b01lers bootcamp CTF: Write-up
Recently I participated in b01lers bootcamp CTF. I was able to solve 3 Misc challenges and 3 Web challenges. so here is my approach, how I solved it.
Misc
Echoes of Reality
So for this challenge, we have been given one “wav” file.
So the first approach is to open it in Audacity.
It looks like this:
So I decide to change the view from Waveform to Spectrogram.
So we can see our flag but let’s change frequency so we can see it clearly.
set Min_Frequency: 3000 and Max_Frequency: 15000
Yes, we got our flag.
Flag: flag{b3h1Nd_tH3_l0oK1nG_gl4s5}
Granular Data
So for this challenge, we got one PNG file. Let’s an open the PNG file.
So nothing interesting here. So let’s do EXIF for this image.
I used this website: http://metapicz.com/
So when I upload it and I can see the flag in front of me.
Flag: flag{h4t3d_1n_th3_n4t10n_0MTBu}
Zima Blue
So again we got one PNG image. Let’s open it.
So this image looks interesting especially that Blue portion.
So let’s do some image steganography online. (https://stegonline.georgeom.net/)
When I used “LSB Half” look what I found.
yesssssssssss, we got our flag.
Flag: flag{t3ll_by_th3_p1x3ls}
Web
Programs Only
So let’s open this link.
So nothing interesting here.
So let’s try to open the “robots.txt” file ( in any CTF it’s good practice to open robots.txt file in the first place)
So this looks interesting. let’s try to open /program/
Oh we get the error “Not Found”
Let’s again look at the robots.txt file
So we can see “User-agent” here so let’s capture the request in the burp suite and let’s change headers.
So let’s send it to the repeater and let’s change “User-Agent”.
User-agent: Master Control Program 0000
Let’s send this request and see the output.
So we get FLAG.
flag:flag{who_programmed_you?}
Reindeer Flotilla
Let’s open the URL.
It looks like we have been given one text box in which we can type anything.
Let’s look at source code first.
Let’s look at the script.js file once.
So at the end of the script, we can see some HEX values let’s try to decode it.
\x74\x72\x69\x67\x67\x65\x72','\x6f\x6b\x62\x75\x74\x74\x6f\x6e\x63\x6c\x69\x63\x6b\x65\x64','\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64','\x66\x6c\x61\x67\x7b\x79\x30\x75\x5f\x73\x68\x30\x75\x6c\x64\x6e\x74\x5f\x68\x34\x76\x33\x5f\x63\x30\x6d\x33\x5f\x62\x34\x63\x6b\x5f\x66\x6c\x79\x6e\x6e\x7d','\x6a\x51\x75\x65\x72\x79','\x61\x6c\x65\x72\x74'Let’s decode it.
Yes, we got another flag.
Flag:flag{y0u_sh0uldnt_h4v3_c0m3_b4ck_flynn}
First Day Inspection
Let’s open the URL.
Nothing Interesting here, so let’s see the source code.
we can see the 16th line that contains “flag{“
<!-- (1/5): flag{ -->So we got the first part of the flag.
Now let’s check the style.css file.
/* (3/5): 0m3_ */we got the third part of the flag.
Now let’s see the script.js file.
// (4/5): t0_EWe got the 4th part.
Now let’s try to decode the following HEX which is given in the script.js file.
\x6c\x6f\x63\x61\x6c\x53\x74\x6f\x72\x61\x67\x65','\x4e\x43\x30\x4d\x7d','\x28\x32\x2f\x35\x29\x3a\x20\x77\x33\x6c\x63','\x28\x35\x2f\x35\x29','\x73\x65\x74\x49\x74\x65\x6d','\x65\x72\x72\x6f\x72'
So we got the 2nd and 5th part of the flag.
localStorageNC0M}(2/5): w3lc(5/5)setItemerrorSo let’s decode HEX line by line
\x6c\x6f\x63\x61\x6c\x53\x74\x6f\x72\x61\x67\x65 : localStorage
\x4e\x43\x30\x4d\x7d : NC0M}
\x28\x32\x2f\x35\x29\x3a\x20\x77\x33\x6c\x63 : (2/5) w3lc
\x28\x35\x2f\x35\x29 : (5/5)
\x73\x65\x74\x49\x74\x65\x6d : setItem
\x65\x72\x72\x6f\x72 : errorSo let’s arrange it.
2nd part is (2/5) w3lc
5th part is (5/5) NC0M}So let’s combine and we have our flag.
Flag: flag{w3lc0m3_t0_ENC0M}
Thank you for reading.
