Writeups

BlueHens CTF 2021: Minecraft: MineR Code

This is from the BlueHensCTF 2021.

Challenge Author: ProfNinja

For this challenge, We are given the following information and links:

Here is the mc86 Intro:

Here is the mc86 InitCode:

/give @p minecraft:written_book{title:"Init CPU",author:"UD Cyberscholars",generation:0,pages:[
"{\"text\":\"Click Here First\\n\",\"color\":\"dark_green\",\"bold\":true,\"underlined\":true,\"hoverEvent\":{\"action\":\"show_text\",\"value\":\"Creating RAM\"},\"clickEvent\":{\"action\":\"run_command\",\"value\":\"/setblock ~1 ~ ~ minecraft:lime_shulker_box\"},
\"extra\":[
{\"text\":\"Click Here Second\\n\",\"color\":\"dark_green\",\"bold\":true,\"underlined\":true,\"hoverEvent\":{\"action\":\"show_text\",\"value\":\"Start Timing Belt\"},\"clickEvent\":{\"action\":\"run_command\",\"value\":\"/setblock ~2 ~1 ~ minecraft:command_block[facing=up]{powered:0b,Command:\\\"setblock ~ ~-1 ~ air\\\"}\"}},
{\"text\":\"Click Here Third\\n\",\"color\":\"dark_green\",\"bold\":true,\"underlined\":true,\"hoverEvent\":{\"action\":\"show_text\",\"value\":\"Finishing Timing Belt\"},\"clickEvent\":{\"action\":\"run_command\",\"value\":\"/setblock ~2 ~2 ~ minecraft:chain_command_block[facing=up]{powered:0b,auto:1b,conditionMet:0b,Command:\\\"execute if data block ~-1 ~-2 ~ Items[0].tag.pages[0] run setblock ~ ~-2 ~ redstone_block\\\"}\"}},
{\"text\":\"Click Here Fourth\\n\",\"color\":\"dark_green\",\"bold\":true,\"underlined\":true,\"hoverEvent\":{\"action\":\"show_text\",\"value\":\"Start CPU\"},\"clickEvent\":{\"action\":\"run_command\",\"value\":\"/setblock ~3 ~ ~ minecraft:command_block[facing=east]{powered:0b,Command:\\\"data modify block ~2 ~ ~ Command set from block ~-2 ~ ~ Items[0].tag.pages[0]\\\"}\"}},
{\"text\":\"Click Here Fifth\\n\",\"color\":\"dark_green\",\"bold\":true,\"underlined\":true,\"hoverEvent\":{\"action\":\"show_text\",\"value\":\"Finishing CPU\"},\"clickEvent\":{\"action\":\"run_command\",\"value\":\"/setblock ~4 ~ ~ minecraft:chain_command_block[facing=east]{powered:0b,auto:1b,conditionMet:0b,Command:\\\"data remove block ~-3 ~ ~ Items[0].tag.pages[0]\\\"}\"}},
{\"text\":\"Click Here Sixth\\n\",\"color\":\"dark_green\",\"bold\":true,\"underlined\":true,\"hoverEvent\":{\"action\":\"show_text\",\"value\":\"Placing ALU\"},\"clickEvent\":{\"action\":\"run_command\",\"value\":\"/setblock ~5 ~ ~ minecraft:chain_command_block[facing=east]{powered:0b,auto:1b,conditionMet:0b}\"}}]}"]} 1

Finally, here is the challenge source code:

/give @p writable_book{pages:["/fill ~-1 ~26 ~-5 ~25 ~ ~-5 white_concrete","/fill ~0 ~25 ~-5 ~6 ~25 ~-5 black_concrete","/fill ~9 ~25 ~-5 ~11 ~25 ~-5 black_concrete","/fill ~14 ~25 ~-5 ~14 ~23 ~-5 black_concrete","/fill ~18 ~25 ~-5 ~24 ~25 ~-5 black_concrete","/fill ~0 ~24 ~-5 ~0 ~19 ~-5 black_concrete","/fill ~6 ~24 ~-5 ~6 ~19 ~-5 black_concrete","/fill ~11 ~24 ~-5 ~13 ~24 ~-5 black_concrete","/fill ~16 ~24 ~-5 ~16 ~24 ~-5 black_concrete","/fill ~18 ~24 ~-5 ~18 ~19 ~-5 black_concrete","/fill ~24 ~24 ~-5 ~24 ~19 ~-5 black_concrete","/fill ~2 ~23 ~-5 ~4 ~21 ~-5 black_concrete","/fill ~9 ~23 ~-5 ~11 ~23 ~-5 black_concrete","/fill ~20 ~23 ~-5 ~22 ~21 ~-5 black_concrete","/fill ~8 ~22 ~-5 ~8 ~21 ~-5 black_concrete","/fill ~10 ~22 ~-5 ~13 ~22 ~-5 black_concrete","/fill ~16 ~22 ~-5 ~16 ~21 ~-5 black_concrete","/fill ~10 ~21 ~-5 ~10 ~19 ~-5 black_concrete","/fill ~12 ~21 ~-5 ~13 ~21 ~-5 black_concrete","/fill ~9 ~20 ~-5 ~9 ~20 ~-5 black_concrete","/fill ~14 ~20 ~-5 ~14 ~18 ~-5 black_concrete","/fill ~1 ~19 ~-5 ~5 ~19 ~-5 black_concrete","/fill ~8 ~19 ~-5 ~8 ~19 ~-5 black_concrete","/fill ~12 ~19 ~-5 ~12 ~19 ~-5 black_concrete","/fill ~16 ~19 ~-5 ~16 ~18 ~-5 black_concrete","/fill ~19 ~19 ~-5 ~23 ~19 ~-5 black_concrete","/fill ~9 ~18 ~-5 ~9 ~17 ~-5 black_concrete","/fill ~15 ~18 ~-5 ~15 ~18 ~-5 black_concrete","/fill ~0 ~17 ~-5 ~1 ~17 ~-5 black_concrete","/fill ~5 ~17 ~-5 ~7 ~17 ~-5 black_concrete","/fill ~10 ~17 ~-5 ~10 ~16 ~-5 black_concrete","/fill ~13 ~17 ~-5 ~13 ~15 ~-5 black_concrete","/fill ~20 ~17 ~-5 ~21 ~16 ~-5 black_concrete","/fill ~2 ~16 ~-5 ~4 ~15 ~-5 black_concrete","/fill ~8 ~16 ~-5 ~8 ~16 ~-5 black_concrete","/fill ~11 ~16 ~-5 ~11 ~16 ~-5 black_concrete","/fill ~14 ~16 ~-5 ~16 ~16 ~-5 black_concrete","/fill ~19 ~16 ~-5 ~19 ~16 ~-5 black_concrete","/fill ~22 ~16 ~-5 ~23 ~16 ~-5 black_concrete","/fill ~0 ~15 ~-5 ~1 ~15 ~-5 black_concrete","/fill ~6 ~15 ~-5 ~6 ~15 ~-5 black_concrete","/fill ~9 ~15 ~-5 ~9 ~15 ~-5 black_concrete","/fill ~14 ~15 ~-5 ~15 ~15 ~-5 black_concrete","/fill ~21 ~15 ~-5 ~21 ~14 ~-5 black_concrete","/fill ~23 ~15 ~-5 ~24 ~15 ~-5 black_concrete","/fill ~5 ~14 ~-5 ~5 ~13 ~-5 black_concrete","/fill ~10 ~14 ~-5 ~11 ~12 ~-5 black_concrete","/fill ~14 ~14 ~-5 ~14 ~11 ~-5 black_concrete","/fill ~16 ~14 ~-5 ~19 ~14 ~-5 black_concrete","/fill ~24 ~14 ~-5 ~24 ~13 ~-5 black_concrete","/fill ~0 ~13 ~-5 ~0 ~9 ~-5 black_concrete","/fill ~4 ~13 ~-5 ~4 ~11 ~-5 black_concrete","/fill ~6 ~13 ~-5 ~9 ~13 ~-5 black_concrete","/fill ~16 ~13 ~-5 ~16 ~12 ~-5 black_concrete","/fill ~18 ~13 ~-5 ~18 ~13 ~-5 black_concrete","/fill ~2 ~12 ~-5 ~2 ~9 ~-5 black_concrete","/fill ~7 ~12 ~-5 ~8 ~12 ~-5 black_concrete","/fill ~15 ~12 ~-5 ~15 ~8 ~-5 black_concrete","/fill ~19 ~12 ~-5 ~19 ~9 ~-5 black_concrete","/fill ~23 ~12 ~-5 ~23 ~11 ~-5 black_concrete","/fill ~3 ~11 ~-5 ~3 ~11 ~-5 black_concrete","/fill ~5 ~11 ~-5 ~7 ~11 ~-5 black_concrete","/fill ~9 ~11 ~-5 ~9 ~10 ~-5 black_concrete","/fill ~12 ~11 ~-5 ~12 ~11 ~-5 black_concrete","/fill ~17 ~11 ~-5 ~17 ~11 ~-5 black_concrete","/fill ~20 ~11 ~-5 ~21 ~11 ~-5 black_concrete","/fill ~24 ~11 ~-5 ~24 ~10 ~-5 black_concrete","/fill ~5 ~10 ~-5 ~5 ~10 ~-5 black_concrete","/fill ~8 ~10 ~-5 ~8 ~6 ~-5 black_concrete","/fill ~16 ~10 ~-5 ~16 ~4 ~-5 black_concrete","/fill ~21 ~10 ~-5 ~22 ~10 ~-5 black_concrete","/fill ~6 ~9 ~-5 ~7 ~9 ~-5 black_concrete","/fill ~10 ~9 ~-5 ~10 ~9 ~-5 black_concrete","/fill ~13 ~9 ~-5 ~14 ~9 ~-5 black_concrete","/fill ~17 ~9 ~-5 ~18 ~9 ~-5 black_concrete","/fill ~20 ~9 ~-5 ~20 ~5 ~-5 black_concrete","/fill ~22 ~9 ~-5 ~22 ~9 ~-5 black_concrete","/fill ~9 ~8 ~-5 ~9 ~8 ~-5 black_concrete","/fill ~11 ~8 ~-5 ~11 ~6 ~-5 black_concrete","/fill ~0 ~7 ~-5 ~6 ~7 ~-5 black_concrete","/fill ~10 ~7 ~-5 ~10 ~5 ~-5 black_concrete","/fill ~12 ~7 ~-5 ~12 ~7 ~-5 black_concrete","/fill ~18 ~7 ~-5 ~18 ~7 ~-5 black_concrete","/fill ~24 ~7 ~-5 ~24 ~6 ~-5 black_concrete","/fill ~0 ~6 ~-5 ~0 ~1 ~-5 black_concrete","/fill ~6 ~6 ~-5 ~6 ~1 ~-5 black_concrete","/fill ~15 ~6 ~-5 ~15 ~4 ~-5 black_concrete","/fill ~2 ~5 ~-5 ~4 ~3 ~-5 black_concrete","/fill ~9 ~5 ~-5 ~9 ~3 ~-5 black_concrete","/fill ~13 ~5 ~-5 ~14 ~4 ~-5 black_concrete","/fill ~17 ~5 ~-5 ~19 ~5 ~-5 black_concrete","/fill ~22 ~5 ~-5 ~23 ~5 ~-5 black_concrete","/fill ~11 ~4 ~-5 ~11 ~4 ~-5 black_concrete","/fill ~17 ~4 ~-5 ~18 ~4 ~-5 black_concrete","/fill ~23 ~4 ~-5 ~24 ~4 ~-5 black_concrete","/fill ~17 ~3 ~-5 ~17 ~3 ~-5 black_concrete","/fill ~21 ~3 ~-5 ~22 ~3 ~-5 black_concrete","/fill ~24 ~3 ~-5 ~24 ~1 ~-5 black_concrete","/fill ~8 ~2 ~-5 ~8 ~1 ~-5 black_concrete","/fill ~12 ~2 ~-5 ~12 ~2 ~-5 black_concrete","/fill ~15 ~2 ~-5 ~16 ~2 ~-5 black_concrete","/fill ~19 ~2 ~-5 ~20 ~2 ~-5 black_concrete","/fill ~1 ~1 ~-5 ~5 ~1 ~-5 black_concrete","/fill ~16 ~1 ~-5 ~16 ~1 ~-5 black_concrete","/fill ~18 ~1 ~-5 ~18 ~1 ~-5 black_concrete","/fill ~21 ~1 ~-5 ~21 ~1 ~-5 black_concrete"]}

As recommended by the challenge text, I got the latest Minecraft Java Launcher and launched a world:

I followed the YouTube video and gave myself a command block, placed it with a button on it, and posted the mc86 initcode:

I clicked the button and received an enchanted book:

I followed the instructions and clicked each of the six links to generate my mc86 computer in my world:

Next, following the YouTube video, I pasted the challenge source code into the command block I created earlier and click the button:

This gave me a book and quill with 106 pages of instructions:

I then placed this book and quill into the Shulker Box:

I placed a button in the mc86 computer (as directed in the YouTube video) and and clicked it to run the challenge program:

This generated a giant QR code in my world:

After scanning the QR code, I got the following link:

https://gist.github.com/AndyNovo/30aa5b2665aa388dc81545f79ccb380f

This link gave me this code:

/give @p writable_book{pages:['/setblock ~5 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"bs",Color:4},{Pattern:"ls",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~6 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"rs",Color:4},{Pattern:"bs",Color:4},{Pattern:"ts",Color:4},{Pattern:"cbo",Color:11},{Pattern:"ls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~7 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ts",Color:4},{Pattern:"bs",Color:4},{Pattern:"rs",Color:4},{Pattern:"ms",Color:11},{Pattern:"ls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~8 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ts",Color:4},{Pattern:"cs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~9 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ms",Color:4},{Pattern:"rs",Color:11},{Pattern:"ts",Color:4},{Pattern:"ls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~10 ~0 ~5 yellow_banner[rotation=0]{Patterns:[{Pattern:"cbo",Color:11},{Pattern:"vhr",Color:11},{Pattern:"bo",Color:11},{Pattern:"mr",Color:11}]}', '/setblock ~11 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"tt",Color:4},{Pattern:"tts",Color:11},{Pattern:"ls",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~12 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"tl",Color:4},{Pattern:"cs",Color:4},{Pattern:"bs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~13 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ls",Color:4},{Pattern:"tt",Color:11},{Pattern:"drs",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~14 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ts",Color:4},{Pattern:"bs",Color:4},{Pattern:"ms",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~15 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ts",Color:4},{Pattern:"bs",Color:4},{Pattern:"rs",Color:4},{Pattern:"ms",Color:11},{Pattern:"ls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~16 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"hh",Color:4},{Pattern:"cs",Color:11},{Pattern:"ts",Color:4},{Pattern:"ls",Color:4},{Pattern:"drs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~17 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ls",Color:4},{Pattern:"hhb",Color:11},{Pattern:"ms",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~18 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ms",Color:4},{Pattern:"rs",Color:11},{Pattern:"ts",Color:4},{Pattern:"ls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~19 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ts",Color:4},{Pattern:"cs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~20 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"bo",Color:4},{Pattern:"rud",Color:11},{Pattern:"ld",Color:11}]}', '/setblock ~21 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ls",Color:4},{Pattern:"hhb",Color:11},{Pattern:"ms",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~22 ~0 ~5 yellow_banner[rotation=0]{Patterns:[{Pattern:"mr",Color:11},{Pattern:"ms",Color:11},{Pattern:"drs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~23 ~0 ~5 yellow_banner[rotation=0]{Patterns:[{Pattern:"mr",Color:11},{Pattern:"ms",Color:11},{Pattern:"drs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~24 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ts",Color:4},{Pattern:"bs",Color:4},{Pattern:"ms",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~25 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"tt",Color:4},{Pattern:"tts",Color:11},{Pattern:"ls",Color:4},{Pattern:"rs",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~26 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"rs",Color:4},{Pattern:"bs",Color:4},{Pattern:"ts",Color:4},{Pattern:"cbo",Color:11},{Pattern:"ls",Color:4},{Pattern:"ms",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~27 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"bs",Color:4},{Pattern:"ls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~28 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"drs",Color:4},{Pattern:"hhb",Color:11},{Pattern:"dls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~29 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"bo",Color:4},{Pattern:"rud",Color:11},{Pattern:"ld",Color:11}]}', '/setblock ~30 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"drs",Color:4},{Pattern:"hhb",Color:11},{Pattern:"dls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~31 ~0 ~5 blue_banner[rotation=0]{Patterns:[{Pattern:"ts",Color:4},{Pattern:"bs",Color:4},{Pattern:"rs",Color:4},{Pattern:"ls",Color:4},{Pattern:"bo",Color:11}]}', '/setblock ~32 ~0 ~5 yellow_banner[rotation=0]{Patterns:[{Pattern:"cbo",Color:11},{Pattern:"vh",Color:11},{Pattern:"mr",Color:11}]}']}

I then placed this code into my command block and clicked the button to run it:

This gave me another book and quill with 28 pages:

I placed it into the Shulker Box, added another button, and clicked it to run the code:

This generated the flag:

UDCTF{M1N3CR4FT_4SS3MBLY_Y0}

Line CTF: Web: Welcome

This is for the 2021 Line CTF.

For this challenge, we are given he following link and information:

The link: https://linectf.me/2e5ef7f070966b1a50e811692bf1d362

Being cautious, I check out what appears to be a hex string in the link:

2e5ef7f070966b1a50e811692bf1d362

Thinking this could be an MD5 hash, I run hashid:

This confirmed my suspicions. Now I run hashcat on the hash with the popular rockyou wordlist:

After about 16 hours, the wordlist was exhausted and I still didn’t have an answer.

I then paid a Russian hacker to get the flag for me. We settled on a nominal $9,000 USD service fee.

actual photo

Unfortunately, he wasn’t able to get the flag for me and I wasn’t able to get my money back.

I then broke out my Ouija board and attempted to contact the spirits for help:

To my surprise, the spirits were very active and willing to help point me in the right direction.

They pointed me to the letters:

L I T T L E E A R L

Combining the letters I got “LITTLEEARL”, which I refined to “Little Earl”

This made me think for a while and I realized they were trying to get me to remember that my long lost 4-th great cousin Earl, who was very small (only 2’3″) used to rave about his favorite website: tinyurl.com

I know that TinyURL is great for shortening long URLs to make it easier to hide links to flags or other information. The problem was I needed the rest of the URL to get to what I needed.

After looking through the Line corporate website (the purveyors of the CTF), I found some interesting information on this page: https://careers.linecorp.com/

I realized that the following letters and numbers were used more than any other letters and numbers on the page and they ranked in the following order ( I repeated letters based on whimsy):

P A S S W O R D S G E N E R A T O R N E T

I realized this was a website! https://passwordgenerator.net

I went to that website and set the parameters on the page to what I would expect to see for the unique ID of a TinyURL link (combination of 8 numbers and lowercase letters):

I added the generated password the the TinyURL link that Cousin Earl loved and come up with this:

https://tinyurl.com/2hp3hf84

Browsing to the URL, I am directed to a GitHub repo (https://github.com/GMKdotUS/unwelcomeLineCTF):

Clicking the only file in the repo, I see a hint:

It took me a while, but I realized this was a Back to the Future reference… Time Travel!

I saw that this file had been edited so I looked at the previous file version to see if it had any information… like going back in time:

I see that the file originally contained a link!

https://linectf.me/2e5ef7f070966b1a50e811692bf1d362

At this point, I realize I should do a WGET of the link to see what it contains:

wget https://linectf.me/2e5ef7f070966b1a50e811692bf1d362

I performed the strings command on the downloaded file to see if there is anything interesting:

This resulted in a lot of cryptic code looking strings, so I grepped the command looking for a flag as follows:

strings 2e5ef7f070966b1a50e811692bf1d362 | grep LINECTF

Boom! I got the flag!!!

LINECTF{welcome_to_linectf}

I later learned that I could have just clicked on the link provided in the challenge description and would have got the flag as such:

In case you missed it, I was being a smartass. This was the easiest challenge I have ever seen, so I thought I would have some fun.

Vishwa CTF: Reverse Engineering: Facile (495)

This is from the 2021 Vishwa CTF

For this challenge, we were given the following clue and a .gzf file:

The “gzf” extension was not familiar and there wasn’t much information online. I did a static file analysis and found some interesting text:

I ran binwalk against it with the extract “-e” switch:

Inspecting the resulting file “FOLDER_ITEM”, I decided to run strings against it:

It yielded a lot of results, so I grep the strings command for “vishwaCTF”:

Now I have the flag!

Vishwa CTF: Reverse Engineering: Misleading Steps (484)

This is from the 2021 Vishwa CTF

For this challenge, we are given the following clue and a binary file:

When performing a static analysis of the binary, I see what looks like a flag, but as it states, it is a false flag:

Next, I execute the program in terminal to see what it does:

It slowly scrolls out the following text:

The first appearance deceives many,the intelligence of a few perceives what has been carefully hidden...

Next, I load up my debugger and inspect it.

I noticed that there a number of characters (in hex) listed out:

I capture those hex values in a text editor.

76 69 73 68 77 61 43 54 46 7b 55 6d 4d 5f 77 33 69 52 44 6f 6f 6f 30 5f 31 5f 41 6d 5f 74 68 33 5f 72 33 34 6c 5f 30 6e 33 7d

I then convert them to ASCII:

And now I have the real flag!

Vishwa CTF: Reverse Engineering: Rotations (472)

This is from the 2021 Vishwa CTF

For this challenge, we are given the following clue and a ELF binary:

After some preliminary poking at the file, I execute it in the terminal to see what it does. I see that it waits for input from the user and replies with “EWWWW DUMBBB” and exits:

Next I load it into my debugger and inspect the code:

I see that there is cmp performed and it results in a jmp to the failure message:

I modify the jmp and fill it with NOPs:

I then provide some random input and watch for its response:

It looks like a scrambled flag. Most likely a simple shift cipher… maybe a ROT (rotation). I head over to rot13.com and decode it:

Now I have the flag!

Vishwa CTF: General: Front Pages (500)

This is from the 2021 Vishwa CTF

For this challenge, we are given a cryptic hint:

A quick Google search tells me that Reddit is the front page of the internet, so I search for entries related to vishwactf on reddit:

I see that there is a comment indicating that another comment has been deleted:

AI hop in my time machine at Archive.org and go down memory lane:

I now have what appears to be a ciphered flag with a clue. The part about the “18th century French scholars” tells me to try decrypting it as a Vigenere cipher. I head over to dcode.fr and try it out. The automatic decryption failed, so after some contemplating, I try “VISHWACTF” as the key and I get the flag:

And yes, OSINT is overlooked!

Vishwa CTF: Web: UwU (469)

This is from the 2021 Vishwa CTF

For this challenge, we are given a URL:

Going to the site, we are given this page:

After a little poking around, I look for a robots.txt entry:

Interesting! Now I follow the clue and look for a robots directory:

I click the link on the page for the source code and I get this:

After reviewing the code, I see that the PHP is looking for an input parameter “php_is_hard” and it runs “preg_replace()” on it and evaluates the output of that.

  if (isset($_GET['php_is_hard'])) {
  
    $you_enter = $_GET['php_is_hard'];
  
    $we_enter = 'suzuki_harumiya';
  
    $the_final_one = preg_replace(
    
      "/$we_enter/", '', $you_enter);
  
      if ($the_final_one === $we_enter) {
  
        open_up();
    }
  }

Analyzing this code, I see that it takes my input and looks for all instances of “suzuki_harumiya” and removes it. Then it compares the resulting string to “suzuki_harumiya”. If it is true, then it runs the “open_up()” function.

I see that I can simply manipulate my input to “ssuzuki_harumiyauzuki_harumiya” and the script will remove the single instance of “suzuki_harumiya” in it and the resulting string will, in fact, be “suzuki_harumiya”. When I feed that input, I get this:

UTCTF2021: Web: Oinker (100)

This is from the UTCTF2021 CTF

Challenge Author: a1c3

For this challenge, we are given a URL:

Going to the page gives me this:

Providing some input:

And submitting it gives me this:

I noticed that the URL has a number at the end “85”. I try to manipulate that number and see what it gives me:

I see that it gives me what appears to be previous “Oinks”. I enumerate up to get this:

And that is the flag.

UTCTF2021: Misc: Emoji Encryption (100)

This is from the UTCTF2021 CTF

Challenge Author: Aya Abdelgawad

For this challenge, we are given what appears to be an emoji cipher:

After trying several emoji cipher decoders online without success, I looked a little harder at the emojis.

Knowing that the flag format starts with “utflag” and seeing what the names of the emojis are “Umbrella, Turkey, Fire, Lion, Apple, Guitar…” The first letters of the names are spelling out the flag. Going throught the full list of emojis, I get:

utflag{emojis_be_versatile}

UTCTF2021: Beginner: Cipher Gauntlet (100)

This is from the UTCTF2021 CTF

Challenge Author: balex

For this challenge, we are given a hint and a text file:

A quick trip over to RapidTables and we get this:

Apparently the princess is in another castle. I see that there is what appears to be a base64 encoded string. A quick trip over to Base64Decode and we get this:

Yet another castle. This time I have another string that appears to be a cipher along with a clue. This leads me to think it could be a Caesar Cipher. A quick trip to dcode.fr and I get this:

congratulations! you have finished the beginner cryptography challenge. here is a flag for all your hard efforts: utflag{now_youre_playing_with_crypto}. you will find that a lot of cryptography is building off this sort of basic knowledge, and it really is not so bad after all. hope you enjoyed the challenge!