THM-CTF collection Vol.1-Writeup
Sharpening up your CTF skill with the collection. The first volume is designed for beginner.
Find This Room: CTF collection Vol.1
Task 1 Author note
Just another random CTF room created by me. Well, the main objective of the room is to test your CTF skills. For your information, vol.1 consists of 20 tasks and all the challenges are extremely easy. Stay calm and Capture the flag. :)
Note: All the challenges flag are formatted as THM{flag}, unless stated otherwise
Task 2 What does the base said?
Can you decode the following?
VEhNe2p1NTdfZDNjMGQzXzdoM19iNDUzfQ==
Task 3 Meta meta
Task 4 Mon, are we going to be okay?
Task 5 Erm……Magick
This question has nothing immediately noticeable. There is nothing to download and nothing visible. If we highlight the page, we’ll see that the flag becomes visible because it is the same color as the background.
Task 6 QRrrrr
Such technology is quite reliable.
Task 7 Reverse it or read it?
Both works, it’s all up to you.
Task 8 Another decoding stuff
Can you decode it?
3agrSy1CewF9v8ukcSkPSYm3oKUoByUpKG4L
Task 9 Left or right
Left, right, left, right… Rot 13 is too mainstream. Solve this
MAF{atbe_max_vtxltk}
Task 10 Make a comment
No downloadable file, no ciphered or encoded text. Huh …….
Task 11 Can you fix it?
I accidentally messed up with this PNG file. Can you help me fix it? Thanks, ^^
We convert the file to Hexadecimal, edit the file and replace the amount of “magic numbers” from a PNG file, after this we can obtain our image by rendering it with CyberChef.
So as we searched on google and we found that the standard magic numbers of the png image are 89 50 4E 47
We have to just replace it.
Now our last step is to render the image from updated hexadecimal code which we did use cyber chef where we have to render the image from updated code
Task 12 Read it
Some hidden flag inside Tryhackme social account.
But provided hint cleared it for us. So here we got a chance to explore our google dork technique. And the perfect dork came to be
inurl:"reddit.com" &intext:"THM" & intitle:"tryhackme"
Task 13 Spin my head
What is this?
++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>++++++++++++++. — — — — — — .+++++.>+++++++++++++++++++++++.<<++++++++++++++++++.>> — — — — — — — — — -. — — — — -.++++++++++++++.++++++++++++.<++++++++++++++++++.+++++++++.<+++.+.> — — .>++++.
This task was spinning my mind as it told me to decode it but we were clueless about it that’s why we had to go for a hint, and they indicated to its “BINARYFUCK”
Task 14 An exclusive!
Exclusive strings for everyone!
S1: 44585d6b2368737c65252166234f20626d
S2: 1010101010101010101010101010101010
In this task, we got 2 strings but we didn’t know what to do with these strings but our saviour hint shows to XOR these strings.
Now we can relate exclusive and XOR.
Use This Script :
s1 = "44585d6b2368737c65252166234f20626d"
s2 = "1010101010101010101010101010101010"
a = hex(int(s1, 16) ^ int(s2, 16))[2:]
print(bytes.fromhex(a).decode('utf-8'))
Task 15 Binary walk
Please exfiltrate my file :)
As this task name suggests a binary walk and clue also directed us to binwalk, it is a tool binwalk that is helpful in steganography. But it is only used to extract the hidden file from the images.
Task 16 Darkness
There is something lurking in the dark.
We have to evaluate our image by filtering various colours in an image using stegsolve. We can download stegsolve with these terminal commands
wget http://www.caesum.com/handbook/Stegsolve.jar -O
stegsolve.jar
chmod +x stegsolve.jarNow just we have to open the image with the stegsolve
Task 17 A sounding QR
How good is your listening skill?
P/S: The flag formatted as THM{Listened Flag}, the flag should be in All CAPS
Task 18 Dig up the past
Sometimes we need a ‘machine’ to dig the past
Targetted website: https://www.embeddedhacker.com/
Targetted time: 2 January 2020
In this task as a title relates to the past the only thing that pops up in our mind is the Wayback machine and the time and date in the description make our doubt clear.
So, for checking past captures or archives of any site we can use the Wayback Machine. After analyzing the output, we can see there is a capture of the website on 2nd Jan 2020
But when we visited that website, we got our 18th flag.
Task 19 Uncrackable!
Can you solve the following? By the way, I lost the key. Sorry >.<
MYKAHODTQ{RVG_YVGGK_FAL_WXF}
Flag format: TRYHACKME{FLAG IN ALL CAP}
Task 20 Small bases
Decode the following text.
581695969015253365094191591547859387620042736036246486373595515576333693
This task was also of cryptography. In this task, the hints say (dec-> hex -> ASCII) we have to simply follow these tips that are converting decimal to hex first
Use : Decimal > Hex
Task 21 Read the packet
I just hacked my neighbor’s WiFi and try to capture some packet. He must be up to no good. Help me find it.
In this task when we download the file it’s a pcapfile. So, it cleared that it’s a Wireshark file
Use http filter and http stream
