ASEAN OPEN CTF 2025::CTF

--- title: ASEAN OPEN CTF 2025::CTF tags: Forensic --- i am almost clear forensic category ![image](https://hackmd.io/_uploads/SkhicZCOge.png) Challenge: https://drive.google.com/file/d/1KBFtAluNuMPf9izYKio2eq7WdAaaJ0iQ/view?usp=sharing https://drive.google.com/file/d/1-BUbrmnzlVJh1WZKShD7OvlNCL_EWI3T/view?usp=sharing https://drive.google.com/file/d/1_SA-acPegxyTjZ1ioOL2zydgWtN2L5mz/view?usp=sharing https://drive.google.com/file/d/1I7D2yRsDuu6vrBK6fI0BJSnByG713rQ2/view?usp=sharing ### Copy Paste ```bash! tshark -r heh.pcapng -Y "dns" -T fields -e dns.qry.name ``` ![image](https://hackmd.io/_uploads/r1dTobRdgx.png) we see something like base64 ```bash! strings dns.txt | grep ".covert-data.local" > new.txt sort new.txt | uniq > heh.txt ``` ![image](https://hackmd.io/_uploads/Skisn-0Oex.png) ![image](https://hackmd.io/_uploads/B1RanbROxe.png) ### p00r r4ns0mw4r3 ![image](https://hackmd.io/_uploads/BkYraW0uxl.png) i check C:\Users\Administrator\Downloads>git clone https://github.com/4ss3mbl3rV/m4w3rk-CTC.git https://github.com/4ss3mbl3rV/m4w3rk-CTC/blob/master/dist/word.exe ![image](https://hackmd.io/_uploads/Bk3I1MCuxx.png) i see it mention py https://pyinstxtractor-web.netlify.app/ https://pylingual.io/ ![image](https://hackmd.io/_uploads/B1XyxGROge.png) **** ![image](https://hackmd.io/_uploads/SJy6gMAOeg.png) ![image](https://hackmd.io/_uploads/B152xGAdxx.png) ![image](https://hackmd.io/_uploads/SkGClM0Oxe.png) ### Letter Of Motivation ```bash! olevba --deobf "Letter of Motivation.doc" > vba.txt ``` ![image](https://hackmd.io/_uploads/SJE0zzRull.png) sudo ./docker/dockermonkey.sh ~/Desktop/Letter\ of\ Motivation.doc output.json ![image](https://hackmd.io/_uploads/SkjoJHkKxl.png) ![image](https://hackmd.io/_uploads/H1I9kHkFgg.png) ### No pass No problem ![image](https://hackmd.io/_uploads/B14KZSyKel.png) ![image](https://hackmd.io/_uploads/Byc9ZByYee.png) ![b099c529-6c03-4158-a1fa-9c57b0ec81fb](https://hackmd.io/_uploads/BJBvybltle.png) SSID: DirtyMartini echo -n "DirtyMartini" | xxd -ps 44697274794d617274696e69 nano capture.hc22000 Find the part where the SSID field is (XXXXXXXXXXXXXXXXXXXXXXXX in your earlier file) and replace it with: 44697274794d617274696e69 Becuase of it is hidden ssid hashcat -m 22000 -a 0 capture.hc22000 /usr/share/wordlists/rockyou.txt dcd857aef5a7025b48de94f4741b1dcc:7cf17eabd215:24eb16023e47:DirtyMartini:muffin007 password = muffin007 flag: DirtyMartini_muffin007