Académique Documents
Professionnel Documents
Culture Documents
Miscellaneous
Forensics
50
50
50
100
100 150 350
100
150 200 1000
100
100 200 500 Adithya Naresh [ x7r0n] ctfwriteups.blogspot.in
Question
Question 1 :
I rotated the wheel 13 times to find the answer. What would you do ? Cipher text ->
"Pnrfre pvcure vf fuvsg ol 3 naq gur vqrn jnf pbcvrq sbe ebg13,ivtrarer naq ybnqf bs gurz.Gur xrl vf "OVATVFABGTBBTYR".
Answer
Key : Caesar cipher Caesar cipher is shift by 3 and the idea was copied for rot13,vigenere and loads of them. The key is "BINGISNOTGOOGLE.
Question
Question 2 : When i was checking the history of my friends comp.I found this link and a file in which this text was there.I need his credentials to look at what he spoke to his friend in facebook. http://pastebin.com/qLjHmByH O gsk elim eci gci bkewbm es jkkoy oy qg vxsrkyxqtrg.W czrb ekh wz sexikb.Pae m vxkr hu ciuxspsx lrl mnwg od xpx ubze heg.B rcjk es amgfs ge qqkxcf lzv phafg. geril::yoazdmzai
Answer
Step 1 : http://pastebin.com/qLjHmByH Step 2 : http://www.base64decode.org/ Step 3 : If at all i was given a vigenere cipher to encode i would keep my key as "GOOGLEIT Step 4 : I see that you are trying to break in my credentials.I wont let it happen.But i need to remember and this is the only way.I love to stare at mirror for hours. atnas::samtsirhc Step 5 : santa:christmas
Question
Question 3 :
#!/usr/bin/python import random a = random.randint(1,9) b = raw_input('Please Enter your message: ') d = [] for x in b: c = ord(x) c = c-a d.append(c) print d Find out what the encrypted text contains [71, 72, 77, 25, 79, 62, 75, 82, 25, 76, 62, 60, 78, 75, 62]
Answer
#!usr/bin/env python a=['71','72','77','25','79','62','75','82','25','76','62','60','78','7 5','62'] for i in range (1,10) : string1 = "" for j in a : string = int(j)+i print string string1 = string1 + chr(string) print string1,'\n
Question
Question 4 : All i know is that a bitwise operation leads you to the key String1 = "Psifer" String2 = "?????" -----------------8 28 59 45 86 11 ------------------
Answer
#! usr/bin/env python string1 = "Psifer" string2 = "" ans = ["8","28","59","45","86","11"] str1 = "" k =0 for j in string1 : temp1 = ord(j) temp2 = int(ans[k]) for i in range(0,255): if(temp1 ^ i == temp2): str1 = str1 + chr(i) k = k+1 print str1 Answer : XoRK3y
Question
Question 5 :
Three best friends were sending messages to each other. After inspecting one of their computers we found a weird file called "ThisWillHelpThePublic.txt" having the content (361852223106461371121,23) We also found the file "TopSecret.txt" having its content: 298047296965971580870 208973156525516921811 338748949584784162292 011602936757302327193 Our group of trained crackers cracked this and got us some insane random output... But that won't do for us! Help us derive a plain text!
Answer
Step 1 : read about RSA Step 2 : n = 361852223106461371121 , e= 23 Step 3 : use online tools or cryptool to factorize Step 4 : find d Step 5 : find the message Step 6 : Look at the hash,find its length..Its a MD5 hash
P = 535316821148119 Q = 675959 d = 125861456622483320711 Hash = 5cb1992a656eab10601aac8f6d2a7f4e Answer = warp1234
Question
Question 1 : I got a pdf on George_Hotz..what you dont know him ??? you better read about him :-)
Answer
Question
Question 2 : I found this video . But it hides some password. Could you tell me please.
Answer
Question
Hey!! :-( My Gmail has been compromised. The hacker sent me this image to my other account and told me to find the username and password in this. I heard you are good in this. Help me!
Answer
Question
Password... password... watcha gonna do? Watcha gonna do when I crack for you!
Answer
Question
Heyaaaa..rar has the description :-) happy hacking :) Flag Format : flag1,flag2,flag3,..
Answer
You get a barcode image. Decode it to get the flag. FLAG : SN0WD3N
Answer
Flag 2 : You are given a hint of bull fighting. Spain is what you think of. Translate the given text and you get to know that its a paste bin link.
Answer
Flag 3 : Hint given is QWERTY Hover over the letters in your keyboard and you can visualize that each word is a letter. Rdxtgf p Wsxdrfvgy w Edcrtgb n Yhngvb d
FLAG : p_w_n_d
Answer
Flag 4 : Given is a brainfuck encoded text. Decoding gives : niNe - Nine - z3r0 - z3r0 - tw0 tw0 - z3r0 - e!gh7 - tWo - f0uR Who am i ?? flag is first name.
Truecaller helps you find the phone number 9900220824 FLAG : yogeesh
Answer
Flag 5 : It is clear in that question that its a steganography challenge. So the information is hidden inside pdf.
A quick google search of how to hide files in pdf leads to a lifehacker website which tells about this tool called http://wbstego.wbailer.com/. Decoding the pdf gives a text file , opening which you find FLAG{"St3g0_haX0r"} FLAG : St3g0_haX0r
Answer
Flag 6 : Hint given is a youtube video. https://www.youtube.com/watch?v=-zVgWpVXb64 A quick google about the quote my voice is my passport gives the answer as WERNERBRANDES FLAG : WERNERBRANDES
Question
Rumors have it that the teacher activated special firmwares for her favorite student, and has given him special user account. So I started sniffing around his network and got this file. See if you can help me retrieve the serial number of his firmware so that we can compare our stuff with his and bring this issue up front!
Answer
Flag : DNA-A201UB1AF10750738300
Question
Ok ok... So someone told me you are really good and stuff! So now I challenge you. Here is a file with my username and password. If you get my username and password right, you can then have my command and control server. And if you can not, you need to accept to surrender to my awesomeness!
Answer
Question
Council of Aristocrats found out about a small bunch of techies who have developed an app on Facebook for people to share their views over the government, The council doesn't like this. They have hired you to investigate over this app and find out where it is hosted. (i.e find the IP address of the app). Note: If the ip you found is 87.43.43.98 then IP_ADDR should be 87.43.0.0 flag_format: IP_ADDR::DOMAIN_NAME Link: https://apps.facebook.com/confessinator/
Answer
Step 1 : View page source frame of the app. Step 2 : Look at the url and you find the domain. Step 3 : using cmd -> ping ethereal-app259.appspot.com -> you would find the ip to be 74.125.200.141 Step 4 : As in the question its clearly mentioned so the ip we need would be 74.125.0.0 FLAG : 74.125.0.0::ethereal-app-259.appspot.com
Question
I get this stupid image wherever I go. I so wish barcode was there. I don't understand how this image looks like. Can you fix it and tell me what it means??
Answer
Step 1 : Look closely how would a qr code look. Step 2 : keep the corners as the reference and attach it. FLAG : 055d561073b56e4155f04aa0e753f68c
Question
All hail the forensics expert! I have no idea what can be done with this file that I got on my brother's laptop! Can have a look at the rest of them and let me know please!
Answer
This challenge was to get you practiced with file command or TRiD.Extract the rar file you are given. You find each file type to be unknown. Use the command file filename(your file) to view what kind of file it is. Example : First file is a .bmp file which loaded in paint or any image viewer will fetch you the password firstpart. (Try it now)
Password for Final File:firstpartzipitselfextractingpart4rulez You get : The password you need is : 4c 75 6d 69 61 5f 35 32 30 Convert the hex to ascii and the FLAG is : Lumia_520