Open in app

Sign in

Write

Sign in

CyberYoddha CTF

0x6a6e696e65
7 min readNov 1, 2020

A beginner level CTF to get more experience. This was a really good experience for me to see what I’ve learned up to this point, and what I can learn from this CTF.

Forensics

  1. Image Viewer

Exiftool and flag

Flag: CYCTF{h3h3h3_1m@g3_M3t@d@t@_v13w3r_ICU}

2. The row beneath

Strings and flag

Flag: CYCTF{L00k_1n_th3_h3x_13h54d56}

3. What’s the password

Using this cheatsheet, I used steghide to extract the contents. The passphrase “sudo” is given to us by looking at the image.

Flag: CYCTF{U$3_sud0_t0_achi3v3_y0ur_dr3@m$!}

4. Steg 2

Threw the png file into Cyber Chef with “Randomize Colour Palette” and the flag was right there.

Flag: CYCTF{l$b_st3g@n0gr@phy_f0r_th3_w1n}

5. Steg Ultimate

Using steghide we extract the first file “steg3.jpg” which was embedded. Running steghide we extract a text file “steganopayload473955.txt” which sends us to this pastebin link.

Throw the text in Cyber Chef and generate the image for the flag.

Flag: CYCTF{2_f0r_th3_pr1c3_0f_1_b64}

6. Flag delivery

We have a file with a lot of “D” and “?M6” throughout. The clue is something to do with Morse code. Substituting “-” for “D” and “.” for “?M6” gives us the flag using Cyber Chef From Morse Code.

Flag: CYCTFR3@D_B3TW33N_TH3_L1N3S

7. Flag Delivery 2

Looking at the header in hexdump shows that the header is incorrect for PNG found here. Using xxd I fixed the header.

Attempting to open it gives this error.

Fix the invalid chunk type and we get the flag.

Flag: CYCTF{Br0k3n_1m@g3s_@r3_@_p@1n_1n_th3_b@ck}

Web Exploitation

  1. Look Closely

We take a look at the page source info and we find the flag.

Flag: CYCTF{1nSp3t_el3M3nt?}

2. Disallow

The clue is a page you cannot visit. We take a look at robots.txt and we get this page we cannot go to.

Do a curl and we get the flag.

Flag: CYCTF{d33r0b0t$_r_sUp3r10r}

3. Data Store

Sql injection was the answer for this.

Flag: CYCTF{1_l0v3_$q1i}

4. Data Store 2

Another sql injection.

Username: Admin with Password: 1234' OR 1=1 —

Flag: CYCTF{S@n1t1ze_@11_U$3R_1npu7$}

5. Something Sw33t

Find Flask session cookie that says “don’t look here” so that must be the path.

Found this site that shows how to decrypt the session cookie.

Decode the right base64 and we get the flag.

Flag: CYCTF{0k_1_see_you_maybe_you_are_smart}

Trivia

  1. Trivia 4

Flag: honeypot

2. Trivia 5

Flag: shoulder surfing

3. Trivia 7

Flag: System File Checker

4. Trivia 6

Flag: logic bomb

5. Trivia 1

Flag: Linus Torvalds

6. Trivia 8

Flag: Haskell

7. Trivia 3

Flag: Yahoo

8. Trivia 2

Looking at this article we can see that CP/M is the operating system. A search for CP/M gives us the name of the person who made it.

Flag: Gary Kildall

Shebang

  1. Shebang0

We ssh to the server as user shebang0 and password shebang0. A quick ls -la will show us the hidden flag.txt.

Flag: CYCTF{w3ll_1_gu3$$_b@sh_1s_e@zy}

2. Shebang1

We ssh to the server and immediately see flag.txt, but once opened you get rickrolled with the lyrics from the song. A quick grep for the flag string and we get the flag.

Flag: CYCTF{w3ll_1_gu3$$_y0u_kn0w_h0w_t0_gr3p}

3. Shebang2

grep -r “CYCTF*”

Flag: CYCTF{W0w_th@t$_@_l0t_0f_f1l3s}

4. Shebang3

Flag: CYCTF{SPOT_TH3_D1FF}

5. Shebang4

When you ssh to the server you see a flag.png file. Use scp to move it to your box and view the flag.

Flag: CYCTF{W3ll_1_gu3$$_th@t_w@s_actually_easy}

6. Shebang5

In the challenge description we have a clue about SUID. A search for it and we can see /var/cat which is unusual. It has the owner shebang6 and group is root.

Lets see if we can use it find the password to shebang6 using the suid executable /var/cat.

Flag: CYCTF{W3ll_1_gu3$$_SU1D_1$_e@$y_fl@g$}

Reverse Engineering

  1. Password 1

Taking a look at the python script we can see that the characters are numbered. Put them in order and you get the flag.

Flag: CYCTF{pu771ng_th3_ch@r@ct3r$_t0g3th3r_1337}

2. Password 2

We are given the scrambled flag, and using the given script we reverse it to give us the flag.

Flag: CYCTF{ju$t_@_l177l3_scr@mbl3_f0r_y0u_t0_d3c0d3}

Password Cracking

  1. secure (i think?)

Used this site to crack the password.

Flag: securepassword

2. Crack the Zip!

Used zip2john to get the hash for the zip file. Stripped the excess text and ran it through hashcat to get the zip password.

Flag: cyctf{y0u_cr@ck3d_th3_z!p…}

Cryptography

Beware the Ides of March

A quick Google search of “Ides of March” gives us the clue that it is from ancient Rome. Decrypt using the caesar cipher at this site.

Flag: CYCTF{c@3$@r_c!ph3r}

Binary Exploitation

  1. Overflow 1

Looking at the overflow1.c you can see that it is looking for the string “AAAA” 4 times. Running that input gives you a shell.

Flag: CYCTF{st@ck_0v3rfl0ws_@r3_3z}

Misc

  1. Lorem Ipsum

Converting the text to Lorem Ipsum and comparing the difference between the two texts gives us the flag.

Flag: cyctf{latiniscool}

Ctf Writeup
Ctf2020

--

--

0x6a6e696e65

Written by 0x6a6e696e65

3 Followers

Cybersecurity professional, beginner CTF player, and aspiring penetration tester.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams