SYberCTF-write-up
Hi , My name is Ahmed Magdy
I’m Egyptian in CTF in Syria LoL
I solved most of them after the SYber CTF has ended XD and :-(
I would like to thank all the organizers for this CTF
Let’s go……
1 - Web challenge….
1 - Challenge Name : sp1ders
I don’t find any think in source code
Let’s see what is in it robots.txt
So go to the /trash/102.html
When open the /trash/102.html i see new dir so open it and find a new direction……
And continue the matter until this page i found
When focusing on the numbers in the directions.
I thought it was hex but it not work
It is ASCLL so go to ASCLL to text
flag{yes, rob0t5}
2 - Challenge Name : gr3ta
The challenge need pass to show the flag LoL i don’t have any pass
When enter any think it is print in URL and secret name doesn’t match and this meme XD
So check the sourse code i find the dir hidden in there in a HTML comment
I see PHP code
When read the code i understood that he makes sure of every letter of the name “ gr3ta ” in the box from array alone
?username[]=g&username[]=r&username[]=3&username[]=t&username[]=a”
flag{Param3t3r_P0llution_n0t_b4d}
3 - Challenge Name : dadabeez
This challenge is 4 in 1 have 4 flag as 4 bugs
Check the sourse code and i don’t find any thing
try out SQL injection
Turned to a blank page without any code . It is SQL injection error
Make simple SQL injection like : admin' or 1=1 ;- -
and put any password it isn’t matter
flag{pl0t_twi5t:4dm1n_l0gs_in_l1ke_th1s_cuz_he_f0rg0t_the_pwd}
OK 1 of 4 Let’s go……
Let’s see what is in it robots.txt
what is “git” after search i find the tool GitTools so use it
flag{git_commit_-m”0x917900d”}
OK 2 of 4 Let’s go……
I think what is b.txt so open it i find it is like chat between 2
There is nothing suspicious a bout it but when see the hint “B.txt diff”
I suspected there was a difference between the two files
so go to site and open the file and diff between the file in gitools
in diffchecker LoL i have diff
The differences are the flag
OK 3 of 4 Let’s go……
sorry i cant find flag number : 4
Sad and LoL both at the same time :-(
End the web challenge…… I solve it XD
2 - Misc challenge……
1 - Challenge Name : copy paste
2 - Challenge Name : sanity check
Join to discord link and go to the misc channel
I find the massage in < !flag for free flag >in the description channel
Type write !flag in the chat the bot will send it to you
flag{s4n1ty_ch3ck_101}
3- Challenge Name: copy paste 2
I use the inspect element and find the flag hidden in there in a HTML comment
flag{50und5_l1k3_c0p9p4573_bu7_w1th_3x7r4_573p5}
4 - Challenge Name: is this challenge broken
After see the alert and mark in box the flag is her LoL
I don’t know what is the benefit of this challenge🙂:-(, just 100 points easy🙂
flag{H0w_d1D_y0u_f1nd_m3}
5 - Challenge Name : where does it end ?
After downloading the file I find “basedzip.txt” inside many letters….
I find “==” at the last letters in the file, so I thought that the file was encrypted with base64
So I go to the base64decode.org after decode the file gave me a file name “song.mp4” after listening to it.
Someone talking at the end in the song and give my
the pass: “p4s5w0rd_l0l” XD
At first I could not hear … Clearly after Moses helped me, who is one of the Founder…
After trying it
I found a link drive that contains a file “PDF” it needs a password to open … Try out the pass in song : “p4s5w0rd_l0l”
I find in the PDF this number :
“68747470733a2f2f676574666c61672e303030776562686f73746170702e636f6d2f”
It looks like a hex so decode it. I find this link
the link go to the flag 2 sec and return to youtube song :-(
after using the“Burp Suit” i catch the flag XD
flag{0h_f1n4lly_1_h4ve_r34ch3d_7h3_3nd_______0r_H4v3_I_?!}
6 - Challenge Name : LOL
After downloading the file I find the “file.wav” inside the Morse Code so go to the link and upload the file so give my “CNFGROVA.PBZ/ZF4LTNHR”
This is a Caesar Cipher that can be solved using an online Caesar Cipher translator that can show you all rotations of the phrase, one such is:
Caesar-cipher This will be the obviously correct rotation: “PASTEBIN.COM/MS4YGAUE”
After go to the link Not Found the page (#404)
I check the link and edit some letters the link “pastebin.com/mS4Ygaue” is correct
Which contains a repeated text that has a different number on each repetition, you write those numbers side by side and translate them on an ASCII translator
flag{WTF?_OMG_U_R_NOW_WIN_GTFO}
End the misc challenge …… I solve it XD
3 - forensics challenge……
1 - Challenge Name : among us
After downloading the file I find the “image.jpg” use the
It is so easy XD
flag{3x1f700l5_15_5u5}
2 - Challenge Name : Ezzzzz^inf
After downloading the file I find the “ flag.zip ”
the file need pass to open so use “AngryZip.exe” program in widows and i use the word-list “rockyou.txt” the flag.zip extract “flag.txt”
When submit it my flag not correct LoL after focus in the flag it need enter the pass in $VAR and become true XD
3 - Challenge Name : FFFFFF
After downloading the file I find the “flag.jpg” and do not open so go the Hex editor and List_of_file_signatures
let’s try fixing it LoL
flag{D4rk_m0d3}
End the forensics challenge…… I solve it XD
4 - crypto challenge……
The first 3 challenges are very easy
1 - base 64 >> flag{b4s3_s1xt9_f0ur}
2 - After search in (( al4y5 Google )) lets put the first letter of each name together : saltcats >> flag{saltcats}
3 - base62 >> flag{w3ll_7h47_35c4l473d_qu1ckl9}
4 - Challenge Name : Do you know crypto
This is the Morse Code so go to the Cyber Chef and upload the text so give my
I think base64 but don't work so try out base62 and base32 so give my
this in base32 XD
This is a Caesar Cipher that can be solved using an online Caesar Cipher translator that can show you all rotations of the phrase, one such is:
Caesar-cipher This will be the obviously correct rotation:
flag{1_w15h_1_kn3w_cr9pt0_:(}
End the crypto challenge…… I solve it XD
Think you for your time
And finally, Thank you to read this write-up XD
Contact me if you want : Ahmed Magdy