Cambodia CTF 2023 write up

--- title: Cambodia CTF 2023 write up tags: ctf --- ## i got top 4 ![image](https://hackmd.io/_uploads/HJ2QsfrT0.png) ### forensic ###### h6I love this Khmer movie it's called l'oiseau de paradis or បក្សីឋានសួគ៌. One of the videos shows a beauty dancing. Can you tell me who is the person? ###### file : https://drive.google.com/file/d/1eFbz7qQl8zbydgWQ5OzPTh_ZDPUO5Fou/view?usp=sharing ###### it is mkv file we will view it ###### I noticed something is wrong with the video; it seems like two separate videos were merged into one. ```bash! apt-get install ffmpeg ffmpeg -i L'oiseau de paradis (1962).mkv frame%03d.png ``` ![image](https://hackmd.io/_uploads/S1pBszHTC.png) ###### My friend gave me a file saying it is an image and there's a secret inside it. I can't open it. Maybe run it ? Can you find what's the secret? file : https://drive.google.com/file/d/1t7J0UgXIhW6FEBgvRxuoY7XLXyRBdyc1/view?usp=sharing ###### i found solution on youtube https://youtu.be/pOO_dDKGvY4?si=nfhMs_6x1H2CaTat ![image](https://hackmd.io/_uploads/ry5vjzBaR.png) ###### ring ding dong ###### I love that song with a hedgehog dancing but i don't know the lyrics, Do you know the lyrics? ![image](https://hackmd.io/_uploads/Sk4ZpzSaR.png) ###### unexpected subtitle ###### Watch the video with subtitle opened and Watch the video with subtitle opened ###### CTF{1_L0V3_D@NC!NG_H3DG3H06} ###### I love Brazil country so much that i had to create a new file extension called .br and what cool is it compresses data so good. Can you read the file content and see how amazing it is? file : https://drive.google.com/file/d/1dyVXbS1J5b5PpA7_va6kTaRq1sOPawGt/view?usp=sharing ###### learn list of signature ![image](https://hackmd.io/_uploads/H1LKiMBpR.png) ![image](https://hackmd.io/_uploads/BJX5ofBTC.png) ### web ###### file upload ![image](https://hackmd.io/_uploads/H1C6TMHp0.png) ![image](https://hackmd.io/_uploads/HJqCpfB6R.png) ###### view source code and try to understand code ![image](https://hackmd.io/_uploads/B1vJ0zST0.png) ![image](https://hackmd.io/_uploads/SyeeCGBT0.png) ### misc ###### talking tom ###### learn python module ![image](https://hackmd.io/_uploads/ByxMRMH6R.png) ###### We intercept a spy communication. We found that they are meeting up at VIP at Jamal Deluxe Restaurant, To get in we need to our name at reservation table. Luckily we have the reservation list on that day. Can we social engineering the staff using one of the name in the list that leads to the spy table ? https://t.me/itisjamaldeluxerestaurantbot ###### provide name Viktor Grayson Jerome Valeska Maeve Wiley Napatsorn Chanthasalo Vattana Heang Ben Thanh Duy Vu Chun Li Nickolas Arkhipov Naphun Phuthong Hideyoshi Nagachika Hoang Thuy Linh Haise Sasaki Raksa Ouk Sung Jinwoo Nutnicha Khamvongsa Jessica Vanna Maiko Takigawa Nikka Chhan Saran Chanthasalo ###### change your name to sung jinwoo ###### i have a crush on that one Chinese girl but i didn't get her full name. I heard she's called SQ Li by her friends. Maybe we can ask our school student management bot for help to get her full name : https://t.me/fkurasianschoolbot ![image](https://hackmd.io/_uploads/Hyyk3MSaA.png) ###### learn sql injection ###### spy ![image](https://hackmd.io/_uploads/Sy1p3fBa0.png) ###### Download stickers with tgs file extension ###### Decompress tgs files with gzip ###### Read the json data and find the key called msg ###### Find all sticker json data until msg key has value with base64 ###### decode the base64 then write it into file ###### Open the image file ###### CTF{KIRA_1S_ALIVE_WE_WILL_MEET_HIM_AGAIN_THIS_WEEK} ### network ###### My brother was using a website and acted suspicious. I asked him and he did not want to tell me. Luckily, i have captured the network traffic in our house. Can you analyze the traffic and find what he is hiding? https://drive.google.com/file/d/16v0AUukCSkN-YCHvV7ppigrfclEhDLqD/view ###### Open the pcap file with Wireshark or other preferable tools ###### Go to File > Export Objects > HTTP ###### Click Save All ###### Find file named presentation.pptx and open it ###### Navigate to slide 4 ###### Move the box out ###### CTF{YOU_FOUND_PREAP_SOVATH} ###### A startup founder came to us to recover a code base was deleted by hacker. Can you help us recover it? file : https://drive.google.com/file/d/1QvETblq-KDDb3pssaew5dIoutAcYyCgu/view?usp=sharing ###### Recover source code from .git,go to database.py and reverse the long string,decode from base64 -> image file -> decode qr -> base64 -> flag ###### CTF{I_GIT_GOOD_AT_BEING_DUMPED} ### Crypto ###### A man was suspicious that his son is not his. So he get a DNA check. This is the DNA test result. What does it mean? ###### CAT GAA ATT TCT ACT CAT GAA TTT GCT ACT CAT GAA CGT ###### solution: https://dnacode.bc.cas.cz/index.php?ln=en ###### I met a girl at campus who is majoring in Chemistry. what funny is we do have chemistry together. One day, She gave me a letter. What it does it say? ###### 53 3 19 E 39 8 92 33 87 53 E 60 ###### solution https://www.dcode.fr/atomic-number-substitution