Open in app

Sign in

Write

Sign in

hackers hour CTF: write-up (part-2)

Raj Upadhyay
7 min readSep 28, 2020

Recently I participated in HackersHour CTF, My team was able to finish 5th on the scoreboard. So here is a write-up for some of the challenges.

Cryptography

1.American_Cricket

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

So let’s look like some wired text here,

Now let’s think this way, challenge name is “American_cricket” so in America cricket can relate as Baseball.

so we can think something like this “Is there any encoding/decoding technique that sounds like Baseball” ??

YES, Base64, Base32, and so on.

But it does not look like base32 or base64 so I tried to search different base encoding techniques and I found it’s base91.

So let’s decode it.

Flag: THM{0k_y0u_G0t_M3}

2.D1versity101

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

It looks like a malbolge language. let’s decode it using this website: http://www.malbolge.doleczek.pl/

Flag: THM{3st0ric_1s_Fun!!}

3.D4nce_M0nk3y

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

So for this challenge, we need to identify this “Dancing monkey cryptography”

So I searched regarding the “dancing man” on the decode.fr website and yup I found one match.

So we need to select the same dancing man and we will get our flag.

So decoded string was: truefanofsherlockholmes

Flag: THM{true_fan_of_sherlock_holmes}

4.GIFgame

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

So as the challenge name suggests we have been given one gif file.

when I opened this gif image I found one link on it.

So it looks like a link or something but we can not see .com or anything in the link so we need to look it carefully.

link: https://anBzdC5pdCA=/2gSqo

So it looks like it’s a base64 string.

So let’s open the link. (jpst.it/2gSqo)

So it looks like so many Ooks.

So I google search about it I found it’s OOK language.

OoK! interpreter can decode it.

Flag:THM{this_is_your_flag}

5.NumberMaze

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

So in the png file, we can see some numbers so the initial thought was to decode it as a decimal to text.

[84 72 77 123 117 95 114 95 115 116 101 103 110 111 95 99 104 97 109 112 125]

So it was easy.

Flag: THM{u_r_stegno_champ}

6.GoEasy

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

This time we have one pdf file. so when I try to open it. It asks for a password.

So I tried some simple passwords like “admin, password and a few other” suddenly I thought let me try “easy” because the challenge name is GoEasy. and yup I was right password is “easy”

(we can crack it only or we can crack pdf password using Fcrack but sometimes passwords are in front of us we need to see it )

Pdf file contains

Oh no, it’s BrainFuck Language. ( wondering how I know ??? because I have played enough CTFs now and able to tell which cipher is it.)

Let’s decode it.

So we got another cipher. ( i was not able to solve this challenge. )

Let’s see some forensic challenges

1.Login

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

So we have some log file.

So the first approach is to search for the “THM” string. let’s find it.

But this approach is not working so let’s see the whole file.

after a few minutes, we found our flag.

Flag: THM{yOu’rE_ a_fOrEnsiCs_hErO}

2.AccessLogs

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

So it looks like we have some access logs here.

So the first approach is to search for the “THM” string. let’s find it.

So this trick works sometimes.

So now we have the initial few characters of flag: THM{aCCeSS_

So now we need to see the whole file to get a complete flag.

Other part of flag: lOgS_aRe_ImpORtanT}

SO now the flag is

Flag: THM{aCCeSS_lOgS_aRe_ImpORtanT}

3.InsecureLogs

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

This time we got a PCAP file, ( so this is where forensics begins )

So Now the first approach is to download all the exports from the PCAP file and we can do it easily like this.

Go to File and select the Export object as:

and then save all

So we have 27 files.

So we need to open it one by one and check for the flag. I found the flag in register(2).php file

Flag: THM{tHiS_Is_nEtwOrK_fOreNsiCS}

4.HashHashHash

So we have been given one zip file so as usual, let’s see what’s inside the ZIP file.

So at first look we can see there is some hash value and it says find the flag in the file. So let’s scroll down at end of the file.

So we just need to find the first character of the flag.

So after half an hour, I was not able to crack or identify this hash

So last thing I did was search the “description of the challenge” and I found it’s a tiger hash ( google search this “I’m a cryptographic hash function designed in 1995. For efficiency on 64-bit platforms. My truncated versions can be used for compatibility with protocols.”)

Flag: THM{tiger_iS_gOOd_hAsH}

Honestly, for some of the other challenges, we need to download some specific tools so I personally don’t like that part about this CTF.

Ctf
Ctf Writeup
Cybersecurity
Information Security
Capture The Flag

--

--

Raj Upadhyay

Written by Raj Upadhyay

170 Followers

Pursuing M. Tech. in Cyber Security and Incident Response. #LoveToPlayCTF #infosec #cybersecurity

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams