CTF collection Vol.1 writeup

Task 2: What does the base said?

Task 2 was to decode the encrypted word. This encryption was base64. You can use cyberchef or kali terminal for decoding. In this I’ll show how to decode the base64 format from terminal.

Open terminal and type the command,

sudo echo ”VEhNe2p1NTdfZDNjMGQzXzdoM19iNDUzfQ==” | base64 -d

Task 3: Meta Meta

Firstly download the file. The picture is of the earth. Something looked fishy so I just use the strings tool to decrypt the message behind the photo. Flag was encrypted using stegnography method.

In terminal enter the command,

strings Findme.jpg | grep THM

Task 4: Mon, are we going to be okay?

Use steghide command to decrypt the picture.

if not installed run command, sudo apt-get install steghide. To extract something from a picture using steghide execute a command of steghide extract -sf <picturename>

if asked for passphrase just press enter. Once it wrote extracted data to file cat the file and you will get the third flag.

Task 5: Ern…Magick

just highlight the text like you have to copy the question Huh, where is the flag? or inspect the element and search for THM you will get the flag.

Task 6: QRrrrr

First thing first, download the file. it is a QR code just scan that with your phone and you’ll get the flag.

Task 7: Reverse it or read it?

Download the file. You are required to download an ELF executable (a linux version of a windows .exe executable). This file is a binary file so I tried strings command once again to extract the printable characters and I found the flag.

Task 8: Another decoding stuff

It was base58 encryption. go to any base 58 decoder and you’ll find the flag once decoded. Or you can use cyberChef also for any type of encryption or decryption.

Task 9: Left or Right

Rot 13 is a encryption scheme used to encrypt infomation. How it works ? . It takes a single character and shift 13 places in the alphabet. Rot 13 is also a subset of Caesar cipher. I tried Rot13 it didn’t work and then I started bruteforcing charcter shifts and on the 19th shift I got it.

Task 10: Make a comment

Just select the No dow……… and inspect element you’ll get the flag.

Task 11: Can you fix it?

There is a courpted png file that you need to download. I got the hex dump of the courpted png image with the xxd command and stored it to a file named “myhexdump.txt”. ( — plain = plain hex dump)

A magic number is a number embedded at or near the beginning of a file that indicates its file format. So let’s replace the magic number with the correct magic number of an png image. I googled it and found out that

So let’s replace the correct png magic number in the image

Now lets go to cyberchef and use the hex to rander image to get our image

maximise the picture and you’ll get the flag in the picture.

Task 12: Read it

Some hidden flag inside Tryhackme social account reddit.

Task 13: Spin my head

This code is a programming language called “brainfuck” that’s not so popular or used. You can find an online decoder/interpreter online.

The flag is cropped again. You can use any decoder.

Task 14: An exclusive

In this challenge you have to do a XOR operation against the tow values (S1 XOR S2). I found a site online which helps me to do this easily.

Press on calculator and check the results. You’ll find the flag. But it will be in reverse order.

To get the flag correctly write the command in terminal echo “flag” | rev Output flag will be in the correct order.

Task 15: Binary walk

In this challenge you must download a jpg file. There is a tool called “binwalk” that helps you to see if there are any hidden files inside the specified file. (-e = extract)

Binwalk creates a directory to store all the extracted files that it has found. You can find your flag in this directory.

Binwalk creates a directory to store all the extracted files that it has found. You can find your flag in this directory.

Task 16: Darkness

According to the hints you can use stegsolve to filter/isolate different colors in an image. But in our case we can also view the image file and find the flag but you should have a sharp vision to see it. Anyways you can download stegsolve with these terminal commands

wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
chmod +x stegsolve.jar

Now let’s veiw the image with stegsolve by opening the file and changing the color filters

Go to file > open the picture and try changing color filters by using the arrow keys.

Task 17: A sounding QR

In this challenge you should download a QR code. Decode the QR code will give you a URL to a soundcloud audio clip.

If you hear the audio clip real slow you might get it a bit more clear or you can capture the recoding and play it in slow motion.

Task 18: Dig up the past

[Q] Sometimes we need a ‘machine’ to dig the past.
I noticed the 2 words that gives a clue “machine” and “past”. It’s the WayBack Machine. The wayback machine is simply a website that stores snapshots of other websites, noting the date and time of each snapshot that it captures.
I searched for the target website (https://www.embeddedhacker.com/) on wayback machine

Note that there is a snap taken on 02 Jan 2020 at 13:12 pm

While scrolling down I found a post named THM Flag posted on Jan 02 2020

Task 19: Uncrackable

In this challenge there is a cipher to decrypt. At first I taught it was a caesar cipher but in the end I realized that this a vigenere cipher decryption challenge after seeing this.

TRYHACKME is acting as a constant string so we can use TRYHACKME as the key.

It looks like we found another constant THMTHMTHM. Lets try it again with this key.

Task 20: Small bases

You take a look at the hints.

You should convert the decimal number to hex and then hex to ascii encoding. So let’s do it.

Task 21: Read the packet

In this challenge you have to download a network capture file. I Opened the capture file with wireshark. There were a whole lot of network traffic captured so I had to use a filter. I used GET Method http filter ( http.request.method == “GET” ) to see if there were any files transfered. For my surprise there was one file called flag.txt.

I Followed the HTTP stream of this file and got the flag

CyberSecurity Expert | Hacker | Trainer and mentor | CTF Player | Writeups writer