Information#
Version#
| By | Version | Comment |
|---|---|---|
| noraj | 1.0 | Creation |
CTF#
- Name : YUBITSEC CTF 2017
- Website : ctf.yubitsec.org
- Type : Online
- Format : Jeopardy
- CTF Time : link
1 - Flag Format - Warmup#
Hello,Welcome to YUBITSEC CTF!
We hope you will have a good time.
Flag Format is;
YUBITSEC{}
5 - Bash - Warmup#
BFYRGHVX{ZGYZHS_MLG_DVOXLNV_SVIV}
Bash for ATBASH.
YUBITSEC{ATBASH_NOT_WELCOME_HERE}
10 - A fine cipher - Warmup#
a:9
b:13
Encrypted:
VLWHCTXF{N_GHAX_FHSYXK}
A fine cipher for Affine cipher.
YUBITSEC{A_FINE_CIPHER}
10 - Rome - Warmup#
Encrypted:
PLSZKJVT{TRVJRI_WFLEU_KYZJ_RTKLRCCP}
Rome for Caesar.
YUBITSEC{CAESAR_FOUND_THIS_ACTUALLY}
10 - Telegram - Warmup#
Join our telegram group to get the flag
YUBITSEC{Abi_n4sil_uy3_0luy0ruz?}
5 - Disambiguation - Trivia#
A well known bug in OpenSSL cryptology library.
There is no flag format, enter the answer in lowercase.
heartbleed
10 - Execution - Trivia#
A well known privilege escalation vulnerability.
There is no flag format, enter the answer in lowercase.
shellshock
10 - Talk dirty to me - Trivia#
A linux kernel bug that has been around for at least 11 years.
There is no flag format, enter the answer in lowercase.
dirtycow
10 - Γmit Besen - Trivia#
A well known computer worm that spreads with emails.
There is no flag format, enter the answer in "uppercase".
ILOVEYOU
15 - Global Surveillance - Trivia#
Intercept the communications!
There is no flag format, enter the answer in lowercase.
echelon
150 - Text into image - Steganography#
Shaco is hiding something!
Orga did a mistake, this is not a LSB challenge, name of the challenge was changed.
Pure guessing. I simply wrote steganography Text into image into google and used the first online tool:
http://manytools.org/hacker-tools/steganography-encode-text-into-image/
Flag is YUBITSEC{now_you_see_me}.
30 - Robots Are Cool 1 - Web#
I think robots are cool. What you think?
Considering the title, I tried to access the robots.txt:
1 | $ curl http://138.197.41.168/fiuuu/robots.txt |
PS: http://138.197.41.168/fiuuu/pewpewpew.html also contains the flag.
Flag is YUBITSEC{c0me_w1th_m3_If_y0u_w4nt_t0_L1ve}.
75 - Simple Sql Injection - Web#
I tried the following payload:
- Login:
admin - Password:
' or 1-- -'
I succesfully bypassed the authentification and got redirected to http://138.197.41.168/ctf3/fl0g.html.
1 |
|
175 - Coming Soon!! - Web#
Hello I am Zafer. BeΕir puts Izzettin in to a coma and I need help to get Avatar 2 DVD. Can you help me to get it?
http://138.197.41.168/ctf1/login.html
Note: For none Turkish players; if you have any issue with language contact hatMadder on irc
hint: take carefull look at names ;)
I tried the following payload:
- Login:
admin - Password:
' or 1-- -'
I succesfully bypassed the authentification and got redirected to http://138.197.41.168/ctf1/avatar.html
There is some links:
1 | Avatar 2 |
They looks to be a base64 image splitted into 6 parts.
So I extracted the base64 parts manually and save them into a file. And then retrieve the image:
1 | $ cat test.txt| tr -d '\n' | base64 -di > image |
And then I can see a AVATAR 2 CD RIP with YUBITSEC{1zz3tt1n1_k0m4y4_b3n_s0ktUm}.
50 - Location - OSINT#
Can you find location ?
We are looking for city name ?
All chars are lowercase and close.
Flag format: YUBITSEC{losangeles}
We are looking for GPS metadata:
1 | $ exiftool location.jpg | grep -i gps |
I used indlatitudeandlongitude.com (again) to get the location: Ameghino 400-466, Z9400JEJ RΓo Gallegos, Santa Cruz, Argentina.
Flag is YUBITSEC{riogallegos}.
Note: it's more forensics than OSINT
75 - Mobile Number - OSINT#
Who took this photo ?
Can you find photographer's mobile number ?
Show me, How stalker are you!
Note: Flag format will be YUBITSEC{+1234567890}
This time no metadata.
I made a reverse image search with Google image (uploading the picture), and I found that this picture was taken by Isaac Kasamani.
I see his Facebook but nothing there, so I went to his blog and found his phone number: +256 (0) 752166288.
Flag is YUBITSEC{+2560752166288}.
15 - Social Media - OSINT#
Nothing on Twitter.
Facebook or Instagram profile are not referenced nor with normal search engine search nor with dorks like yubitsec inurl:instagram.com.
I looked that there is no local/national Turkish social media.
So I asked an admin that redirect me to instagram.
But there is nothing referenced.
So I surfed on StackExchange and found a topic: I don't have an Instagram account. Can I still look at users' Instagram photos?.
The answer was to go to instagram.com/profile_name. I looked for yubitsec and found https://www.instagram.com/yubitsec/.
There is 1 picture, a QR code.
The original picture may be still available on the CDN.
So I used https://webqr.com/ (drag'n'drop) and found: YUBITSEC{W3LC0M3}.
This is not really open source information or publicly available data so we can't really talk about OSINT. But you know CTF organizers often don't care to make challenge about true security, well categorize them or even ban guessing.
25 - Find me - Misc#
Find me in source code.
Nothing on ctf.yubitsec.org. Let's try yubitsec.org:
1 |
|
Flag is YUBITSEC{AG4_I$L3R_V4R}.
25 - Strings - Misc#
Easy Peasy
As the title said:
1 | $ strings Strings.jpg | tail -1 |
35 - Weird symbols - Misc#
What is this?
That is some JavaScript Brainfuck (not original Brainfuck).
You can eval some part in a javascript console, for example !+[]+!+[]+[+[]] equal 20.
So I pasted all into an eval() and waited until I got a pop-up with YUBITSEC{WEIRD_JAVASCRIPT_IS_WEIRD}.
35 - B64 - Misc#
I remove the b'base64' around the base64 data and then:
1 | $ cat file.txt| base64 -di | base64 -di | base64 -di | base64 -di | base64 -di | base64 -di | base64 -di | base64 -di |
But it seems very recursive.
So I used and adapted a recusrive command:
1 | $ str=`cat file.txt`; for i in `seq 1 100`; do echo -e "$str\n"; str="$(base64 -di <<< $str)"; done |
YUBITSEC{YUBITSEC{YUBITSEC{YUBITSEC}}}
50 - File - Forensics#
Challenge's link https://drive.google.com/open?id=0B_jBF_ZqfxnBd0tKcDJMVkw1Njg
What is this file ? Can you find hidden flag ?
Flag format: YUBITSEC{}
1 | $ binwalk File |
Then there is a lot of recursive zip File/Flag/op/Hacker/HackerMan/HackThePlanet/Last.
At the end we have flag.png: {C0MPR3SS10N_1S_G00D}. So the flag is YUBITSEC{C0MPR3SS10N_1S_G00D}.
100 - Easy - Crypto#
Seems like there must be hiding flag, find it!
This is a list of MD5 hashes.
Crack the hashes with https://crackstation.net/ and a text editor replace all feature to go faster.
And then:
1 | $ cat secret.txt| tr -d '\n' |
50 - Gifted - Reverse
1 | $ strings gifted | grep -i yubitsec |
50 - *blushes* - Steganography#
The image looks transparent and has no metadata.
But blushes means get red. So using StegSolve, for example, we can see a QR code in red planes:
Then I used https://webqr.com/ to get the flag: YUBITSEC{hello_nothing_here}.
75 - Broken - Forensics#
HINT: Compare with normal PNGs. You need to add something ? broken.png
Let's check a correct PNG:
1 | $ xxd -l50 indir.png |
And now the broken one:
1 | $ xxd -l50 broken.png |
We can see the broken file lack the first line with the header (magic number) + the first PNG chunck, let's fix this:
1 | $ printf "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52" | cat - broken.png > fixed.png |
Now we have a valid PNG and we can read: YUBITSEC{m4g1c_numb3rs_4r3_c00l}.