MetaCTF CyberGames 2020 write-up

Recently I participated in MetaCTF 2020. I was running out of time because I have started solving challenges 2-hour before CTF ends. So due to that, I was able to solve a few challenges. Let’s see how I solved it

Cryptography

1.Crypto Stands For Cryptography

Given string:

TWV0YUNURntiYXNlNjRfZW5jMGRpbmdfaXNfbjB0X3RoZV9zYW1lX2FzX2VuY3J5cHRpMG4hfQ==

Flag: MetaCTF{base64_enc0ding_is_n0t_the_same_as_encrypti0n!}

Welcome to the Obfuscation Games!

Given String:

$s=New-Object IO.MemoryStream(,[Convert]::FromBase64String("H4sIAEFgjl8A/xXMMQrCQBCF4as8FltPIFaCnV3A8jFmn8ngupuYaUS8e5LyL77//vHQcWxLIHWj8Cw2wBd4RWyp2resjMm+pVlOJxzmGWekm8Iu3fU3ScXrwIf1L26C+4CtijukBY3hb/3TCj2Ieh9qAAAA"));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();

Looks like it’s a PowerShell command so let’s run it.

We got “The Flag is in the encoded payload”

So now we know we need to focus on just below string:

H4sIAEFgjl8A/xXMMQrCQBCF4as8FltPIFaCnV3A8jFmn8ngupuYaUS8e5LyL77//vHQcWxLIHWj8Cw2wBd4RWyp2resjMm+pVlOJxzmGWekm8Iu3fU3ScXrwIf1L26C+4CtijukBY3hb/3TCj2Ieh9qAAAA

Using cipher-identifier I found it’s Base64 string but I am not able to decode it. After a few minutes, I come across the following website.

“https://base64.guru/tools/character-encoding”

So we need to use Base64 to File converter.

we got one zip file. Let’s unzip it and see what we get

So I opened it in notepad

Flag: MetaCTF{peeling_back_the_flag_one_code_at_a_time}

The Last Great ZIP File

So here we have been given one zip file and we need to recover the password.

So commonly I used the following websites to crack password-protected zip files.

• https://www.lostmypass.com/file-types/zip/
• https://passwordrecovery.io/zip-file-password-removal/

So when I used the above mention website I got the password:

So let’s open a zip file using this password.

We got our flag:

Flag: MetaCTF{crack_the_planet}

Forensics

Forensics 101

So we just need to give an ASCII representation of the magic bytes for a RAR archive.

So google search shows us “mnemonic as Rar!”

so our flag is

Flag: MetaCTF{Rar!}

Staging in 1…2…3

So here we have been given one temp file.

Let’s open it in notepad.

The flag is in front of us

Flag: MetaCTF{definitely_n0t_all_0f_y0ur_sensitive_data}

WEB

High Security Fan Page

So let’s visit the given link

So let’s look at the source code.

So following code looks interesting

So let’s open the javascript file because it's calling the “authenticate()” function.

We found our flag:

Flag: MetaCTF{So_You_Wanna_Play_With_Magic}

Barry’s Web Application

So let’s open the given link

Nothing interesting here

So let’s look at the source code.

Nothing interesting here.

But wait we can see some wired URL path “/dev/webapp/index.html”

let’s remove “/webapp/index.html” from the path.

Let’s open docs/ folder.

So let’s open the flag.txt file.

Flag: MetaCTF{Dont_l3t_y0ur_d1rect0ries_b3_l1st3d}

Thank you