Wargame/CTF
SecureBug CTF(TYR Nordic New Year CTF)_Forensics
Misplaced_Forenscis_50pts Don't know file type after just seeing hex values. Using binwalk, figured out that this file's type is 'zip' and its pw. Then it gave us 'Article1.jpg' Though can't open now. By seeing hex values, you can know this is 'Word file' not a ZIP There's a flag. flag: SBCTF{n1c3_c4rv1n6_w3ll_d0n3} Nice Duck!_Forenscis_100pts Wireshark - Export - HTTP object list In movie.mp4, ..
Shakti CTF 2020_Cryptography
Cryptography 3,2,1..Go https://www.dcode.fr/enigma-machine-cipher Enigma Machine Cipher - Decoder, Encoder, Solver, Translator Tool to decrypt/encrypt with Enigma automatically. Enigma is a german ciphering/deciphering machine. Based on an electromechanic system using rotors, it allowed to cipher german communications during World War II. www.dcode.fr flag: shaktictf{you_have_cracked_the_enigma_..
Shakti CTF 2020_WEB Exploitation
WEB Exploitation Ador flag: shaktictf{f1r5t_c0mpu73r_pr0gr4mm3r} Biscuits cookie: shaktictf%7Bc00k13s_m4k3_phr3n0l0gy%26m3sm3r15m_3asy%7D flag: shaktictf{c00k13s_m4k3_phr3n0l0gy&m3sm3r15m_3asy} AuthEN $(“.c_submit”).click(function(event) { event.preventDefault() var email = $(“#cuser”).val(); var password = $(“#cpass”).val(); if(username == “admin” && password == String.fromCharCode(115, 104, 97..
Shakti CTF 2020_Misc Wooooww
Misc Wooooww https://morsecode.world/international/decoder/audio-decoder-adaptive.html Morse Code Adaptive Audio Decoder Notes The decoder will analyse sound coming from the microphone or from an audio file. The spectrogram of the sound is shown in the main graph along with a pink region showing the frequency being analysed. If the volume in the chosen frequency is louder th morsecode.world flag..
Shakti CTF 2020_Steganography Invisible
Steganography Invisible The SNOW Home Page The SNOW Home Page Whitespace steganography The program SNOW is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from ca www.darkside.com.au
Shakti CTF 2020_Forensics
Cryptography Shark on Wire 주어진 pcapng 파일의 TCP Conversation 패킷에서 플래그를 발견하였다. flag: shaktictf{wir3sh4rk_i5_ju5t_aw3s0m3} Not That Easy flag: shaktictf{sh3_w4s_h0n0r3d_by_3lectr0nic_fr0nti3r_f0und4ti0n} Zip Zap Zoo Password:h4ckTh35t3R30tyP35 flag: shaktictf{y4yYYyyY!_Y0u_g0t_1t_409515398} Extract M3
SWUCTF2020
DNS Information DNS 방식으로 인증한 SSL/TLS 인증서는 nslookup -type=txt _acme-chaellenge. 명령어를 통해 DNS 값을 찾을 수 있다. Web Server TLS 대회 홈페이지(swuctf2020.whitehat.kr)까지의 접속을 와샥으로 캡처를 뜬 후 "Client Hello"가 적힌 패킷을 관찰하면 아래처럼 Cipher Suites 속성을 볼 수 있다. 그 중 가장 안전한 암호화 방식, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA의 MD5 해시값이 플래그다. ciphersuite.info/cs/TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA/ Cipher Suite Info Secure Cipher Suite ciphe..
Affinity CTF Lite 2020
55 - A 45 - F 53 - C 22 - T - AFFCTF{T(43)(42)(23)_(42)(23)_(42)(21)(23)T_A_(23)(42)(34)(31)(35)(51)_(34)A(31)(31)(42)(33)(44)} 43 - H 42 - I 23 - S - AFFCTF{THIS_IS_I(21)ST_A_SI(34)(31)(35)(51)_(34)A(31)(31)I(33)(44)} import sys, base64 fp = open("z" , 'r').read() b64_msg = fp while True: b64_byte = b64_msg[::-1] b64_str = b64_byte.encode('utf-8') msg = base64.b64decode(b64_str) b64_msg = msg.d..
Affinity CTF Lite 2020_Forensics
Just tried to find string through "strings" and "grep" (1) strings (2) grep flag: AFFCTF{you_found_something!} First I checked HTTP object list, and found file "challenges.php". But you can see its size is 0 bytes. Though you can find the packet number "46". When you find no.46 packet, there's a flag. flag: AFFCTF{DonT_TRusT_h34d3R2} Fibonacci means ~ en.wikipedia.org/wiki/Fibonacci_number (0 1 ..
DUCTF 2020 Forensics (3)
play.duc.tf/challenges DownUnderCTF play.duc.tf github.com/DownUnderCTF/Challenges_2020_public On the spectrum Audacity로 message_1.wav 열어본 모습입니다. 파형에서 스펙트럼으로 변경하면 이렇게 됩니다. 길이를 늘리면 플래그가 보입니다. flag: DUCTF{m4by3_n0t_s0_h1dd3n} Spot the Differnece 문제 파일을 언집하면 아래와 같은 폴더가 몇 개 있습니다. 그 중 .config 파일에 들어가면, secret 폴더와 Reminder.png 파일이 있습니다. 그 중 Reminder.png 파일을 HxD로 열면 시그니처가 "50 4B 03 04"입니다. ZIP 파일의 시그니처..
FwordCTF 2020 - Memory 2 (Forensics)
The analysis will be conducted on the given 'foren.raw' file in the previous step. We already know OS information (imageinfo), so let's check the list of processes through 'pslist'. .\volatility_2.6_win64_standalone.exe -f foren.raw --profile=Win7SP1x64 pslist The problem texts "had a secret association" and "on Internet" give us a hint to analyze "chrome." We will run 'yarascan' through the PID..