KnightCTF-2022 Write-up
Recently I participated in KnightCTF 2022. Let’s see how I was able to solve a few challenges.
Digital Forensics
1. The Lost Flag
Let’s open the given image and try to see if we can get the flag.
So by at the image, we didn’t find the flag.
So I tried “strings” then “EXIF metadata” but still no success.
The next step was to upload an image on the following link and play around with different options, ( Link: https://stegonline.georgeom.net)
So as soon as I tried “Browse bit Planes” the Flag was visible.
Flag: KCTF{Y0U_F0uNd_M3}
2. Compromised FTP
So let’s open the link and see what we have,
So, It appears that we have FTP login logs. when we look into the file we notice that there are many failed login attempts. so I removed all the lines that contain the following strings as sub-string “FAIL LOGIN: Client”. so due to that, we will have the following string left with us
Mon Jan 3 15:24:13 2022 [pid 5399] [ftpuser] OK LOGIN: Client “::ffff:192.168.1.7”so the username is “ftpuser” and IP-address is “192.168.1.7”
Flag: KCTF{ftpuser_192.168.1.7}
3. Unknown File
So let’s download the file and see what we have.
So we have file that contains “file” as an extension. So the first thing we can do is to check the file into HEX Editor.
So by looking at headers we can see headers are tempered so let’s replace the first few HEX numbers and make the “PNG” headers.
‰PNG
Let’s open the PNG
Flag: KCTF{Imag3_H3ad3r_M4nipul4t10N}
Networking
1. How’s the Shark?
So let’s open the link
so we have a “pcap” file. let’s open pcap file. it looks like we have so many packets so my approach was to export all the files from the PCAP file by following steps.
Once we save all the files it will look like this
Open every image one by one and in one of the images, I got Flag.
Flag: KCTF{A_ShARk_iN_tHe_WirE}
Cryptography
1. Passwd
So let’s open the link and see what we have
so the last line indicates the password for the user “knight”.
For the following string let’s first check is it MD5 or SHA or what.
708697c63f7eb369319c6523380bdf7a
So let’s decrypt MD5.
So password for the account “knight” is “exploit”
Flag: KCTF{exploit}
404 Not Found
This challenge was a little bit tricky so let’s see how I was able to solve it.
so let’s open the given link ( Link: https://knightsquad.org/KCTF-2022?cypto=03MTJ3M2NjcfBDdfR2Mz42X1BTefN3MNFDdz0EMTtnRUN0S )
404 Not Found, wait this is not a web challenge so there should be something that we are missing here.
so let’s closely look at the URL, we can see it contain “cypto” as a parameter.
so we got some string that we need to solve to get the final flag
03MTJ3M2NjcfBDdfR2Mz42X1BTefN3MNFDdz0EMTtnRUN0Sbut when we see the above sting it does not give any hints. so after a few hours, I thought let me reverse the string and see if it make any sense.
so I used python to do string reverse.
S0NURntTME0zdDFNM3NfeTB1X24zM2RfdDBfcjN2M3JTM30so now again we have string but still not sure how to get the flag out of this so I tried to decode the string via “Base32, Base58” but no success then I tried Base64 and the flag was in front of me.
Flag: KCTF{S0M3t1M3s_y0u_n33d_t0_r3v3rS3}
Thank you for the reading also if you are interested to join my CTF team then you can reach out to me via Twitter.[Link: https://twitter.com/upadhyayraj11 ]
Few more challenges I was able to solve but I will try to make a write-up for the same in the future.
