10hats_writeup

Last updated 1 year ago

10hats_writeup

Introduction

On 4 November 2023 (Saturday), Programming Club (Pro-C) held an event for Capture The Flag. The event name was A-TEN-HATS Internal CTF 2023. This event was running for 6 hours including easy to hard challenge.

Thank you to sponsorship Re:Hack for generous sponsorship and alumni UNITEN that coming along.

Warmup

Strong Hold (ALL solve)

File : anyproblem

Identify the file, it on elf which can run in Linux environment. Let check the string to find any juicy information.

FLAG : UTEN{Why_you_string_me_along_man!}

History (all Solve)

File : history.txt

This file contains password in format /etc/passwd. Going through the line and find the flag. Or can use this method.

FLAG : UTEN{/bin/false/here}

Base Camp (5 Solve)

File : base_problem.txt

Reading the description, it mention something that might be useful. It starts at base85, base64, base62, base58, base45 and last base32.

FLAG : UTEN{W3LC0M3_T3N_H@TS_PL4Y3R}

Stretching (All solve)

File : loosen_finger.txt

The file contains 4 part which is binary, decimal, hexadecimal and base64.

FLAG : UTEN{b1n4ry_d3c1m@l_h3xm3_b64}

Hidden Camping (3 solves)

Network: nc ip:port

This challenge required us to connect to the designated IP and Port by using netcat.

Listing all the file list using ls -la and cat the hidden flag.

FLAG : UTEN{How_C@n_You_S33_M33!!}

Baby Soldier (5 solve)

File : baby.txt

Reading the given file it show something like 1 and 0. Since I know morse code also can be implement by 1 and 0. Using dcode morse, assign value ba and by as mention.

FLAG : UTEN{MORSECODEMAKEMECRAZY}

BONUS

Flag Format

Direct flag from description and the flag format must start with UTEN{}.

FLAG: UTEN{w3lc0me_h0m3_sold13r}

Rules

Reading through the description, there was base64 encoding. Decode it and get the flag.

FLAG : UTEN{r3ad_rul3s_4_3v3r}

Network (6 Solve)

Given the description look like they try to calling. Using service netcat, line and the port. As we know, netcat are connection that can be established by IP and port.

FLAG : UTEN{w0w_my_1nfr45truc7r3_4c7ually_w0rk5!}

Programming

Hidden Gem

File: chall.txt

This file contains 1000 lines of number and we need to sum up all this number since the answer was the flag. But how? Manually add or use the script.

Ask Mr. GPT to right me the script for this calculation.

FLAG : UTEN{50123971501856573397}

Reverse Engineering

Secret Path -1

File : secretpath-1

Checking the file type and strings it.

We got something So3asy? Why not try it.

Or using ltrace to understand how the program works.

As we can see, it compare the user input with So3asy?.

FLAG : UTEN{So3asy?}

Secret Path – 2

File : secretpath-2

Unfortunately, nobody manages to solve this challenge. HURM...

This program needs us to win 100 times. That so much. But to counter this problem, you might use chatgpt to provide script. By understanding how it work, it accept all value pistolmeleeriffle. That means, we can bypass winning conditions and just make it loop 100 times.

FLAG : UTEN{5caryCfunct1ons}

Quack Quack

File : inject.bin

The big hint here are quack quack (duck) and inject.bin. Looking out google it show rubber ducky encode.

FLAG : UTEN{DuckT00lkit}

Malware

Maldocs

Again nobody manage to get flag.

If you google about maldocs investigation, it will show ole vba as linux tool to do forensics.

Cryptography

Briefing

Reading all descriptions, it mentions about key: secret and also vinegere.

FLAG : UTEN{welcome_10_hats_UNITENCTF}

Noto Signal

File: nmesage.txt

This was Letter Number Code (A1Z26) cipher and / using to split it word. Convert into ascii.

It look like Nato cipher.

FLAG : UTEN{SENDQRFASAP}

Return2base

File: RTB.txt

Using cipher identify, and get deadfish cipher. Decode it and get decimal. Change into ascii.

FLAG : UTEN{ALLFISHAREDEAD}

Emergency Meeting

The description mentions something about bacon. Check into bacon cipher and get the flag.

FLAG : UTEN{BACONMIGHTCONFUSE}

Simple Message Service

File: sms.txt

Given the sms format. Using any online tools to decode the message.

Decode into base64.

FLAG : UTEN{SMS_PDU_DATA_64123}

Jones Emails

File : Jones_email.txt

To open eml file, can use thunderbird by changing txt to eml.

In this email, it contain attachement which is secret.txt. Download it and it mention about base91.

We get some pattern here, but what it is?. It might be char(number) since it mention about cryptography. The major hint are archaeologists. Which might be hieroglyphs cipher. Let put everything with correct format.

Im too lazy to edit one by one. Using this method.

Put into hieroglyphs cipher.

FLAG : UTEN{h1$tory_n_m0d3rn}

Steganography

Alien Sound

File: alien.wav

This was one of the favourite challenges all the time. Open using online tools or audacity and spectate the spectrogram.

FLAG : UTEN{WH3R3_MY_SPECTACLE2?}

Speaker

File : Malampagi.wav

Given the song without anything, but why it mentions speaker? And also, secret youneverseeme? That so suspicious. Let open with deep2sound.

We got the hidden file one rar and hint. Rar file need password. Let see the hint

Unlocker FEAR. That might be the password for this rar file.

Unfortunately, the file in .exe extensions. Let change into txt and read it.

From here, the flag was hidden in ASCII Banner. Using manually search and get the flag.

FLAG : UTEN{ASC11_N0W_WH4T?}

For spam mos and phoenix. Since no one solve the challenge. There is no writeup for it. Might be use for next challenge.

Forensics

Hax Bank

File : bank.pcap

Given file in pcap file. Open using wireshark.

Checking the hierarchy, it happen on TCP and HTTP. Let focus on this two stuff.

We got bunch of information here. The tips, application will send the data if we can see it work. Focus only on application and looking for success login. Since this is bank, it might need id and password. After that using 2FA, it will ask some secret question.

FLAG : UTEN{59247213_smurf_smurf_smurf}