Hacs workshop
Post on 14-Dec-2014
521 Views
Preview:
DESCRIPTION
Transcript
Cryptography
50
100
100
150
350
Miscellaneous
50
100
150
200
1000
Forensics
50
100
100
200
500Adithya Naresh[ x7r0n]ctfwriteups.blogspot.in
Cryptography – The science of hiding information
Menu
Quest
ion
Question 1 :I rotated the wheel 13 times to find the answer. What
would you do ?Cipher text ->
"Pnrfre pvcure vf fuvsg ol 3 naq gur vqrn jnf pbcvrq sbe ebg13,ivtrarer naq ybnqf bs gurz.Gur xrl vf
"OVATVFABGTBBTYR".
50Menu
Answ
er
Key : Caesar cipherCaesar cipher is shift by 3 and the idea was copied for rot13,vigenere and loads of them. The key is "BINGISNOTGOOGLE“.
50 pts awardedMenu
Quest
ion
Question 2 :When i was checking the history of my friends comp.I found this link and a file in which this text was there.I need his credentials to look at what he spoke to his friend in facebook.http://pastebin.com/qLjHmByH O gsk elim eci gci bkewbm es jkkoy oy qg vxsrkyxqtrg.W czrb ekh wz sexikb.Pae m vxkr hu ciuxspsx lrl mnwg od xpx ubze heg.B rcjk es amgfs ge qqkxcf lzv phafg. geril::yoazdmzai
100Menu
Answ
er
Step 1 : http://pastebin.com/qLjHmByHStep 2 : http://www.base64decode.org/Step 3 : If at all i was given a vigenere cipher to encode i would keep my key as "GOOGLEIT“Step 4 : I see that you are trying to break in my credentials.I wont let it happen.But i need to remember and this is the only way.I love to stare at mirror for hours. atnas::samtsirhc Step 5 : santa:christmas
100 pts awardedMenu
Quest
ion
Question 3 :#!/usr/bin/pythonimport random a = random.randint(1,9)b = raw_input('Please Enter your message: ')d = []for x in b: c = ord(x) c = c-a d.append(c)print dFind out what the encrypted text contains [71, 72, 77, 25, 79, 62, 75, 82, 25, 76, 62, 60, 78, 75, 62]
100Menu
Answ
er
#!usr/bin/env pythona=['71','72','77','25','79','62','75','82','25','76','62','60','78','75','62']for i in range (1,10) :
string1 = ""for j in a :
string = int(j)+iprint stringstring1 = string1 + chr(string)
print string1,'\n‘
Answer : NOT VERY SECURE
100 pts awardedMenu
Quest
ion
Question 4 :All i know is that a bitwise operation leads you to the key String1 = "Psifer"String2 = "?????"------------------8 28 59 45 86 11------------------
150Menu
Answ
er
#! usr/bin/env pythonstring1 = "Psifer"string2 = ""ans = ["8","28","59","45","86","11"]str1 = ""k =0for j in string1 :
temp1 = ord(j)temp2 = int(ans[k])for i in range(0,255):
if(temp1 ^ i == temp2):str1 = str1 + chr(i)k = k+1
print str1
Answer : XoRK3y
150 pts awardedMenu
Quest
ion
Question 5 :Three best friends were sending messages to each other. After inspecting one of their computers we found a weird file called "ThisWillHelpThePublic.txt" having the content (361852223106461371121,23) We also found the file "TopSecret.txt" having its content: 298047296965971580870 208973156525516921811 338748949584784162292 011602936757302327193 Our group of trained crackers cracked this and got us some insane random output... But that won't do for us! Help us derive a plain text!
350Menu
Answ
er
Step 1 : read about RSAStep 2 : n = 361852223106461371121 , e= 23Step 3 : use online tools or cryptool to factorizeStep 4 : find dStep 5 : find the message Step 6 : Look at the hash,find its length..Its a MD5 hash
P = 535316821148119 Q = 675959 d = 125861456622483320711 Hash = 5cb1992a656eab10601aac8f6d2a7f4eAnswer = warp1234
350 pts awardedMenu
Miscellaneous – Mixed or some basic skills in hacking.
Quest
ion
Question 1 :I got a pdf on George_Hotz..what you dont know him ??? you better read about him :-)
50Menu
Answ
er
50 pts awardedMenu
Quest
ion
Question 2 :I found this video . But it hides some password. Could you tell me please.
100Menu
Answ
er
100 pts awardedMenu
Quest
ion
Hey!! :-( My Gmail has been compromised. The hacker sent me this image to my other account and told me to find the username and password in this. I heard you are good in this. Help me!
150Menu
Answ
er
150 pts awardedMenu
Link : gif-explode.comBase-64 : dG9ueV9zdGFyazo6aXJvbm1hbg==Answer : tony_stark::ironman
Quest
ion
Password... password... watcha gonna do? Watcha gonna do when I crack for you!
200Menu
Answ
er
200 pts awardedMenu
Quest
ion
Heyaaaa..rar has the description :-) happy hacking :-)Flag Format : flag1,flag2,flag3,..
50Menu
Answ
er
Flag1 : Zip cracking…Dictionary attack.
Menu
You get a barcode image. Decode it to get the flag.FLAG : SN0WD3N
Answ
er
Flag 2 : You are given a hint of bull fighting. Spain is what you think of. Translate the given text and you get to know that it’s a paste bin link.
In Spanish pasta means paste and papelera means bin.
Pastebin.com/5Af829JP
FLAG : p@st3b!n
Menu
Answ
er
Flag 3 : Hint given is ‘QWERTY’Hover over the letters in your keyboard and you can visualize that each word is a letter.
Rdxtgf pWsxdrfvgy wEdcrtgb nYhngvb d
FLAG : p_w_n_d
Menu
Answ
er
Flag 4 : Given is a brainfuck encoded text.Decoding gives : “niNe - Nine - z3r0 - z3r0 - tw0 - tw0 - z3r0 - e!gh7 - tWo - f0uR
Who am i ?? flag is first name.”
Truecaller helps you find the phone number “9900220824”
FLAG : yogeesh
Menu
Answ
er
Flag 5 : It is clear in that question that it’s a steganography challenge. So the information is hidden inside pdf.
A quick google search of how to hide files in pdf leads to a lifehacker website which tells about this tool called http://wbstego.wbailer.com/.
Decoding the pdf gives a text file , opening which you find FLAG{"St3g0_haX0r"}
FLAG : St3g0_haX0r
Menu
Answ
er
Flag 6 : Hint given is a youtube video.https://www.youtube.com/watch?v=-zVgWpVXb64
A quick google about the quote “my voice is my passport” gives the answer as “WERNERBRANDES”
FLAG : WERNERBRANDES
Menu 1000 pts awarded
Forensics – Identifying,Preserving,Recovering,Analyzing the information.
Quest
ion
Rumors have it that the teacher activated special firmwares for her favorite student, and has given him special user account. So I started sniffing around his network and got this file. See if you can help me retrieve the serial number of his firmware so that we can compare our stuff with his and bring this issue up front!
50Menu
Answ
er
50 pts awardedMenu
Flag : DNA-A201UB1AF10750738300
Quest
ion
Ok ok... So someone told me you are really good and stuff! So now I challenge you. Here is a file with my username and password. If you get my username and password right, you can then have my command and control server. And if you can not, you need to accept to surrender to my awesomeness!
100Menu
Answ
er
100 pts awardedMenu
User : Sandy Pass : P@ssw0rd
Quest
ion
Council of Aristocrats found out about a small bunch of techies who have developed an app on Facebook for people to share their views over the government, The council doesn't like this. They have hired you to investigate over this app and find out where it is hosted. (i.e find the IP address of the app).Note: If the ip you found is 87.43.43.98 then IP_ADDR should be 87.43.0.0flag_format: IP_ADDR::DOMAIN_NAMELink: https://apps.facebook.com/confessinator/
100Menu
Answ
er
Step 1 : View page source frame of the app.Step 2 : Look at the url and you find the domain.Step 3 : using cmd -> ping ethereal-app-259.appspot.com -> you would find the ip to be “74.125.200.141”Step 4 : As in the question its clearly mentioned so the ip we need would be 74.125.0.0
FLAG : 74.125.0.0::ethereal-app-259.appspot.com
100 pts awardedMenu
Quest
ion
I get this stupid image wherever I go. I so wish barcode was there. I don't understand how this image looks like. Can you fix it and tell me what it means??
200Menu
Answ
er
Step 1 : Look closely how would a qr code look.Step 2 : keep the corners as the reference and attach it.
FLAG : 055d561073b56e4155f04aa0e753f68c
200 pts awardedMenu
Quest
ion
All hail the forensics expert! I have no idea what can be done with this file that I got on my brother's laptop! Can have a look at the rest of them and let me know please!
500Menu
Answ
er
This challenge was to get you practiced with file command or TRiD.Extract the rar file you are given.You find each file type to be unknown. Use the command “file filename(your file)” to view what kind of file it is.Example : First file is a .bmp file which loaded in paint or any image viewer will fetch you the password “firstpart”. (Try it now)
Password for Final File:firstpartzipitselfextractingpart4rulezYou get : The password you need is : 4c 75 6d 69 61 5f 35 32 30Convert the hex to ascii and the FLAG is : Lumia_520
500 pts awardedMenu
Thank you. Hope you enjoyed the CTF
top related