SYberCTF-write-up

Hi , My name is Ahmed Magdy

I’m Egyptian in CTF in Syria LoL

I solved most of them after the SYber CTF has ended XD and :-(

I would like to thank all the organizers for this CTF

SYber CTF

Let’s go……

1 - Web challenge….

1 - Challenge Name : sp1ders

if you are a robot, you know what to do …

I don’t find any think in source code

Let’s see what is in it robots.txt

/trash/102.html

So go to the /trash/102.html

When open the /trash/102.html i see new dir so open it and find a new direction……

and continue the matter until this page i found

And continue the matter until this page i found

LoL where my flag :-(

When focusing on the numbers in the directions.

I thought it was hex but it not work

It is ASCLL so go to ASCLL to text

flag{yes, rob0t5}

flag{yes, rob0t5}

2 - Challenge Name : gr3ta

Only gr3ta knows how to get in

The challenge need pass to show the flag LoL i don’t have any pass

When enter any think it is print in URL and secret name doesn’t match and this meme XD

secret name doesn’t match

So check the sourse code i find the dir hidden in there in a HTML comment

hidden in there in a HTML comment

I see PHP code

When read the code i understood that he makes sure of every letter of the name “ gr3ta ” in the box from array alone

?username[]=g&username[]=r&username[]=3&username[]=t&username[]=a”

flag{Param3t3r_P0llution_n0t_b4d}

flag{Param3t3r_P0llution_n0t_b4d}

3 - Challenge Name : dadabeez

This challenge is 4 in 1 have 4 flag as 4 bugs

Check the sourse code and i don’t find any thing

try out SQL injection

Turned to a blank page without any code . It is SQL injection error

admin’ or 1=1 ; - -

Make simple SQL injection like : admin' or 1=1 ;- -

and put any password it isn’t matter

flag{pl0t_twi5t:4dm1n_l0gs_in_l1ke_th1s_cuz_he_f0rg0t_the_pwd}

flag{pl0t_twi5t:4dm1n_l0gs_in_l1ke_th1s_cuz_he_f0rg0t_the_pwd}

OK 1 of 4 Let’s go……

Let’s see what is in it robots.txt

/TODO.txt
Learn git

what is “git” after search i find the tool GitTools so use it

./gitdumper.sh http://syberctf.hadara-group.com:8003/.git/ challenge
git checkout -- .

flag{git_commit_-m”0x917900d”}

OK 2 of 4 Let’s go……

I think what is b.txt so open it i find it is like chat between 2

There is nothing suspicious a bout it but when see the hint “B.txt diff”

I suspected there was a difference between the two files

so go to site and open the file and diff between the file in gitools

in diffchecker LoL i have diff

The differences like this are the flag

The differences are the flag

OK 3 of 4 Let’s go……

sorry i cant find flag number : 4

Sad and LoL both at the same time :-(

End the web challenge…… I solve it XD

2 - Misc challenge……

1 - Challenge Name : copy paste

LoL XD😂

2 - Challenge Name : sanity check

Join to discord link and go to the misc channel

I find the massage in < !flag for free flag >in the description channel

flag{s4n1ty_ch3ck_101}

Type write !flag in the chat the bot will send it to you

flag{s4n1ty_ch3ck_101}

3- Challenge Name: copy paste 2

I use the inspect element and find the flag hidden in there in a HTML comment

flag{50und5_l1k3_c0p9p4573_bu7_w1th_3x7r4_573p5}

flag{50und5_l1k3_c0p9p4573_bu7_w1th_3x7r4_573p5}

4 - Challenge Name: is this challenge broken

After see the alert and mark in box the flag is her LoL

I don’t know what is the benefit of this challenge🙂:-(, just 100 points easy🙂

flag{H0w_d1D_y0u_f1nd_m3}

5 - Challenge Name : where does it end ?

After downloading the file I find “basedzip.txt” inside many letters….

I find “==” at the last letters in the file, so I thought that the file was encrypted with base64

So I go to the base64decode.org after decode the file gave me a file name “song.mp4” after listening to it.
Someone talking at the end in the song and give my

the pass: “p4s5w0rd_l0l” XD

At first I could not hear … Clearly after Moses helped me, who is one of the Founder…

After trying it

I found a link drive that contains a file “PDF” it needs a password to open … Try out the pass in song : “p4s5w0rd_l0l”

I find in the PDF this number :
“68747470733a2f2f676574666c61672e303030776562686f73746170702e636f6d2f”
It looks like a hex so decode it. I find this link

the link go to the flag 2 sec and return to youtube song :-(

after using the“Burp Suit” i catch the flag XD

flag{0h_f1n4lly_1_h4ve_r34ch3d_7h3_3nd_______0r_H4v3_I_?!}

6 - Challenge Name : LOL

After downloading the file I find the “file.wav” inside the Morse Code so go to the link and upload the file so give my “CNFGROVA.PBZ/ZF4LTNHR”

This is a Caesar Cipher that can be solved using an online Caesar Cipher translator that can show you all rotations of the phrase, one such is:

Caesar-cipher This will be the obviously correct rotation: PASTEBIN.COM/MS4YGAUE

After go to the link Not Found the page (#404)

I check the link and edit some letters the link “pastebin.com/mS4Ygaue is correct

Which contains a repeated text that has a different number on each repetition, you write those numbers side by side and translate them on an ASCII translator

flag{WTF?_OMG_U_R_NOW_WIN_GTFO}

flag{WTF?_OMG_U_R_NOW_WIN_GTFO}

End the misc challenge …… I solve it XD

3 - forensics challenge……

1 - Challenge Name : among us

After downloading the file I find the “image.jpg” use the

flag{3x1f700l5_15_5u5}

It is so easy XD

flag{3x1f700l5_15_5u5}

2 - Challenge Name : Ezzzzz^inf

After downloading the file I find the “ flag.zip ”

the file need pass to open so use “AngryZip.exe” program in widows and i use the word-list “rockyou.txt” the flag.zip extract “flag.txt”

When submit it my flag not correct LoL after focus in the flag it need enter the pass in $VAR and become true XD

3 - Challenge Name : FFFFFF

After downloading the file I find the “flag.jpg” and do not open so go the Hex editor and List_of_file_signatures

let’s try fixing it LoL

flag{D4rk_m0d3}

flag{D4rk_m0d3}

End the forensics challenge…… I solve it XD

4 - crypto challenge……

The first 3 challenges are very easy
1 - base 64 >> flag{b4s3_s1xt9_f0ur}

2 - After search in (( al4y5 Google )) lets put the first letter of each name together : saltcats >> flag{saltcats}

3 - base62 >> flag{w3ll_7h47_35c4l473d_qu1ckl9}

4 - Challenge Name : Do you know crypto

This is the Morse Code so go to the Cyber Chef and upload the text so give my

I think base64 but don't work so try out base62 and base32 so give my

this in base32 XD

This is a Caesar Cipher that can be solved using an online Caesar Cipher translator that can show you all rotations of the phrase, one such is:

Caesar-cipher This will be the obviously correct rotation:

flag{1_w15h_1_kn3w_cr9pt0_:(}

End the crypto challenge…… I solve it XD

Think you for your time

And finally, Thank you to read this write-up XD

Contact me if you want : Ahmed Magdy

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Magdy

Interested in infosec || CTF Player || Pentester || Bug Hunter || Security Researcher