Kashi CTF 2025 writeup

# Kashi CTF 2025 writeup [TOC] ![image](https://hackmd.io/_uploads/HkAMfJj5Jg.png) ![score](https://hackmd.io/_uploads/ry-S6ct5yl.png) # crypto ## Lost Frequencies Use [this site](https://www.dcode.fr/morse-code) to decode the morse and get this ```OHNOBINARYMORSE``` the flag is ```KashiCTF{OHNOBINARYMORSE}``` ## MMDLX From the key word 'Romans' I think that it's a caesar cipher, and the == at the and that me think that it is a base64. ![image](https://hackmd.io/_uploads/S1lJ0Uv5yg.png) After trying part of the cipher a found that **shift three** alphabet's cipher can base64 and still be something similar ![image](https://hackmd.io/_uploads/B1bh6Lv5ke.png) So I write a python code ``` import base64 f=open("./cipher",'r') cipher=f.read() f.close() # print(cipher) for i in range(2560): cipher=base64.b64decode(cipher).decode('UTF-8') print(i+1,cipher) ``` I get the flag when it base64 decode 40 times ``` 40 KashiCTF{w31rd_numb3r5_4nd_c1ph3r5} ``` # osint ## Who am I ?? ``` Q: You've stumbled upon a bustling street with political posters. Find out after which politician this road is named. ``` ![image](https://hackmd.io/_uploads/Sy5QJOvq1x.png) I search for the **Duna house**, there are many result in Budapest ![image](https://hackmd.io/_uploads/BJFPluv5kl.png) One of the location seems to be the answer ![image](https://hackmd.io/_uploads/rJmXe_wqyg.png) I search for **Bajcsy-Zsilinszky**, and pop out a man names **Endre Bajcsy-Zsilinszky** The flag is ```KashiCTF{Endre_Bajcsy_Zsilinszky}``` # forensics ## Look at Me ![image](https://hackmd.io/_uploads/B1lqZOvc1x.png) there is an app called **SilentEye** which can decode message from picture ![image](https://hackmd.io/_uploads/rywxzODckl.png) I pressed decode and get ![image](https://hackmd.io/_uploads/HkLu-_P51g.png) the flag is ```KashiCTF{K33p_1t_re4l}``` ## Restaurant ![image](https://hackmd.io/_uploads/HJeB4OPqyx.png) I found this at the end of the png file ![image](https://hackmd.io/_uploads/HyHd4dvc1l.png) It is a Bacon cipher, and the flag is ```KashiCTF{THEYWEREREALLLLYCOOKING}``` # misc ## Easy Jail use this to get shell ``` __import__("os").system("sh") ``` and then ``` cd ../ cat flag.txt ``` the flag is ```KashiCTF{3V4L_41NT_54F3_JjqytIZu}``` ## Easy Jail 2 I use [this site](https://lingojam.com/ItalicTextGenerator) to change import to italic text and pypass the blacklist ``` my pyload: __𝘪𝘮𝘱𝘰𝘳𝘵__("os").system("\163\150") __𝘪𝘮𝘱𝘰𝘳𝘵__ is Italic text \163\150 is 'sh' in octal ``` then I get the shell ``` cd ../ cat flag.txt ``` the flag is ```KashiCTF{C4N_S71LL_CL3AR_8L4CKL15T_rI6TZVBz}``` # rev ## Game 1 - Untitled Game ```strings Challgame.exe | grep -C 10 flag``` I use this to find the flag info and get ![image](https://hackmd.io/_uploads/S1xMaMOc1e.png) The flag is ```KashiCTF{N07_1N_7H3_G4M3}``` ## Game 2 Wait The exe need me to wait for 48 hr and can get the flag, so I change my computer's time to 1 week later and I get the flag ![image](https://hackmd.io/_uploads/HyVGKjdqJe.png) ```KashiCTF{Ch4kr4_Vyuh}``` # web ## SuperFastAPI dirsearch the url and get this ![image](https://hackmd.io/_uploads/SJWQSjOcJl.png) get in the /docs and creat user bbb ![image](https://hackmd.io/_uploads/ryQYro_qJx.png) update the user role to **admin** ![image](https://hackmd.io/_uploads/S1_wBi_9yg.png) use /flag/{username} to get the flag ![image](https://hackmd.io/_uploads/Hy3Hri_cyg.png) ```KashiCTF{m455_4551gnm3n7_ftw_0UsPN3eqF}```