Cybersecurity Student Contest Vietnam 2025

--- title: Cybersecurity Student Contest Vietnam 2025 tags: CTF --- ![image](https://hackmd.io/_uploads/H1t50PmCgg.png) ![image](https://hackmd.io/_uploads/BJth0D70xx.png) My team is top 10 in global red dragon ## Forensic ### Challenge: CovertS ![image](https://hackmd.io/_uploads/SJWXk_QCgg.png) ```bash! tshark -r challenge.pcapng -Y "tcp && ip.addr==192.168.203.91 && ip.addr==192.168.192.1" -Tfields -e tcp.checksum > payload.txt ``` ```bash! awk '{printf "%s", substr($0,3)}' payload.txt | xxd -r -p | base64 -d ``` ![image](https://hackmd.io/_uploads/Sk4R1_QAxe.png) Flag: CSCV2025{my_chal_got_leaked_before_the_contest_bruh_here_is_your_new_flag_b8891c4e147c452b8cc6642f10400452} ### DNS Exfil ![image](https://hackmd.io/_uploads/rJ5xeOQ0ex.png) Challenge: https://drive.google.com/file/d/1oF2t4Dxt0uyOz39AGYWDMGrAopPzYDxf/view?usp=sharing ```bash! tshark -r 10.10.0.53_ns_capture.pcap -Y "dns" -T fields -e dns.qry.name > result.txt ``` ```bash! #!/us```bash!r/bin/env python3 from hashlib import sha256 from Crypto.Cipher import AES from Crypto.Util.Padding import unpad import binascii def decrypt_fragments(fragments, secret): """ Decrypt concatenated hex fragments using AES-CBC with a key and IV derived from SHA-256 hash of the secret. Args: fragments (list): List of hex string fragments secret (str): Secret string used to generate key and IV Returns: str: Decrypted plaintext or error message """ try: # Validate input fragments if not fragments or not all(isinstance(f, str) for f in fragments): return "Error: Invalid or empty fragments list" # Concatenate hex fragments and convert to bytes try: ct = bytes.fromhex(''.join(fragments)) except ValueError: return "Error: Invalid hex string in fragments" # Validate secret if not isinstance(secret, str) or not secret: return "Error: Invalid or empty secret" # Generate key and IV from SHA-256 hash of secret h = sha256(secret.encode('utf-8')).digest() key, iv = h[:16], h[16:32] # Initialize AES cipher in CBC mode cipher = AES.new(key, AES.MODE_CBC, iv) # Decrypt and unpad the ciphertext try: pt = unpad(cipher.decrypt(ct), AES.block_size) return pt.decode('utf-8', errors='replace') except ValueError as e: return f"Error: Decryption failed - {str(e)}" except Exception as e: return f"Error: Unexpected issue - {str(e)}" # Define fragments and secret frags = [ # "c7aec5d0d81ba8748acac6931e5add6c24b635181443d0b9d2", # "f8aad90d5fc7774c1e7ee451e755831cd02bfaac3204aed8a4", # "3dfec8a22cde4db4463db2c35742062a415441f526daecb59b", # "f6af1ecb8cc9827a259401e850e5e07fdc3c1137f1", "6837abc6655c12c454abe0ca85a596e98473172829581235dd", "95380b06bf6dd06b89118b0003ea044700a5f2c4c106c3" ] secret = "F0r3ns1c-2025-CSCV" # Execute decryption result = decrypt_fragments(frags, secret) print(result) ``` Flag: CSCV2025{DnS_Exf1ltr4ti0nnnnnnnnnnNN!!}