WRITE UP - CTF CHALLENGE - THE AMAZING WORLD OF CYBERCLASS

# WRITE UP - CTF CHALLENGE - THE AMAZING WORLD OF CYBERCLASS Hello everyone, [CyberClass's Daily Month CTF](https://www.facebook.com/groups/922536611640943/permalink/1486833041877961/) is happening now! Why not try it ? Hmm, maybe when you read this write-up the CTF contest has ended. LOL, nevermind. So here the write up (aka "how i do these challenges?") during the contest. Hm when i read some questions then i get started with the Forensic chall ### Forensic: Find The Cat ![image](https://hackmd.io/_uploads/S1ubmQMLT.png) Now you just download the file you'll get this ![image](https://hackmd.io/_uploads/HyCrQ7z8a.png) No file name extension or anything, so i try to read it with NotePad or you can use other Text Editor ![image](https://hackmd.io/_uploads/HkHlVQfLa.png) Yeah! You can know this is the UHA file! And now you gonna find the way to open it! I searched Google and found the **UHARC** ![image](https://hackmd.io/_uploads/BJLvE7GUp.png) **EXTRACT ARCHIVE** but remember to add `.uha` after file name ![image](https://hackmd.io/_uploads/Hyb34QGIT.png) ![image](https://hackmd.io/_uploads/BkEpNXM8p.png) OK! ![image](https://hackmd.io/_uploads/BkjZSmz8p.png) You open `zzz` and you found **NOTHING** ![image](https://hackmd.io/_uploads/S1KESmf8a.png) Now let's go to the folder `Park` ![image](https://hackmd.io/_uploads/r1hIBQMIa.png) Just a image ! And nothing again! Go to the `Pate` you get `Info` file Scroll down and you'll get this ![image](https://hackmd.io/_uploads/HyP2rQzLp.png) ```base64 S2VlcF9vbl9maW5kaW5nX3lvdV9hbG1vc3RfdGhlcmU= # Decrypt: Keep_on_finding_you_almost_there ``` Ok! The lucky :) Move on, bro! ![image](https://hackmd.io/_uploads/ByYHIQGLa.png) Nah, go on! ![image](https://hackmd.io/_uploads/By2PU7fUp.png) Hm, you see the list full the Decimal and you get this ```Decimal 45 45 32 77 121 83 81 76 10 67 82 69 65 84 69 32 84 65 66 76 69 32 73 70 32 78 79 84 32 69 88 73 83 84 83 32 109 101 111 115 116 97 116 117 115 32 40 10 32 32 32 32 105 100 32 73 78 84 32 78 79 84 32 78 85 76 76 32 65 85 84 79 95 73 78 67 82 69 77 69 78 84 44 10 32 32 32 32 110 97 109 101 32 86 65 82 67 72 65 82 40 53 48 41 32 78 79 84 32 78 85 76 76 44 10 32 32 32 32 80 82 73 77 65 82 89 32 75 69 89 32 40 105 100 41 10 41 59 10 10 67 82 69 65 84 69 32 84 65 66 76 69 32 73 70 32 78 79 84 32 69 88 73 83 84 83 32 109 101 111 115 116 121 112 101 115 32 40 10 32 32 32 32 105 100 32 73 78 84 32 78 79 84 32 78 85 76 76 32 65 85 84 79 95 73 78 67 82 69 77 69 78 84 44 10 32 32 32 32 110 97 109 101 32 86 65 82 67 72 65 82 40 53 48 41 32 78 79 84 32 78 85 76 76 44 10 32 32 32 32 80 82 73 77 65 82 89 32 75 69 89 32 40 105 100 41 10 41 59 10 10 67 82 69 65 84 69 32 84 65 66 76 69 32 73 70 32 78 79 84 32 69 88 73 83 84 83 32 109 101 111 115 32 40 10 32 32 32 32 105 100 32 73 78 84 32 78 79 84 32 78 85 76 76 32 65 85 84 79 95 73 78 67 82 69 77 69 78 84 44 10 32 32 32 32 110 97 109 101 32 86 65 82 67 72 65 82 40 53 48 41 32 78 79 84 32 78 85 76 76 44 10 32 32 32 32 109 101 111 115 116 121 112 101 95 105 100 32 73 78 84 32 78 79 84 32 78 85 76 76 44 10 32 32 32 32 109 101 111 115 116 97 116 117 115 95 105 100 32 73 78 84 32 78 79 84 32 78 85 76 76 44 10 32 32 32 32 80 82 73 77 65 82 89 32 75 69 89 32 40 105 100 41 44 10 32 32 32 32 70 79 82 69 73 71 78 32 75 69 89 32 40 109 101 111 115 116 121 112 101 95 105 100 41 32 82 69 70 69 82 69 78 67 69 83 32 109 101 111 115 116 121 112 101 115 32 40 105 100 41 32 79 78 32 68 69 76 69 84 69 32 67 65 83 67 65 68 69 44 10 32 32 32 32 70 79 82 69 73 71 78 32 75 69 89 32 40 109 101 111 115 116 97 116 117 115 95 105 100 41 32 82 69 70 69 82 69 78 67 69 83 32 109 101 111 115 116 97 116 117 115 32 40 105 100 41 32 79 78 32 68 69 76 69 84 69 32 67 65 83 67 65 68 69 10 41 59 10 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 116 97 116 117 115 32 40 110 97 109 101 41 32 86 65 76 85 69 83 32 40 39 48 110 104 52 39 41 59 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 116 97 116 117 115 32 40 110 97 109 101 41 32 86 65 76 85 69 83 32 40 39 68 49 99 104 48 49 39 41 59 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 116 97 116 117 115 32 40 110 97 109 101 41 32 86 65 76 85 69 83 32 40 39 66 48 110 104 97 52 114 52 100 49 39 41 59 10 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 116 121 112 101 115 32 40 110 97 109 101 41 32 86 65 76 85 69 83 32 40 39 68 105 104 105 97 39 41 59 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 116 121 112 101 115 32 40 110 97 109 101 41 32 86 65 76 85 69 83 32 40 39 87 97 108 97 104 39 41 59 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 116 121 112 101 115 32 40 110 97 109 101 41 32 86 65 76 85 69 83 32 40 39 68 117 109 112 67 97 116 39 41 59 10 10 45 45 32 73 110 115 101 114 116 32 109 101 111 115 32 119 105 116 104 32 97 115 115 111 99 105 97 116 101 100 32 116 121 112 101 32 97 110 100 32 115 116 97 116 117 115 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 32 40 110 97 109 101 44 32 109 101 111 115 116 121 112 101 95 105 100 44 32 109 101 111 115 116 97 116 117 115 95 105 100 41 32 86 65 76 85 69 83 32 40 39 67 111 100 111 110 39 44 32 49 44 32 49 41 59 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 32 40 110 97 109 101 44 32 109 101 111 115 116 121 112 101 95 105 100 44 32 109 101 111 115 116 97 116 117 115 95 105 100 41 32 86 65 76 85 69 83 32 40 39 66 117 110 66 117 110 39 44 32 50 44 32 50 41 59 10 73 78 83 69 82 84 32 73 78 84 79 32 109 101 111 115 32 40 110 97 109 101 44 32 109 101 111 115 116 121 112 101 95 105 100 44 32 109 101 111 115 116 97 116 117 115 95 105 100 41 32 86 65 76 85 69 83 32 40 39 66 52 98 121 39 44 32 51 44 32 51 41 59 10 10 83 69 76 69 67 84 32 109 101 111 115 46 110 97 109 101 32 65 83 32 109 101 111 115 95 110 97 109 101 44 32 109 101 111 115 116 121 112 101 115 46 110 97 109 101 32 65 83 32 109 101 111 115 95 116 121 112 101 44 32 109 101 111 115 116 97 116 117 115 46 110 97 109 101 32 65 83 32 109 101 111 115 95 115 116 97 116 117 115 10 70 82 79 77 32 109 101 111 115 10 74 79 73 78 32 109 101 111 115 116 121 112 101 115 32 79 78 32 109 101 111 115 46 109 101 111 115 116 121 112 101 95 105 100 32 61 32 109 101 111 115 116 121 112 101 115 46 105 100 10 74 79 73 78 32 109 101 111 115 116 97 116 117 115 32 79 78 32 109 101 111 115 46 109 101 111 115 116 97 116 117 115 95 105 100 32 61 32 109 101 111 115 116 97 116 117 115 46 105 100 32 119 104 101 114 101 32 109 101 111 115 46 110 97 109 101 32 61 39 66 52 98 121 39 59 ``` Now decrypt it by using CyberChef (using block `FROM DECIMAL`) And you got this ```sql! -- MySQL CREATE TABLE IF NOT EXISTS meostatus ( id INT NOT NULL AUTO_INCREMENT, name VARCHAR(50) NOT NULL, PRIMARY KEY (id) ); CREATE TABLE IF NOT EXISTS meostypes ( id INT NOT NULL AUTO_INCREMENT, name VARCHAR(50) NOT NULL, PRIMARY KEY (id) ); CREATE TABLE IF NOT EXISTS meos ( id INT NOT NULL AUTO_INCREMENT, name VARCHAR(50) NOT NULL, meostype_id INT NOT NULL, meostatus_id INT NOT NULL, PRIMARY KEY (id), FOREIGN KEY (meostype_id) REFERENCES meostypes (id) ON DELETE CASCADE, FOREIGN KEY (meostatus_id) REFERENCES meostatus (id) ON DELETE CASCADE ); INSERT INTO meostatus (name) VALUES ('0nh4'); INSERT INTO meostatus (name) VALUES ('D1ch01'); INSERT INTO meostatus (name) VALUES ('B0nha4r4d1'); INSERT INTO meostypes (name) VALUES ('Dihia'); INSERT INTO meostypes (name) VALUES ('Walah'); INSERT INTO meostypes (name) VALUES ('DumpCat'); -- Insert meos with associated type and status INSERT INTO meos (name, meostype_id, meostatus_id) VALUES ('Codon', 1, 1); INSERT INTO meos (name, meostype_id, meostatus_id) VALUES ('BunBun', 2, 2); INSERT INTO meos (name, meostype_id, meostatus_id) VALUES ('B4by', 3, 3); SELECT meos.name AS meos_name, meostypes.name AS meos_type, meostatus.name AS meos_status FROM meos JOIN meostypes ON meos.meostype_id = meostypes.id JOIN meostatus ON meos.meostatus_id = meostatus.id where meos.name ='B4by'; ``` RUN IT! [RESULT](https://onecompiler.com/mysql/3zvwv8tae) Now move on ! ![image](https://hackmd.io/_uploads/S1o4_QfL6.png) You get this ```! JCBBSTg5NzY2TE9QMTI0MTUxMjMxPSdDeWJlcic7b3BvcXFxPScgY29tcGxldGUgdGhlIGZsYWc6ICc7SFVRUjM0dWlvamRoaj0nbmFtZV8nO1BXRVFIUkxBRFMxMjQ0PSdfc3RhdHVzfSc7Q2lpaW5kYT0nIGluZm9ybWF0aW9uIHRvJztCODEyNzQ4OXFxcT0nQ2xhc3N7JztSRVFJVUZJQUhBU0RBQVNGWD0ndHlwZSc7T0lVPSdGaW5kIHRoZSc7ZWNobyAtZSAke09JVX0ke0NpaWluZGF9JHtvcG9xcXF9JHtBSTg5NzY2TE9QMTI0MTUxMjMxfSR7QjgxMjc0ODlxcXF9JHtIVVFSMzR1aW9qZGhqfSR7UkVRSVVGSUFIQVNEQUFTRlh9JHtQV0VRSFJMQURTMTI0NH0= ``` ```bash! # Decrypt: AI89766LOP124151231='Cyber';opoqqq=' complete the flag: ';HUQR34uiojdhj='name_';PWEQHRLADS1244='_status}';Ciiinda=' information to';B8127489qqq='Class{';REQIUFIAHASDAASFX='type';OIU='Find the';echo -e ${OIU}${Ciiinda}${opoqqq}${AI89766LOP124151231}${B8127489qqq}${HUQR34uiojdhj}${REQIUFIAHASDAASFX}${PWEQHRLADS1244} ``` Run this on terminal you'll get the flag format and match it with the data you got above > Flag: CyberClass{B4by_DumpCat_B0nha4r4d1} ### Crypto: > Update later! ### Steg: > Update later!