Elite Ghost CTF 2023
Last updated
Last updated
Last week, Elite Ghost Malaysia (EG) launch one Capture The Flag (CTF) name as Elite Ghost New Year CTF 2023. The duration of the event took 3 days with more than 50 questions. The format of CTF is jeopardy where we need to find the flag on certain task given but not pawn it.
This is my first ever CTF event for 2023. As a disclaimer, this write-up was produced for educational purposes only and future references. I do not promote or encourage any illegal hacking activity without written permission in general. I believe that ethical hacking, information security and cyber security should be a familiar subject to anyone using digital information and computers.
Challenges that are included in this write-up may also include challenges that I did not manage to solve in the competition or event period, but at the time of writing, I have the solution to the challenge, hence it is added in this write- up. (Some write-ups not 100% from me).
This challenge is direct. Looking at the given text file, it shows source code. Based on that source code, we notice it will compare it decimal to our input. And it will print the decimal in normal text. Using cyberchef to reveal the answer.
FLAG: EG{3L1T3GH0ST_4C4D3MY}
This challenge is another direct challenge but this time it write using ruby language. Iβm not really familiar with ruby syntax but after looking more further on given text file, it show that the password also print as our flag. Since it will compare with our input, I just take what being compare and it use ROT13. Using cyberchef to reveal the answer.
FLAG: EG{S0_th1s_1s_r0t13_W3lc0me}
For this challenge, it is quite tricky since we need to crack zip file, even I know we can use fcrack but it not necessary to brute it. Let solve it using some hint given in passcode.txt file. After reviewing the passcode file, it shows the password for vault zip. Solve it with simple math and reveal the passcode. The code is written in python so we can use online tools to get answer or manual calculate it. After put the passcode in zip file. It now will extract flag file.
PASSCODE: 39246208
FLAG: EG{M4THS_1S_FUN}
For this challenge, it really annoying since it have 2000 line of code in java. And make it more annoying is, it have duplicate thing. I donβt know how to remove duplicate code. So I have to search it manually. Using some information we know, I found something different in line 1478.
It look like this will print after it is executed. And it will increment every string value by 1. For example A. It will print B instead.
PASSCODE: DF{SG3Q3_1R_4KV4XR_EK4V}
FLAG: EG{TH3RE_1S_4LW4SYS_FL4W}
For this challenge it was written in c++ language. After review the code and looking at the title, it mention we need to reordered the character given into it sequence.
FLAG: EG{H4X0R}
For this challenge, it is quite hard because I need to figure out passcode given and the pass for zip file. Looking into passcode text file, it show some language I never since before. With the hint given LOL??. I try to search LOL programming language. YUP this is LOLCODE.
LOLCODE is an esoteric programming language inspired by lolspeak, the language expressed in examples of the lolcat Internet meme. The language was created in 2007 by Adam Lindsay, a researcher at the Computing Department of Lancaster University
First we need to make this code beauty, it look like the key are shifting. We found that it shifting at 13. After that, make it readable by interpreter by organize the code nicely with syntax.
It will look like this, it seen that passcode are save in R where it doing some math there.
A+B, C-D , AxB and E/F. This will show the passcode.
PASSCODE: 8668--913-9801547-0.2370237
FLAG: EG{4LW4YS_G3T_TR0LL3D}
This challenge come with png and pdf file where we need to find pdf password located in png file. Since the question mention about md5, let check the oyen.png md5
Md5sum >> using the md5 as passcode and reveal the flag.
PASSCODE: b932a70f4c04784ff16556110d5f9dbd
FLAG: EG{3V3RY_F1LE_H4SH}
This challenge makes my brain explode; I need 2 days to solve this challenge. To challenge super-duper easy. Just need to know how it works. *FRUST*.
Reorder the color given with it number.
Purple > Blue > Yellow > Red > Green > Pink > Orange
Decode it with the image given.
FLAG: EG{S3CR3T_C0D3}
For this challenge, I need to change my resolution since it has a secret word in the picture. I didnβt realize it at first after got a hint from another challenge. Then I change my resolution to see anything and notice it has a secret word.
From the file given, it says CUT FIRST 3 WORDS,0F,1LLUS1ON_. In the YouTube video, cut three words of the title and you will get M1ND. Combine everything an you will get the flag:
FLAG: EG{1LLUSION_OF_M1ND}
It same as mystery code but this time the word locates in pdf. As mentioned earlier, I didnβt manage to get any clue since I canβt see the hidden word due to my problem.
Arab > Japan > China > Rusia > Korea
tahniah123hujlmaooyaoyaspasipojjsksjjsjksjjksjjarigatou
Using the passcode to reveal the answer.
FLAG EG{BR1LL14NT_S3CR3T_COD3}
Before further investigation on Wireshark, I try to see any strings and notice base64 encoding. Decode it and we get the flag.
Strings filename.
RUd7VzFSM1NINFJLXzFTX0dSMzRUfQ==
Other method,
It mention IPv4. Let check what have in packet IPv4.
We got base64 word. Let decode it.
FLAG: EG{W1R3SH4RK_1S_GR34T}
This challenge same as IPv4 challenge but this time in IPv6.
It appears to have 2 base64 decode where one of it fake flag and another one is truth flag. Let decode it
For method through Wireshark, I donβt find it. Need to study more on this. HUHU
FLAG: EG{TH1S_1S_TH3_C0RR3CT_FL4G}
This challenges the only challenge we need to pawn the machine to get flag. Based idea of this machine is related to real scenario where the username and password related to Game of Throne. I know about this movie but never have enough time and commitment to watch it. YADAYADA.
Letβs move to step involve in solve this challenge. Thanks to author.
In this step, I need to do some reconnaissance of the target. Since this movie related to GOT, I need to figure what any possibilities. In this case, I list out all the character involves.
As usual, we start with network scanning to see any open port.
Based on the scanning, it show 2 open port which ssh and web. It also show something there in web. Let proceed to web and download that file.
The file is executable file, after doing some scanning on it, we notice this file contain execetuion process and the key was input. It act like keylogger in real scenario.
ZHJhY2FyeXMK
This decode show as dracarys. Maybe it password.. Now we need to identify the user.
Doing some osint to get it. For my method, I will bruteforce it. XD. Since we know the password and possible name for it.
hydra -U zz.txt -p dracarys ssh://10.10.210.254
-U : brute force list
-p : password
It show that Daenerys is the user.
Let use our credential into ssh.
In this listing, it contain secret. After open it, we need to find home. SO what is home?? I donβt have any idea.
But moving on listing all, it show that user has permission to see bash_history. After looking on this file,
Something interesting happen here, where it show some file and after the process it going to root and manage to be root. How interesting right.
After extracting the zip, we open the file. It show another directory where it contain credential for root.
So we go some hint there, the root password is khaldrogo. It also one of character in GOT .
Next we find the flag. Normally it will store in directory root.
RUd7VEgxU18xNV9CNFMxQ19CMnJfTUBDSDFOM180U1VSMyF9
FLAG: EG{TH1S_15_B4S1C_B2r_M@CH1N3_4SUR3!}
This machine mirror the real scenario where it happen to be happen in real scenario where user may put their password related to themselves. Some of basic case, it happen to put password such as name of cat, birthday and favorite person or color.
Some important information cannot be store in the machine. As we seen, when one machine being hacked and it happen to have another cred, it will expose more to more event instead of one.
Based on the hint, if you look closely in the video, there is a QR code: Scan the QR and you'll get the flag:
FLAG: EG{QR_C0D3_1S_P0W3RFULL}
It same as previous challenge.
FLAG : EG{H4PPY_N3W_Y34R}
Give file in png. I donβt manage to get what tools can extract data in image in png format.
For this challenge, you just have to decode the picture with all the steganography online tools available until you find the chosen one and input the password: NOPASS.
https://www.pelock.com/products/steganography-online-codec
FLAG: EG{m4st3ry_cl44s}
To be continue
