Just another random CTF room created by me. Well, the main objective of the room is to test your CTF skills. For your information, vol. 1 consists of 20 tasks and all the challenges are extremely easy. Stay calm and Capture the flag :)
Munirah Binte Mohamd
The flag is base64 encoded. Thus, to decrypt it, use the following command:
echo "<flag>" | base64 -dDownload the image.
To get more information about the image, use the following command:
exiftool <image>
DownTasload the image.
We know that something is hidden inside the image.
steghide info <image>steghide extract -sf <image>
The hint mentions to highlight the text.
When I highlighted the text, I found the flag.
Download the image of the QR reader.
I used the website, https://online-barcode-reader.inliteresearch.com, to get the flag.
From the hint, I am guessing I have to reverse engineer the file.
The hint given mentioned "base58". Thus, I used an online base58 decoder.
I used an online ROT decoder.
From the website, when I decoded the flag using ROT1, the starting letter starts with 'P'. I know that the flag always starts with 'THM', so I counted the number of times it has to change to reach from 'P' to 'T'. That is how I discovered that the flag can be obtained by using ROT7.
The hint mentioned to "Check the html".
I was using Firefox's Web Developer to check the html.
The hint mentioned "Reddit".
The hint mentioned "binaryfuck".
I used the binwalk command, and found that there is an "hello_there.txt". Once the file has been exfiltrated, look for the extracted directory and read the file.
The hint mentioned "Try Stegsolve".
Use the following command to run the jar file:
java -jar stegsolve.jar** Refer to https://www.youtube.com/watch?v=9-YczGtaIiY to understand better on how to use Stegsolve.
Download the QR image.
Upload the image into a QR Decoder to be read.
Listen to the soundcloud for the flag.
The hint mentioned "Wayback Machine".
Thus, I searched on Google looking for "Wayback Machine". Look for the archive according to the information given by the question.
I decided to use CyberChef for this code as it allows various kinds of hash to be analysed.
We know that the format of the key starts with "TRYHACKME". So, I used "TRYHACKME" as the key and got the following output.
Im going to use that output as the key so that they key output now will start with "TRYHACKME".
There are base2, base10, and base 16. So, I decided to experiment with the bases and have them converted into ASCII.
To get the flag, it has to be converted from Decimal -> Hex and Hex -> ASCII.
This packet can be analysed usign Wireshark.
I decided to look into the HTTP protocol.