Call 1 (201) 549-9007 (US) | +91 - 931-062-4042 (WhatsApp) Email: [email protected]

c4ptur3-th3-fl4g (CTF challenge)

This c4ptur3-th3-fl4g blog is totally based on encryption and decryption specifically to strengthen the confidentiality pillar of CIA Triad. For each question, we need to find the flag and summit. This CTF has 4-tasks as translation &shifting, spectrograms, steganography, and security through obscurity.

TASK—1 Translate, shift and decode .

This task required the challenger to perform a translation or shift certain ciphers such as ROT47, Morse code, ROT13, Base32, etc.

Question 1: c4n y0u c4p7u23 7h3 f149?

Solution:-- It’s not a hash to decode it simply changed some characters to digits which mean the same thing.

According to ques, it’s a leet code so now we use ‘Leet to text converter’.

STEP 1- Convert LEET font to ASCII.

FLAG: Can you c4ptur3-th3-fl4g?

Question2: 01101100 01100101 01110100 01110011 00100000 01110100 01110010 01111001 00100000 01110011 01101111 01101101 01100101 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110101 01110100 00100001

Solution:-- When I see 0 and 1 then I identified it as ‘binary language’.

But if you are not able to understand then follow these steps --

STEP 1- First you need to identify the format of language, then search converter according to requirements. By using any online cipher identifier like “cyberchef” . (Cyberchef it’s an online decoder and cipher identifier)

STEP 2- Convert Binary to ASCII.

FLAG: let's try some binary out!

Question3: MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM======

Solution:-- If I can see the ‘=’ sign at the end it gives us a clue that it is indeed base encoded. But which base? It may be Base32,64,58 etc . To identify the correct one use any ‘base’ identifier.

STEP 1- Use cyberchef to identify the base.

STEP 2- Then convert it to a readable format (TEXT).

STEP 3-Now we know it’s a base32 code, then any online BASE32 decoder.

FLAG:base32 is super common in CTF’s

Question4: RWFjaCBCYXNlNjQgZGlnaXQgcmVwcmVzZW50cyBleGFjdGx5IDYgYml0cyBvZiBkYXRhLg==

Solution:-- Similarly it also contains the ‘=’ sign, so it’s also a base code but to identify the correct one I use the same online tool ‘cyberchef.

STEP 1- Use cyberchef to identify the base.

STEP 2- Then convert it to a readable format (TEXT).

STEP 3-Now we know it’s a base64 code, then any online BASE64 decoder.

FLAG: Each Based64 digit represents exactly 6 bits of data.

Question 5: 68 65 78 61 64 65 63 69 6d 61 6c 20 6f 72 20 62 61 73 65 31 36 3f

Solution:-- The given hash is a ‘hex format’.

STEP 1- So we can use any online ‘HEX to ASCII’ converter to decode the hash format into a text.

FLAG: hexadecimal or base16?

Question 6: Ebgngr Zr 13 cynprf!

Solution:-- Now I really don’t know what is it so I follow these steps--

STEP 1- First I need to identify the format of language, use any online cipher identifier to identify the correct cipher format.

STEP 2- Then convert it to a readable format (TEXT).

STEP 3- By using cyberchef able to identify it’s a ‘Rot13’ hash, So we can use any online ‘Rot13’ decoder to decode it.

FLAG: Rotate me 13 places!

Question 7: *@F DA:? >6 C:89E [email protected]?5 323J C:89E [email protected]?5 Wcf E:>6DX

Solution:-- Now I really don’t know what is it so I follow these steps--

STEP 1- First I need to identify the format of language, use any online cipher identifier to identify the correct cipher format.

STEP 2- Then convert it to a readable format (TEXT).

STEP 3- By using cyberchef able to identify it’s a ‘Rot47’ hash, So we can use any online ‘Rot47’ decoder to decode it.

FLAG :You spin me right round baby right round (47 times)

Question 8: - . .-.. . -.-. --- -- -- ..- -. .. -.-. .- - .. --- -.

. -. -.-. --- -.. .. -. --.

Solution:--

STEP 1- First you need to identify the format of language, then search converter according to requirements.

STEP 2- Then convert it to a readable format (TEXT).

STEP 3- Convert MORSE CODE to TEXT.

FLAG :TELECOMMUNICATIONENCODING

Question 9: 85 110 112 97 99 107 32 116 104 105 115 32 66 67 68

Solution:--

STEP 1- First you need to identify the format of language, then search converter according to requirements.

STEP 2- Then convert it to a readable format (TEXT).

STEP 3- Convert DECIMAL to TEXT.

FLAG: Unpack this BCD

Question 10: …………………..LS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0=

NOTE: It contains the ‘=’ sign at last so I use base64 and start cracking it.

Due to the length of the hash, it looks like the hash is encoded multiple times to get an answer.

Solution: Follow this pattern to solve it.

Base64 > Morse code > Binary > Unicode code Points > text

FLAG : Let’s make this a bit trickier…

TASK—2 Spectrograms

The spectrogram is “a visual representation of the spectrum of frequencies of a signal as it varies with time. When applied to an audio signal, spectrograms are sometimes called sonographs , voiceprints, or voicegrams.”

Question: In an audio clip given by the admin, we try to find the hidden message.

Solution:-- I know it’s a spectrogram then we use any spectrogram analyzer tool like ‘audacity’ (It’s also in hint). Also used an online tool like “Spectrum Analyzer” etc.

STEP 1- Read the question carefully and then download the clip.

STEP 2- I used the “Spectrum Analyzer” online tool to decode the clip and find the hidden content.

As you can see, it now displays the flag.

FLAG: Super secret Message.

TASK—3 Steoganography

Steganography is “ the process of hiding a message or file within another message or file “ .

Question: An image given by the admin, we try to find the hidden message.

Solution:--

STEP 1- Read the question carefully and then download the clip.

STEP 2-After downloading the ‘jpg’ file. I used the “Steghide” tool to find the hidden content.

NOTE:-- Don’t need to enter any passphrase just hit Enter key because jpg file doesn’t contain any password.

STEP 3- use “cat” command to read the hidden message.

FLAG: Spaghettisteg.

TASK—4 Security through obscurity .

“Security through obscurity is the reliance in security engineering on the secrecy of the design or implementation as the main method of providing security for a system or component of a system.”

It’s the last task of this challenge, in this task I opened up the file in the text editor, scroll to the bottom, and found the two flags in plaintext.

Question 1: Download and get 'inside' the file. What is the first filename & extension?

Solution :

STEP 1: Download the file and then change the format “jpg to txt” .

STEP 2: After that open the “txt” file on any edit-editor.

STEP 3: Try to find hidden msg .(file format).

FLAG 1:hackerchat.png.

Question 2: Get inside the archive and inspect the file carefully. Find the hidden text.

Solution:

FLAG 2:” AHH_YOU_FOUND_ME!

Conclusion :

In this c4ptur3-th3-fl4g, we learned practically how to extract and hide data by using Stenography, spectrogram, and security through obscurity techniques.

Stay tuned for more Interesting Challenges.

AUTHOR:
Abhishek Sharma
Cyber Security Intern

SHARE

8 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

X