UTCTF2021: Web: Oinker (100)

This is from the UTCTF2021 CTF

Challenge Author: a1c3

For this challenge, we are given a URL:

Going to the page gives me this:

Providing some input:

And submitting it gives me this:

I noticed that the URL has a number at the end “85”. I try to manipulate that number and see what it gives me:

I see that it gives me what appears to be previous “Oinks”. I enumerate up to get this:

And that is the flag.

UTCTF2021: Misc: Emoji Encryption (100)

This is from the UTCTF2021 CTF

Challenge Author: Aya Abdelgawad

For this challenge, we are given what appears to be an emoji cipher:

After trying several emoji cipher decoders online without success, I looked a little harder at the emojis.

Knowing that the flag format starts with “utflag” and seeing what the names of the emojis are “Umbrella, Turkey, Fire, Lion, Apple, Guitar…” The first letters of the names are spelling out the flag. Going throught the full list of emojis, I get:

utflag{emojis_be_versatile}

UTCTF2021: Beginner: Cipher Gauntlet (100)

This is from the UTCTF2021 CTF

Challenge Author: balex

For this challenge, we are given a hint and a text file:

A quick trip over to RapidTables and we get this:

Apparently the princess is in another castle. I see that there is what appears to be a base64 encoded string. A quick trip over to Base64Decode and we get this:

Yet another castle. This time I have another string that appears to be a cipher along with a clue. This leads me to think it could be a Caesar Cipher. A quick trip to dcode.fr and I get this:

congratulations! you have finished the beginner cryptography challenge. here is a flag for all your hard efforts: utflag{now_youre_playing_with_crypto}. you will find that a lot of cryptography is building off this sort of basic knowledge, and it really is not so bad after all. hope you enjoyed the challenge!

UTCTF2021: Web: Cutest Cookie Clicker Rip-Off (100)

This is from the UTCTF2021 CTF

Challenge Author: Aya Abdelgawad

For this challenge we are given a little hint and a URL:

It is a game with an automatic timer that count’s down. You click the cookie to earn points. The high score is 1,000,000:

Given the name and theme of this game, I look to see what cookies it uses:

Neat, it stores my high score in a cookie. Let’s bake in a better score and refresh the page:

It applied my new highest score and is counting down:

When the clock runs out, it pops up with an alert containing the flag:

UTCTF2021: Web: Source it!! (100)

This is from the UTCTF2021 CTF

Challenge Author: Rob H

For this challenge, we are given a little hint and a URL:

Here is the site:

I take a look at the source and find that it is doing client-side authentication in JavaScript:

I see that the password’s MD5 hash is “1bea3a3d4bc3be1149a75b33fb8d82bc”

A quick google search for that hash and I see that is has already been cracks and is “sherlock“.

I try logging in as admin with password sherlock and I’m in: