CyberYoddha CTF: Write-up

Raj Upadhyay

6 min readNov 2, 2020

Let’s see how I solved some challenges.

Trivia

Trivia 1

Flag: Linus Torvalds

Trivia 2

Flag: Gary Kildall

Trivia 3

Flag: Yahoo

Trivia 4

Flag: honeypot

Trivia 5

Flag: shoulder surfing

Trivia 7

Flag: SFC

Trivia 8

Logo:

Flag: haskell

Web Exploitation

Look Closely

Let’s open the webpage:

So looks like garbage text is given so let’s find “cyctf” in this page source.

Flag: CYCTF{1nSp3t_eL3M3nt?}

Disallow

So let’s open the link.

So challenge name is Disallow so the first thought that comes to mind is to search for the robots.txt file. ( robots.txt file contain disallow feature)

So let’s open the given link.

Flag: CYCTF{d33r0b0t$_r_sUp3r10r}

Data Store

Let’s open the given link.

So there is some login page.

When we see any login page we try common passwords like “admin: password” etc.

But this was not working here.

The next thing that comes into my mind is to do SQL injection.

and when I press the login button we navigate to the next page.

Flag: CYCTF{1_l0v3_$q1i}

Forensics

Image Viewer

So we have been given one jpeg file let’s open it.

So first let’s do “file command” and then “strings command”

So we got our flag.

Flag: CYCTF{h3h3h3_1m@g3_M3t@d@t@_v13w3r_ICU}

The row beneath

So we have been given one png file. let’s open it.

So the first approach is to do “file command” then “strings command”.

What’s the password?

Let’s open the jpg file.

So first I did “file command” and then “strings command” but didn’t find anything useful.

So I tried the “steghide” tool.

steghide extract -sf filename
Enter Passphrase: sudo ( for this challenge password was SUDO )

So with help of steghide, we get one txt file that contains a flag in it.

Flag: CYCTF{U$3_sud0_t0_achi3v3_y0ur_dr3@m$!}

Steg 2

So let’s open the PNG file.

So I used the “https://stegonline.georgeom.net/” website to change Bit Planes.

Flag: CYCTF{1$b_st3g@n0gr@phy_f0r_th3_w1n}

Steg Ultimate

So let’s open the jpg file.

So first I did “file command” and then “strings command” but didn’t find anything useful.

So I tried the “steghide” tool.

steghide extract -sf filename
Enter Passphrase: (for this challenge there was no password)
steghide extract -sf filename
Enter Passphrase: (for this challenge there was no password)

So we did the extraction of files and we get the “Pastebin” link let’s visit it.

Link: https://pastebin.com/YnKqT9s3

Looks like some crypto challenge is there but wait its forensic challenge.

So when I see this I know (from previous experience ) it’s a BASE64 string from which we need to create a jpg file.

So let’s do a “Base64 to jpg” conversation.

I used this website “https://base64.guru/converter/decode/image/jpg”

Flag: CYCTF{2_f0r_th3_pr1c3_0f_1_b64}

Cryptography

Home Base

given string :

4a5a57474934325a47464b54475632464f4259474336534a4f564647595653574a354345533454434b52585336564a524f425556435533554e4251574f504a35

So at first looks its like HEX so let’s do HEX to ASCII

JZWGI42ZGFKTGV2FOBYGC6SJOVFGYVSWJ5CES4TCKRXS6VJROBUVCU3UNBQWOPJ5

So after a few attempts, I found its base32 string so let’s decode it.

NldsY1U3WEppazIuJlVVODIrbTo/U1piQSthag==

So we got base64 string after decoding.

So after decoding base64 we got this wired string

6WlcU7XJik2.&UU82+m:?SZbA+aj

So it’s base85 so let’s decode it.

Flag: CYCTF{it5_@_H0m3_2un!}

shebang

shebang0

So for all these challenges we need to connect the server via ssh.

shebang1

shebang2

shebang3

Thanks for reading.