Open in app

Sign in

Write

Sign in

Hacktober2020 CTF: write-up

Raj Upadhyay
4 min readOct 18, 2020

--

Recently I participated in Hacktober2020 CTF.

I will start my write-up with a challenge that was really interesting.

Cryptography

I am not able to display a question because all the challenges are hidden now. but in the question, we have been given one Pastebin link.

Link: https://pastebin.com/raw/xL04idu2

Let’s open it

We have some weird text here. So, I haven’t seen this before so I have spent almost 8hours to figure out what it is.

So we can see, we have given the Base64 string which we can convert to JPG.

So let’s open this website: https://base64.guru/converter/decode/image/jpg

It looks like we need to repair our base64 string.

So now let’s use this Repaired Base64 to convert it to JPG.

We got our flag.

Flag: flag{angrybones}

Start

1. Rules 1

the flag was in front of us.

Flag: flag{pl4y_by_th3_ru13s}

2. DEADFACE 1

So we need to visit the following page and need to count how many faces are there. (http://ctf.cyberhacktics.com/intel)

So the answer is 7.

Flag: flag{7}

3. DEADFACE 2

here we need to find the username of the person. a keyword is “second-in-command”

So username is mort1cia.

Flag: flag{mort1cia}

4. Let’s Begin!

So the flag is in front of us:

Flag: flag{lets_get_started}

Traffic Analysis

1. Remotely Administrated Evil

So here we have one pcap file so let’s open it and analyze it.

here we need to find the malicious file name.

So simple way is to export all items. but actually here don’t need to save all files we just need the name of the file.

So we have a file name let’s try to submit it.

Flag: flag{solut.exe}

Evil Corp’s Child

so we need to follow the same steps.

Export file and check the MD5 value of that file.

let’s save it and check the MD5 value of it.

So Flag is :

Flag: flag{A95D24937ACB3420EE94493DB298B295}

An Evil Christmas Carol

again we have one pcap file and we need to find the IP address.

we will follow the same steps we will do export and see from which packet contains the malicious file.

packet no. 529 has host IP 205.185.125.104

So let’s submit it.

Flag: flag{205.185.125.104}

OSINT

I am not able to share questions but I have flags.

Flag{F. Kreuger Financial}

Flag{Senior Acquisitions Supervisor}

Flag{17 Jun 1973}

Thank you,

Cryptography
Capture The Flag
Ctf
Ctf Writeup
Cybersecurity

--

--

Raj Upadhyay
Raj Upadhyay

Written by Raj Upadhyay

191 Followers
54 Following

DFIR Consultant || #LoveToPlayCTF #infosec #cybersecurity #4n6

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams