π¦ΏMastery CTF Exam 2023
Last updated
Last updated
Hai there, this is my writeup Mastery CTF Exam 2023. In this CTF, my username was sayawithng. We manage to get 4 first bloods. Disclaimer, this writeup is being done for educational purposes and proof of concept on how I manage to get the flag. My way might be different from others. Enjoy your reading.
Attachment: flag.txt
Solution: Once open the text file given. Flag are given. Just like that.
FLAG: EG{G00DLUCK_0N_Y0UR_3X4M}
Attachment: record.dd
Solution : For this challenge, I used autopsy. Let fire up our tools and put record.dd into data source.
After few seconds, I found these 2 files. Let extract to our machine to investigate it. First, I open the pdf file, and I got credential. WOWOW
Let open zip file with given credential.
FLAG: EG{4N4LYS1S_1S_FUN}
Attachment: ram.dd and secret.zip
Solution: For this challenge, I used autopsy. Let fire up our tools and put ram.dd into data source.
Wow, I found lot of delete item on this memory. But the interesting part is, I found formula and secret.zip. Humm
After decoding it, we get = 6734228990319311. Now let extract secret.zip file. (Assume the file not corrupted). Put the password and we get the flag.
FLAG: EG{1_L0V3_F0R3NS1CS}
Attachment: usb.dd
Solution: For this challenge, I used autopsy. Let fire up our tools and put usb.dd into data source.
Wow, I found lot of delete item on this memory. But the interesting part is, I found flag.eg. No wonder why this challenge is EASY.
FLAG : EG{4UT0PSY_1S_P0W3RFULL}
Attachment: flag.rar
Solution: Once download the challenge, we got 3 file.
Flag.txt is rabbit hole flag. Why I said like that, because at the first place, I do submit the flag, it not the right flag.
Let move to password.txt since to open flag2 we need password.
Since this challenge about cryptography, let use our magic tools. (cyberchef/dcode). First sight, this was rot13 encryption or Caesar cipher. Let figure out.
We manage to get the flag, but it not in right format. Let use our tools again.
FLAG: EG{S1MPL3_3NCRYPT10N}
Attachment: flag.wav
Solution: Once download the challenge, let play the sound. It sounds like morse code. Let decode what it.
FLAG: EG{NOTSOS3CR3T}
Attachment: code.cpp
Solution: let download the file given. This file was in C++ language.
Analyzing the code, we can see clearly flag on line7. To proof this is right flag. Let see line 13 β 18. It compares the input word with flag.
FLAG: EG{H3LL0_W0RLD}
Attachment: error.cpp
Solution: let download the file given. This file was in C++ language.
Analyzing the code, we can see this programming are error and got multiple main in one programming which are not correct. Let find our flag by using search (alt+f) with keyword of eg{.
FLAG: EG{S0_C0MPL1C4T3D}
Attachment: meow.exe
Solution: let download the file given and run this file since it was in execute format (exe)
Once program was run, it as password. Randomly put test at it return wrong password. Let use tools to identify what is really happening at back since we cannot see the code clearly. I use ghidra
Always look for function main since all programs start at main.
Analysing the code, we can see this program ask input password at line 4 and be compared at line 7 with catmeow. If the input was correct, it will return correct password and flag as we can see in line 10.
FLAG: EG{N0T_S0_C0MPL3X}
Attachment: wifi.pcapng
Solution: For this challenge it got multiple way to be done. At first try, I always use strings with grep flag.
And we manage to get the flag. Or if use Wireshark, follow the TCP stream to stream 28. Since it mentions username and password are the flag. Then we got it.
FLAG: EG{W1R3SH4RK1SFUN}
LaLaLa
Attachment: LaLaLa.MP4
Solution: The only question that need more than 12 hours to solve it. ERGHH. This video contain username at 2:45
Since this method only applies to social media. Let check each of it.
We found the account of it. But there is nothing in his profile. Always remember to check everything since all have purpose. The profile picture. Let download it.
We got some information. Let see the song.
Let stalk his comment and lucky we found this. Same method, let find the account.
Proof that this is correct account.
Let investigate every post. The latest post give a directory to download flag2.But where is flag1??. Let check the first post.
We got something here, let figure out. To be honest. Iβm stuck at this part more than 10 hours. Only to get first flag.
Once download the flag2 from the mention one.
We need to figure the password. If you open the Instagram through website, cannot figure the second post song. After checking with my phone, I manage to get the song and the hint for password is most replayed.
Let open YouTube INZO overthinker
Use the minute to unzip file to get flag2.
Combine the flag we get and submit the answer.
FLAG: EG{3XTR3M3_1S_34SY}
Conclusion.
The questions given are interesting since they require lots of techniques and skills and you also must understand the trick for each question given. The best part was reverse engineering while the worst part for me was LALALA. HAHA. Still a lot more to learn and figure. Thank you for preparing the class and CTF questions.
