hackers hour CTF: write-up (part-2)
Recently I participated in HackersHour CTF, My team was able to finish 5th on the scoreboard. So here is a write-up for some of the challenges.
Cryptography
1.American_Cricket
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
So let’s look like some wired text here,
Now let’s think this way, challenge name is “American_cricket” so in America cricket can relate as Baseball.
so we can think something like this “Is there any encoding/decoding technique that sounds like Baseball” ??
YES, Base64, Base32, and so on.
But it does not look like base32 or base64 so I tried to search different base encoding techniques and I found it’s base91.
So let’s decode it.
Flag: THM{0k_y0u_G0t_M3}
2.D1versity101
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
It looks like a malbolge language. let’s decode it using this website: http://www.malbolge.doleczek.pl/
Flag: THM{3st0ric_1s_Fun!!}
3.D4nce_M0nk3y
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
So for this challenge, we need to identify this “Dancing monkey cryptography”
So I searched regarding the “dancing man” on the decode.fr website and yup I found one match.
So we need to select the same dancing man and we will get our flag.
So decoded string was: truefanofsherlockholmes
Flag: THM{true_fan_of_sherlock_holmes}
4.GIFgame
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
So as the challenge name suggests we have been given one gif file.
when I opened this gif image I found one link on it.
So it looks like a link or something but we can not see .com or anything in the link so we need to look it carefully.
link: https://anBzdC5pdCA=/2gSqo
So it looks like it’s a base64 string.
So let’s open the link. (jpst.it/2gSqo)
So it looks like so many Ooks.
So I google search about it I found it’s OOK language.
OoK! interpreter can decode it.
Flag:THM{this_is_your_flag}
5.NumberMaze
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
So in the png file, we can see some numbers so the initial thought was to decode it as a decimal to text.
[84 72 77 123 117 95 114 95 115 116 101 103 110 111 95 99 104 97 109 112 125]
So it was easy.
Flag: THM{u_r_stegno_champ}
6.GoEasy
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
This time we have one pdf file. so when I try to open it. It asks for a password.
So I tried some simple passwords like “admin, password and a few other” suddenly I thought let me try “easy” because the challenge name is GoEasy. and yup I was right password is “easy”
(we can crack it only or we can crack pdf password using Fcrack but sometimes passwords are in front of us we need to see it )
Pdf file contains
Oh no, it’s BrainFuck Language. ( wondering how I know ??? because I have played enough CTFs now and able to tell which cipher is it.)
Let’s decode it.
So we got another cipher. ( i was not able to solve this challenge. )
Let’s see some forensic challenges
1.Login
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
So we have some log file.
So the first approach is to search for the “THM” string. let’s find it.
But this approach is not working so let’s see the whole file.
after a few minutes, we found our flag.
Flag: THM{yOu’rE_ a_fOrEnsiCs_hErO}
2.AccessLogs
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
So it looks like we have some access logs here.
So the first approach is to search for the “THM” string. let’s find it.
So this trick works sometimes.
So now we have the initial few characters of flag: THM{aCCeSS_
So now we need to see the whole file to get a complete flag.
Other part of flag: lOgS_aRe_ImpORtanT}
SO now the flag is
Flag: THM{aCCeSS_lOgS_aRe_ImpORtanT}
3.InsecureLogs
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
This time we got a PCAP file, ( so this is where forensics begins )
So Now the first approach is to download all the exports from the PCAP file and we can do it easily like this.
Go to File and select the Export object as:
and then save all
So we have 27 files.
So we need to open it one by one and check for the flag. I found the flag in register(2).php file
Flag: THM{tHiS_Is_nEtwOrK_fOreNsiCS}
4.HashHashHash
So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.
So at first look we can see there is some hash value and it says find the flag in the file. So let’s scroll down at end of the file.
So we just need to find the first character of the flag.
So after half an hour, I was not able to crack or identify this hash
So last thing I did was search the “description of the challenge” and I found it’s a tiger hash ( google search this “I’m a cryptographic hash function designed in 1995. For efficiency on 64-bit platforms. My truncated versions can be used for compatibility with protocols.”)
Flag: THM{tiger_iS_gOOd_hAsH}
Honestly, for some of the other challenges, we need to download some specific tools so I personally don’t like that part about this CTF.
