||||
|
%pRG
|
||||||
|
H4\p
|
||||||
|
R/C,^
|
||||||
|
7l#Y
|
||||||
|
Oi?h
|
||||||
|
w +V
|
||||||
|
|^7V*
|
||||||
|
QXmG5_?
|
||||||
|
/E'C
|
||||||
|
.$%er
|
||||||
|
o%))
|
||||||
|
:?ab
|
||||||
|
y+q\
|
||||||
|
5O9e?%j?
|
||||||
|
_&j"
|
||||||
|
1,G$+
|
||||||
|
CS@?
|
||||||
|
*zHr
|
||||||
|
Z#8CLQ_$#
|
||||||
|
1exh
|
||||||
|
1yjyw(
|
||||||
|
'Trj
|
||||||
|
`- https://mega.nz/#!z8hACJbb!vQB569ptyQjNEoxIwHrUhwWu5WCj1JWmU-OFjf90Prg -N17hGnFBfJliykJxXu8 -
|
||||||
|
=u}B
|
||||||
|
{Y4B
|
||||||
|
R_:/
|
||||||
|
/bTK
|
||||||
|
T8(w
|
||||||
|
}SPF*
|
||||||
|
.YRi,
|
||||||
|
m%<p
|
||||||
|
7<S:
|
||||||
|
CdRR
|
||||||
|
5Ol=
|
||||||
|
7Ge'
|
||||||
|
!1AQaq
|
||||||
|
0@P`p
|
||||||
|
rK2*
|
||||||
|
=611y
|
||||||
|
*E%9
|
||||||
|
M`H0X_
|
||||||
|
_W]y
|
||||||
|
!{u~
|
||||||
|
$V/
|
||||||
|
r%LL
|
||||||
|
;3;;
|
||||||
|
vj54
|
||||||
|
=}pW
|
||||||
|
5p^-
|
||||||
|
?s$X0?]
|
||||||
|
4@a4
|
||||||
|
=reg#
|
||||||
|
9*fL'
|
||||||
|
Mp real_unlock_key: Nothing Is As It SeemsU
|
||||||
|
~t>?
|
||||||
|
pb}X8a
|
||||||
|
;>)I$
|
||||||
|
A16hM
|
||||||
|
O9]F
|
||||||
|
K_Es
|
||||||
|
OQcc
|
||||||
|
{8OI
|
||||||
|
<T|pF
|
||||||
|
t<?EK*
|
||||||
|
)#0=n
|
||||||
|
b_74
|
||||||
|
^x<sN
|
||||||
|
1u{k
|
||||||
|
Nitr
|
||||||
|
b9R6
|
||||||
|
(Q{T
|
||||||
|
F>_
|
||||||
|
bK(1
|
||||||
|
c <AI<a
|
||||||
|
JxAD
|
||||||
|
AQa q
|
||||||
|
0@P`p
|
||||||
|
]!ql>
|
||||||
|
-L_Q
|
||||||
|
c<gg
|
||||||
|
c='I
|
||||||
|
_l2A5
|
||||||
|
5~Fh
|
||||||
|
89]M}+
|
||||||
|
^Jx(
|
||||||
|
)_4b
|
||||||
|
LQ")
|
||||||
|
zy=>
|
||||||
|
n66k
|
||||||
|
NuHPO
|
||||||
|
;(hO
|
||||||
|
+vU8*
|
||||||
|
+CL@
|
||||||
|
NiiJo
|
||||||
|
"Y#).3
|
||||||
|
kw]}
|
||||||
|
1|yq
|
||||||
|
UB!1/OV1
|
||||||
|
nt }
|
||||||
|
0+<$<
|
||||||
|
:Rgh
|
||||||
|
Qo"P
|
||||||
|
?a>^
|
||||||
|
)gN0e&W
|
||||||
|
Xzbg
|
||||||
|
T 7JA
|
||||||
|
bZ<R
|
||||||
|
N: r@
|
||||||
|
%r",r
|
||||||
|
#=#
|
||||||
|
U@!e
|
||||||
|
H/ga
|
||||||
|
8HK/
|
||||||
|
iPi5
|
||||||
|
|XPr
|
||||||
|
yJ6P
|
||||||
|
KeMLx
|
||||||
|
bQvs
|
||||||
|
MSU}
|
||||||
|
"*OL
|
||||||
|
Y@dmf
|
||||||
|
J\yE
|
||||||
|
%PEuW
|
||||||
|
yDYUE
|
||||||
|
password: Really? Again
|
||||||
|
3oC=
|
||||||
|
S MWX
|
||||||
|
lwPBj
|
||||||
|
XR0W'
|
||||||
|
@t-%
|
||||||
|
flag{Not_So_Simple...}
|
||||||
|
?@};
|
||||||
|
7b,,*
|
||||||
|
W*)^
|
||||||
|
#zZ&
|
||||||
|
Oqq
|
||||||
|
uS%f
|
||||||
|
yB1+!
|
||||||
|
w)% >
|
||||||
|
y:O @
|
||||||
|
tt'8
|
||||||
|
1F?jn
|
||||||
|
;'"K
|
||||||
|
|q=_
|
||||||
|
=U$a
|
||||||
|
FS `
|
||||||
|
8nzo a~
|
||||||
|
Trqe@
|
||||||
|
(~CK9&
|
||||||
|
Jq$?
|
||||||
|
@a:O>
|
||||||
|
ea!%!
|
||||||
|
e$Ef
|
||||||
|
yQ(u$65
|
||||||
|
4"<
|
||||||
|
s^)V
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
This output has opened a lot of gateways for us to explore. So let's try to visit the URL given to us:
|
||||||
|
https://mega.nz/file/z8hACJbb#vQB569ptyQjNEoxIwHrUhwWu5WCj1JWmU-OFjf90Prg
|
||||||
|
|
||||||
|
We get a new zip file there named `Up For A Little Challenge.zip`.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
After we unzip and try to find content (including all hidden files, by `ls -al`), I found the directory `Did I Forget Again?` and in that I found an image and another compressed file called `.Processing.cerb4`.
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
|
||||||
|
When I tried to unzip it, I found an image `skycoder.jpg` which was encrypted.
|
||||||
|
|
||||||
|
This is the time you have to be little smart and try the password from given things only. I tried to search above strings search and found password there: `Nothing Is As It Seems`.
|
||||||
|
|
||||||
|
#### Step-6:
|
||||||
|
Finally we get this image. Flag is right bottom corner.
|
||||||
|
|
||||||
|
<a href="https://ibb.co/3pb7kpN"><img src="https://i.ibb.co/HtyVXtz/skycoder.jpg" alt="skycoder" border="0"></a>
|
||||||
|
|
||||||
|
#### Step-7:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`flag{hack_complete}`
|
After (image error) Size: 101 KiB |