
Ahmed Magdy
7 min readOct 20, 2020


Hi , My name is Ahmed Magdy

I’m Egyptian in CTF in Syria LoL

I solved most of them after the SYber CTF has ended XD and :-(

I would like to thank all the organizers for this CTF


Let’s go……

1 - Web challenge….

1 - Challenge Name : sp1ders

if you are a robot, you know what to do …

I don’t find any think in source code

Let’s see what is in it robots.txt


So go to the /trash/102.html

When open the /trash/102.html i see new dir so open it and find a new direction……

and continue the matter until this page i found

And continue the matter until this page i found

LoL where my flag :-(

When focusing on the numbers in the directions.

I thought it was hex but it not work

It is ASCLL so go to ASCLL to text

flag{yes, rob0t5}

flag{yes, rob0t5}

2 - Challenge Name : gr3ta

Only gr3ta knows how to get in

The challenge need pass to show the flag LoL i don’t have any pass

When enter any think it is print in URL and secret name doesn’t match and this meme XD

secret name doesn’t match

So check the sourse code i find the dir hidden in there in a HTML comment

hidden in there in a HTML comment

I see PHP code

When read the code i understood that he makes sure of every letter of the name “ gr3ta ” in the box from array alone




3 - Challenge Name : dadabeez

This challenge is 4 in 1 have 4 flag as 4 bugs

Check the sourse code and i don’t find any thing

try out SQL injection

Turned to a blank page without any code . It is SQL injection error

admin’ or 1=1 ; - -

Make simple SQL injection like : admin' or 1=1 ;- -

and put any password it isn’t matter



OK 1 of 4 Let’s go……

Let’s see what is in it robots.txt

Learn git

what is “git” after search i find the tool GitTools so use it

./ challenge
git checkout -- .


OK 2 of 4 Let’s go……

I think what is b.txt so open it i find it is like chat between 2

There is nothing suspicious a bout it but when see the hint “B.txt diff”

I suspected there was a difference between the two files

so go to site and open the file and diff between the file in gitools

in diffchecker LoL i have diff

The differences like this are the flag

The differences are the flag

OK 3 of 4 Let’s go……

sorry i cant find flag number : 4

Sad and LoL both at the same time :-(

End the web challenge…… I solve it XD

2 - Misc challenge……

1 - Challenge Name : copy paste


2 - Challenge Name : sanity check

Join to discord link and go to the misc channel

I find the massage in < !flag for free flag >in the description channel


Type write !flag in the chat the bot will send it to you


3- Challenge Name: copy paste 2

I use the inspect element and find the flag hidden in there in a HTML comment



4 - Challenge Name: is this challenge broken

After see the alert and mark in box the flag is her LoL

I don’t know what is the benefit of this challenge🙂:-(, just 100 points easy🙂


5 - Challenge Name : where does it end ?

After downloading the file I find “basedzip.txt” inside many letters….

I find “==” at the last letters in the file, so I thought that the file was encrypted with base64

So I go to the after decode the file gave me a file name “song.mp4” after listening to it.
Someone talking at the end in the song and give my

the pass: “p4s5w0rd_l0l” XD

At first I could not hear … Clearly after Moses helped me, who is one of the Founder…

After trying it

I found a link drive that contains a file “PDF” it needs a password to open … Try out the pass in song : “p4s5w0rd_l0l”

I find in the PDF this number :
It looks like a hex so decode it. I find this link

the link go to the flag 2 sec and return to youtube song :-(

after using the“Burp Suit” i catch the flag XD


6 - Challenge Name : LOL

After downloading the file I find the “file.wav” inside the Morse Code so go to the link and upload the file so give my “CNFGROVA.PBZ/ZF4LTNHR”

This is a Caesar Cipher that can be solved using an online Caesar Cipher translator that can show you all rotations of the phrase, one such is:

Caesar-cipher This will be the obviously correct rotation: PASTEBIN.COM/MS4YGAUE

After go to the link Not Found the page (#404)

I check the link and edit some letters the link “ is correct

Which contains a repeated text that has a different number on each repetition, you write those numbers side by side and translate them on an ASCII translator



End the misc challenge …… I solve it XD

3 - forensics challenge……

1 - Challenge Name : among us

After downloading the file I find the “image.jpg” use the


It is so easy XD


2 - Challenge Name : Ezzzzz^inf

After downloading the file I find the “ ”

the file need pass to open so use “AngryZip.exe” program in widows and i use the word-list “rockyou.txt” the extract “flag.txt”

When submit it my flag not correct LoL after focus in the flag it need enter the pass in $VAR and become true XD

3 - Challenge Name : FFFFFF

After downloading the file I find the “flag.jpg” and do not open so go the Hex editor and List_of_file_signatures

let’s try fixing it LoL



End the forensics challenge…… I solve it XD

4 - crypto challenge……

The first 3 challenges are very easy
1 - base 64 >> flag{b4s3_s1xt9_f0ur}

2 - After search in (( al4y5 Google )) lets put the first letter of each name together : saltcats >> flag{saltcats}

3 - base62 >> flag{w3ll_7h47_35c4l473d_qu1ckl9}

4 - Challenge Name : Do you know crypto

This is the Morse Code so go to the Cyber Chef and upload the text so give my

I think base64 but don't work so try out base62 and base32 so give my

this in base32 XD

This is a Caesar Cipher that can be solved using an online Caesar Cipher translator that can show you all rotations of the phrase, one such is:

Caesar-cipher This will be the obviously correct rotation:


End the crypto challenge…… I solve it XD

Think you for your time

And finally, Thank you to read this write-up XD

Contact me if you want : Ahmed Magdy



Ahmed Magdy

Interested in infosec || CTF Player || Pentester || Bug Hunter || Security Researcher