CyberYoddha CTF
A beginner level CTF to get more experience. This was a really good experience for me to see what I’ve learned up to this point, and what I can learn from this CTF.
Forensics
- Image Viewer
Exiftool and flag
Flag: CYCTF{h3h3h3_1m@g3_M3t@d@t@_v13w3r_ICU}
2. The row beneath
Strings and flag
Flag: CYCTF{L00k_1n_th3_h3x_13h54d56}
3. What’s the password
Using this cheatsheet, I used steghide to extract the contents. The passphrase “sudo” is given to us by looking at the image.
Flag: CYCTF{U$3_sud0_t0_achi3v3_y0ur_dr3@m$!}
4. Steg 2
Threw the png file into Cyber Chef with “Randomize Colour Palette” and the flag was right there.
Flag: CYCTF{l$b_st3g@n0gr@phy_f0r_th3_w1n}
5. Steg Ultimate
Using steghide we extract the first file “steg3.jpg” which was embedded. Running steghide we extract a text file “steganopayload473955.txt” which sends us to this pastebin link.
Throw the text in Cyber Chef and generate the image for the flag.
Flag: CYCTF{2_f0r_th3_pr1c3_0f_1_b64}
6. Flag delivery
We have a file with a lot of “D” and “?M6” throughout. The clue is something to do with Morse code. Substituting “-” for “D” and “.” for “?M6” gives us the flag using Cyber Chef From Morse Code.
Flag: CYCTFR3@D_B3TW33N_TH3_L1N3S
7. Flag Delivery 2
Looking at the header in hexdump shows that the header is incorrect for PNG found here. Using xxd I fixed the header.
Attempting to open it gives this error.
Fix the invalid chunk type and we get the flag.
Flag: CYCTF{Br0k3n_1m@g3s_@r3_@_p@1n_1n_th3_b@ck}
Web Exploitation
- Look Closely
We take a look at the page source info and we find the flag.
Flag: CYCTF{1nSp3t_el3M3nt?}
2. Disallow
The clue is a page you cannot visit. We take a look at robots.txt and we get this page we cannot go to.
Do a curl and we get the flag.
Flag: CYCTF{d33r0b0t$_r_sUp3r10r}
3. Data Store
Sql injection was the answer for this.
Flag: CYCTF{1_l0v3_$q1i}
4. Data Store 2
Another sql injection.
Username: Admin with Password: 1234' OR 1=1 —
Flag: CYCTF{S@n1t1ze_@11_U$3R_1npu7$}
5. Something Sw33t
Find Flask session cookie that says “don’t look here” so that must be the path.
Found this site that shows how to decrypt the session cookie.
Decode the right base64 and we get the flag.
Flag: CYCTF{0k_1_see_you_maybe_you_are_smart}
Trivia
- Trivia 4
Flag: honeypot
2. Trivia 5
Flag: shoulder surfing
3. Trivia 7
Flag: System File Checker
4. Trivia 6
Flag: logic bomb
5. Trivia 1
Flag: Linus Torvalds
6. Trivia 8
Flag: Haskell
7. Trivia 3
Flag: Yahoo
8. Trivia 2
Looking at this article we can see that CP/M is the operating system. A search for CP/M gives us the name of the person who made it.
Flag: Gary Kildall
Shebang
- Shebang0
We ssh to the server as user shebang0 and password shebang0. A quick ls -la will show us the hidden flag.txt.
Flag: CYCTF{w3ll_1_gu3$$_b@sh_1s_e@zy}
2. Shebang1
We ssh to the server and immediately see flag.txt, but once opened you get rickrolled with the lyrics from the song. A quick grep for the flag string and we get the flag.
Flag: CYCTF{w3ll_1_gu3$$_y0u_kn0w_h0w_t0_gr3p}
3. Shebang2
grep -r “CYCTF*”
Flag: CYCTF{W0w_th@t$_@_l0t_0f_f1l3s}
4. Shebang3
Flag: CYCTF{SPOT_TH3_D1FF}
5. Shebang4
When you ssh to the server you see a flag.png file. Use scp to move it to your box and view the flag.
Flag: CYCTF{W3ll_1_gu3$$_th@t_w@s_actually_easy}
6. Shebang5
In the challenge description we have a clue about SUID. A search for it and we can see /var/cat which is unusual. It has the owner shebang6 and group is root.
Lets see if we can use it find the password to shebang6 using the suid executable /var/cat.
Flag: CYCTF{W3ll_1_gu3$$_SU1D_1$_e@$y_fl@g$}
Reverse Engineering
- Password 1
Taking a look at the python script we can see that the characters are numbered. Put them in order and you get the flag.
Flag: CYCTF{pu771ng_th3_ch@r@ct3r$_t0g3th3r_1337}
2. Password 2
We are given the scrambled flag, and using the given script we reverse it to give us the flag.
Flag: CYCTF{ju$t_@_l177l3_scr@mbl3_f0r_y0u_t0_d3c0d3}
Password Cracking
- secure (i think?)
Used this site to crack the password.
Flag: securepassword
2. Crack the Zip!
Used zip2john to get the hash for the zip file. Stripped the excess text and ran it through hashcat to get the zip password.
Flag: cyctf{y0u_cr@ck3d_th3_z!p…}
Cryptography
Beware the Ides of March
A quick Google search of “Ides of March” gives us the clue that it is from ancient Rome. Decrypt using the caesar cipher at this site.
Flag: CYCTF{c@3$@r_c!ph3r}
Binary Exploitation
- Overflow 1
Looking at the overflow1.c you can see that it is looking for the string “AAAA” 4 times. Running that input gives you a shell.
Flag: CYCTF{st@ck_0v3rfl0ws_@r3_3z}
Misc
- Lorem Ipsum
Converting the text to Lorem Ipsum and comparing the difference between the two texts gives us the flag.
Flag: cyctf{latiniscool}