CYBERGON_CTF 2024

# Write Up CYBERGON_CTF 2024 ![image](https://hackmd.io/_uploads/rkdycpp7Jx.png) --- ## WEB ## Digital Forensics ### 1. Welcome - 1 ![image](https://hackmd.io/_uploads/SyfDA4-EJl.png) Tìm ở `registry hive SYSTEM/SOFTWARE`, tại hết giải nên mình xóa file rồi: > Flag: CYBERGON_CTF2024{WHITE-PARTY, Sean John Combs} --- ### 2. Welcome - 2 ![image](https://hackmd.io/_uploads/HJu2gSW41g.png) ![Screenshot 2024-11-30 231739](https://hackmd.io/_uploads/rJQ-ZSW4yg.png) Tra cứu reg hive `HISTORY`, mình có 1 vài link facebook, sau 1 vì đã có tên owner devide nên chỉ việc chọn 1 tài khoản có công khai bạn bè và tìm: > https://www.facebook.com/profile.php?id=61567849079733 ![image](https://hackmd.io/_uploads/Bk4cZHb41g.png) > Flag: CYBERGON_CTF2024{61567849079733, East Coast Rapper} --- ### 3. Welcome - 3 ![image](https://hackmd.io/_uploads/Byra-rbNJg.png) Mấy dữ liệu liên quan đến câu hỏi này thì tìm ở reg hive `SAM`: ![image](https://hackmd.io/_uploads/HyFWMBZEye.png) ```bash= Reset Data {"version":1,"questions":[{"question":"What was your childhood nickname?","answer":"Ko Toke Gyi"},{"question":"What’s the name of the first school you attended?","answer":"Blind"},{"question":"What’s the name of the city where you were born?","answer":"UK"}]} ``` > Flag: CYBERGON_CTF2024{Ko Toke Gyi} --- ### 4. Bonus ![image](https://hackmd.io/_uploads/BJlcGBW4kl.png) Bài này osint chứ k phải forensics: ![image](https://hackmd.io/_uploads/S1Or7SZEyx.png) > Flag: CybergonCTF{s0c14L_m3d14_O51n7} --- ## MISC ### 1. Triple Quiz ![image](https://hackmd.io/_uploads/B16cF4WVye.png) ![image](https://hackmd.io/_uploads/H111c4WVyl.png) Mở file thì có morse code, decode mình có được dãy: `6 666 777 7777 33 9 444 8 44 8 66 444 66 33` Decode 1 lần nữa: > Flag: CYBERGON_CTF2024{MORSEWITHTNINE} --- ### 2. Zip Zap ![image](https://hackmd.io/_uploads/H19H5EZE1e.png) Script solve: ```python= import zipfile import os import pyzipper zip_file_path = '500.zip' for i in range(500): with zipfile.ZipFile(zip_file_path, 'r') as zip_ref: file_names = zip_ref.namelist() print(file_names[0][-5],end='') password = file_names[0][-5] extract_to = os.getcwd() with pyzipper.AESZipFile(zip_file_path, mode='r') as zip_ref: zip_ref.setpassword(password.encode()) zip_ref.extractall(extract_to) zip_file_path=file_names[0] ``` ![image](https://hackmd.io/_uploads/rJHu64-V1g.png) ![image](https://hackmd.io/_uploads/B1klANW4ke.png) > Flag: CYBERGON_WCTF2024{y0@U_g07_r341b_F14g} --- ## CRYPTO ### 1. Warm Up ![image](https://hackmd.io/_uploads/HyngVrWNye.png) ![image](https://hackmd.io/_uploads/BkdZNBWNJe.png) > Flag: CYBERGON_CTF2024{b45392_h3x_b1n4ry} --- ### 2. Warm Up 1 ![image](https://hackmd.io/_uploads/BkUIEH-VJl.png) ![image](https://hackmd.io/_uploads/B14rESb41l.png) ![image](https://hackmd.io/_uploads/BJ5uVrW4Jg.png) > https://www.ideone.com/l/whitespace ![image](https://hackmd.io/_uploads/SkMpVHbVkx.png) > Flag: CYBERGON_CTF2024{br41nfuck_0r_wh1t35p4c3?} --- ### 2. Twice !! ![image](https://hackmd.io/_uploads/B1y9SSZVJl.png) ```python= def dec4(w): w = bytes.fromhex(w) return chr(w[1]) import string tr = str.maketrans('ABCDEFGHIJKLMNOP', '0123456789abcdef') # decoding input string. def decrypt(s): res = s.translate(tr) print(res) c = [dec4(res[i:i+4]) for i in range(0, len(res), 4)] o = [c[0]]*len(c) for i in range(1, len(o)): o[i] = chr(ord(c[i-1])^ord(c[i])) o = ''.join(o) return o a=(decrypt('OKEPKNAIOIENKMAJOAEFLABFPCFHLJBMOJEMKHACOBEEKIANOEEBKNAIOPEKKBAEOOELKFAAOAEFLABFPLFOLFBAPEFBLNBIPCFHLBBEPEFBLMBJPHFCLKBPPLFOLBBEOBEEKFAAODEGKEABOIENKJAMOLEOKNAIOCEHKHACOCEHKAAFOLEOKIANOJEMKBAEOLEOKKAPOOELKIANODEGKCAHODEGKFAAOPEKKMAJOIENKAAFOLEOKMAJONEIKJAMOHECKJAMOBEEKIANOEEBKLAOOJEMKFAAOPEKLPBKPLFOLABFPLFOLCBHPDFGLNBIONEIKGADOAEFLABFPOFLLCBHPKFPLFBAPJFMLNBIPPFKLIBNPHFCLKBPPPFKLFBAPOFLKOALOPEKKEABOOELKHACODEGKNAIOCEHKDAGOGEDKAAFOOELKMAJOEEBKBAEOIENKHACOEEBKIANOHECKJAMOMEJKFAAOLEOKGADOOELKEABONEIKAAFODEGKJAMOGEDKDAGOGEDKEABOKEPKCAHOKEPKJAMOAEFKGADOFEAKEABOKEPKBAEOJEMLJBMPDFGLBBEPFFALABFPPFKLLBOPOFLLJBMPFFALCBHPAFFLEBBPKFPLPBKPHFCLFBAOFEAKDAGOFEAKEABOKEPKPAKOHECKFAAPFFALDBGPFFALEBBPNFILEBBPHFCLJBM')) print(decrypt(a)) ``` ![image](https://hackmd.io/_uploads/Hyd3rr-VJe.png) > Flag: CYBERGON_CTF2024{c!7R!h_C7x1_c1Ph3R_KrUb!!!} --- ### 3. RSA 2 ![image](https://hackmd.io/_uploads/ryZZIBZ41g.png) ```python= from Crypto.Util.number import* e=65537 n = 11222960521299588524750181772783274494136260187265706255449546453051590711140226315418489273605550786286866861213107560059068705390211163996521916889962843049465232723113513937161139708829580255839302498745553742822028219120815522776817194932205965607268871964492604160910360630823557368267758149998874303490258640254944041292488072709825912234589051956237101861393250166383288225471240410545441288641428317727282487089617398205216009066566291920484141970950043945692757053601681465771996222610983586467074641256505745938075296078516556647247578105282414665403694284697737212759109318373113013635864830591729084632299 enc = 4576734045815415117393714785631533893386989421975362873054714721973774635633807216351035380690773987036176885213178400507495200723424882273269742714702510936914814535126953769815835845599408528989444709086820755745243538401968889036685263510116853431754692979282106622905405182176002591188189168848540317758672663110614746587847277186013825393236023619071578716175239047234708469908780821882885343491830991331125549714754449771483301008011927254615527584621447108823713195265186077687379401023743186083665136488814637885852911584730913514513104311188825766310494436999295732392931981405989153709642320565431642748272 result = [66953810142124815039330074236499310261872548478302540667230702366186795585053774076152555207345970575178148375832595166215236604690676109828736048475386794816121161445406948904951500098521882759834245621717603117359421674234377857916939480197431736700748894114250914875188652571151182449577867725826435423376, 80999476520674190840911057419847921359566717270329166665621275349092808316592952277886549172728262124841911886139982215089830102691377787521599010936244643996656761544283935771839177079576174490525422747341176363336559517593590536935078419089993487286051416549535034924351610990671702249465937149523440124761, 51216023802572567348628656925016052173207334859206588426719337944930296970754512831792094175558169025945510177730916662495838051702454240459586473357970507711891978175281288898510022166090248248871780043046413003302051163128527408141107396660111207921123000905106255749641830317142711784497262578942366553634] value2=2**1024 value3=(result[2]-result[1])*pow(result[1]-result[0],-1,value2)%value2 value4=(result[2]-value3*result[1])%value2 output=(result[0]-value4)%value2 p=output*pow(value3,-1,value2)%value2 q=n//p phi=(p-1)*(q-1) d=pow(e,-1,phi) print(long_to_bytes(pow(enc,d,n)).decode()) ``` > FLag: CYBERGON_CTF2024{C0nGr47uL4710N_y0u_g07_17!!!} --- ## OSINT ## HTTP ## STEGANO ### 1. Invisible ![image](https://hackmd.io/_uploads/SJm8LNW4Jl.png) ![image](https://hackmd.io/_uploads/B1rc8EbE1g.png) ![image](https://hackmd.io/_uploads/BJB3IEZ4kg.png) ![image](https://hackmd.io/_uploads/HJN6UN-4yg.png) > Flag: CYBERGON_CTF2024{n07h1ng_5t4ys_h1dd3n} --- ### 2. What's behind the wall ? ![image](https://hackmd.io/_uploads/SJrlPNWNye.png) ![image](https://hackmd.io/_uploads/SkBfDVZE1e.png) ![image](https://hackmd.io/_uploads/r1hQDEWVyx.png) > Flag: CYBERGON_CTF2024{3X1f_w1th_5n0w5} --- ### 3. Truesight ![image](https://hackmd.io/_uploads/SyxvPNZEkx.png) ![image](https://hackmd.io/_uploads/SkxXu4WEke.png) ![image](https://hackmd.io/_uploads/BkL_uE-EJe.png) ![CYBERGON](https://hackmd.io/_uploads/SJDK_NWNJg.png) > Flag: CYBERGON_CTF2024{y0u_g07_7h3_r!gh7_s1gn5} --- ## TI ## Reconnaissance ### 1. Leakage ![image](https://hackmd.io/_uploads/HkGyFEWEkx.png) ![image](https://hackmd.io/_uploads/HJEEYNbV1e.png) > Flag: CYBERGON_CTF2024{34af-atg4-34gs-f234g-79g6} --- ## BONUS ## Reverse Engineering