Today we’re going to solve another Capture The Flag challenge called “CTF collection Vol.1 “. It’s available at TryHackMe for penetration testing practice. This lab is not difficult if we have the right basic knowledge of cryptography and steganography. The credit for making this lab goes to DesKel, you can surf it from here. So, let’s get started and learn how to break it down successfully.
Level: Easy
Task 1 Author note
Task 2 What does the base said?
Task 3 Meta meta
Task 4 Mon, are we going to be okay?
Task 5 Erm……Magick
Task 6 QRrrrr
Task 7 Reverse it or read it?
Task 8 Another decoding stuff
Task 9 Left or right
Task 10 Make a comment
Task 11 Can you fix it?
Task 12 Read it
Task 13 Spin my head
Task 14 An exclusive!
Task 15 Binary walk
Task 16 Darkness
Task 17 A sounding QR
Task 18 Dig up the past
Task 19 Uncrackable!
Task 20 Small bases
Task 21 Read the packet
In this task, we can conveniently recognize that the value is base64 encoded. We will then attempt to decode it using the base64 decoder.
And there is how we got our 2nd flag easily.
As the role name itself specifies the term meta, therefore, we are clear that here we have to take out the metadata of the image. Thereby we’ve used the EXIF tool as it is the most powerful one.
exiftool findme.jpg /root/Downloads/Findme.jpg |
And as expected we get our 3rdflag in the metadata of the file stating in the parameter of owner name.
This task was based on steganography because in the task description they are indicating that “something is hiding” where it’s gone fishy, moreover there is one file to download.
So, here we thought they are talking about steganography and decided to use steghide.
steghide extract –sf /root/Downloads/Extinction.jpg |
But Interestingly we got another file bind within it when we used to extract the data from the image. And here our arrow goes on point!! We got our 4th flag in this text file.
This task was interested and easiest one. Here we got a bit stuck as there was no file or not no clue from there. So, then we decided to see hints and thus it drops
So, the thing that comes to mind is that check the code and when we inspected the element, we got the flag directly over there, or alternately we can also get the flag by highlighting the phrase.
This was the simplest one since the title indicates QR” and it was a QR picture when we downloaded the file. So, we already know that the next move is to scan the code.
AND BOOM!! We got our flag only after scanning it.
In this task, we should only know about the command to open the elf file (a type of .exe). As soon as we open the file with the following command, we got the flag listed
Here, as it says, it is a decoding task which is like most of the cryptography challenges. And we were also led to the base58 algorithm as clues, so we use the online base58 decoder directly.
And within a second We got our 8th flag by just decoding it.
We all need a basic presence of mind in this task as it explains that it is a rot 13 algorithm that is a special case of Ceaser cipher encryption technique in which we replace the plain character with the next 13th letter.
So, here we tried rot13 decoder but it didn’t work, so here our next step was to brute force on shift that is 14,15,16 and so on, as this is all about Ceaser cipher substitute
And we got our flag on the 7th shift
This assignment was the same as Task 5. There was no encoding and no files. So here we thought performing the same steps of task 5 because this task was looking alike as task 5 – No file, No clue in the title. So, here we had to do the inspection again and look for our flag.
And luckily, we received our 10th flag after looking for a while.
This was the most interesting task of the entire lab. As there was a corrupted png but so here we tried to extract the hexadecimal code of that image but after studying a while, we found that its magic numbers vary from the regular magic number.
Magic numbers are initial 8 characters or numbers in hexadecimal code of any file.
So as we searched on google and we found that the standard magic numbers of the png image are 89 50 4E 47
We have to just replace it.
Now our last step is to render the image from updated hexadecimal code which we did use cyber chef where we have to render the image from updated code
And hence we got our 11th flag in the image
In this task, our flag is present on the social media account of tryhackme. But our confusion was to explore on which platform either Twitter or something else.
But provided hint cleared it for us. So here we got a chance to explore our google dork technique. And the perfect dork came to be
inurl:"reddit.com" &intext:"THM" & intitle:"tryhackme" |
After going through it we can easily spot our flag where the flag was hidden in the image
This task was spinning my mind as it told me to decode it but we were clueless about it that’s why we had to go for a hint, and they indicated to its “BINARYFUCK”
So, we directly go to binaryfuck decoder and hence we got our 13th flag just by decoding it.
In this task, we got 2 strings but we didn’t know what to do with these strings but our saviour hint shows to XOR these strings.
Now we can relate exclusive and XOR.
So, we can do it easily, as many tools are available online. And we got our 14th flag without effort.
As this task name suggests a binary walk and clue also directed us to binwalk, it is a tool binwalk that is helpful in steganography. But it is only used to extract the hidden file from the images.
So, we extracted files from jpg and found one txt file. And thus, we got our 15th flag in this file.
In this task our hint is stegsolve. Stegsolve is a steganographic image analyzer, solver, and data extractor.
We have to evaluate our image by filtering various colours in an image using stegsolve. We can download stegsolve with these terminal commands
wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar chmod +x stegsolve.jar |
Now just we have to open the image with the stegsolve
In the first go, it is just the black image but we have to constantly analyze the image under different colours so the odd one can shine out like this.
And hence we got our 16th flag
This task is quite similar to task 6. In this task, we got a QR image and we will scan it and fetch information from there.
But interestingly we got a link over there which redirects to an audio link
But after listening to it carefully in slow motion we got our 17th flag.
In this task as a title relates to the past the only thing that pops up in our mind is the Wayback machine and the time and date in the description make our doubt clear.
So, for checking past captures or archives of any site we can use the Wayback Machine. After analyzing the output, we can see there is a capture of the website on 2nd Jan 2020
But when we visited that website, we got our 18th flag.
We have an embedded text in this role so that we can attempt to decipher it. So, we tried it with Ceaser cipher and several other methods, but we get to know this from clues that this is vigenere cipher.
But now the problem begins because while decoding it we require a key.
So there is a strange thing that we can notice is all flags are in the format of THM{………} but in this task flag format is TRYHACKME{………} that’s why we used it as a key and got another encoded value.
It looks like we found another constant THMTHMTHM. Now we can either attempt to decrypt consecutively using the same key that is TRYHACKME or we can also use THMTHMTHM as a key to decode MYKAHODTQ{RVG YVGGK FAL WXF}
But we got our 19th flag by using THMTHMTHM as a key
This task was also of cryptography. In this task, the hints say (dec-> hex -> ASCII) we have to simply follow these tips that are converting decimal to hex first
Then Hex to ASCII
And hence we got our 20th flag
In this task when we download the file it’s a pcapfile. So, it cleared that it’s a Wireshark file
And as the task name suggests we have to read any packet which is in any packet so after applying many filters and searching we get to the request over which flag.txt has been sent so we have to just open up that file with the help of stream.
And here we go we secured our last flag.
MISSION ACCOMPLISHED!!
Author: Dheeraj Gupta is a Certified Ethical Hacker, Penetration Tester and a Tech Enthusiast in the field of Network & Cyber Security. Contact Here