Hack@10 2021 Writeup
Last updated
Last updated
Final scoreboard of the CTF
924<`_LbKA+0=b>_?0dBFbbKJN .
Input the string on Cyberchef to decode it using ROT47
And yeah we got the flag! Ez! hack10{3zpZ_l3m0n_5qu33zy}
At first we try to find hidden sheet, which is Sheet 2 and 3 but
That is not the flag :( so we proceed with trying to extract the data from the xlsx file since we know that xlsx is just a zip compressed file. We can do this with the binwalk command _binwalk --_dd='.*' file.
Then proceed to unzip the remaining files.
After that, we can try to grep the strings on the directory with the flag format by using command grep -R 'string' dir/ . Although we can only grep the fake flag, we also see a base64 text in the one of the file from the directory.
Decode the string from base 64 and we get the flag.
hack10{4h_lov3ly_ch33s3c4k3}
😤🤟 First blood! Sheeesh!
I am not sure if this is the intended solution but after downloading the powerflag.pttm file. We treated this challenge the same as the cheesecake challenge. Proceed to extract data from the file with _binwalk --_dd='.*' file
After unzipping the remaining file, we can see lots of images in one of the folders.
From image60.png, we got our flag.
hack10{p0w3rup_ur_p0w3rp01n7}
Hint: “143 word to open my heart” and “The art of hiding is part of love”
After scanning the QR code, we got ''I Love You'' so that is our secret key, then we use steghide because of the hint “The art of hiding is part of love” and yes, we love steganography!
Let’s help him solve his brokenheart issue!\
$ steghide extract -sf brokenheart.jpg
Enter Passphrase: ILoveYou
But the QR code is unlikely to be readable, so we re-draw it using qrazybox
and finally we got a readable QR code! And let’s extract the data from the QR code!!!
hack10{br0k3n_QR_c4n_b3_f1x3d_n0t_br0k3nH34rT}
Legends believe that the author still heart broken 💔
Let’s try binwalk for this picture $ binwalk --dd='.*' matabatin.jpg
And sheeeeesh! A flag :) hack10{4s_aBov3_5o_Bel0w}
For this challenge, we get an mp3 file with scratchy noise. Just use Sonic Visualiser > add Spectrogram > set Window 256
hack10{1m_t1R3d_0f_Mc0_jkjk} Easyyyyyy Peasy!\
Let’s just decode it. It’s a Tic-Tac-Toe! We then proceed to decode the symbols here
hack10{TICKITYTACKITYTOE}
From this question, we got PiedPiper jpg file
Since we didn't know what type of cipher it is, we proceed to reverse search the image using Yandex. From one of the results, we manage to find out that it is a Pig Pen cipher.
Then, we decode the cipher using dcode.fr and manage to get ‘avadakedavra’ as an output.
As it is not a flag, we tried to extract more data from the original image using binwalk.
From the extracted data, we got a zip file that requires a password. Proceed to enter ‘avadakedavra’ from the decoded cipher as the password.
And we managed to get the flag file.
We got a pcapng file and opened it in wireshark. Filtering with http, we could see that the user was accessing a website at http://192.168.175.123:9001.
Right click on one of the packets and click on follow tcp stream, we can see the host and source code of the website the user accessed.
Proceed to save the source code into a file such as neighbour.html and open it one a browser. It seems that the page is not working.
Based on the console error, we need to change the location.origin into an ip address and port such as http://192.168.175.128:9001 .
Open the html file again and we can see a website with a drawing function using the mouse.
Based on the source code, we know that the website was made of html canvas, websocket and nodejs. After learning how to create the page from this website , we know that the websocket was used to send the coordinate of the user's mouse to the server. By using the ‘websocket’ filter on wireshark, we were able to see the mouse coordinate sent to the websocket server.
From this writeup, we learn to dump the websocket data by using tshark.
$ tshark -r neighbour.pcapng -Y websocket.payload -E occurrence=l -T fields -e text
Then, we used this website to map out the mouse coordinates.
hack10{why_chu_spy_0n_m3???}
Credits to write ups and site for idea:
After downloading the Odyssey.ova file, we tried to open it using vmware but failed. Then, we proceed to use Virtual Box Oracle. However, it seems to be stuck at the booting process with multiple errors.
After trying to change the settings of the image file for a couple of hours, we noticed that it uses Genymotion Startup while trying to boot.
After some googling, we found out that we can use Genymotion alongside Virtual Box to boot android devices. We downloaded Genymotion and registered for the free account. Opening the app, it recognized our already installed Google Pixel XL device from Virtual Box and we just start it to successfully boot it.
After booting, we get a home screen same as most Android devices. We proceed to check the common places such as gallery, audio, and email.
Then proceed to open Amaze application also known as a file manager and saw a file named flag1 in the device directory.
Inside the file we got the flag.
hack10{Gl4d_t0_S33_yOu_hEr3}
In this challenge, we open the ES Explorer and use the storage analyze feature to check for any weird or recently created file.
From one of the recently created files, we got several redundant flag files.
We noticed the flag069.bin file(nice) and opened it. Inside we get the second flag.
hack10{W3lc0me_T0_m03b1lE_f0ren5iC}
Opening the Messaging app of the device, we get to see several conversations that seem to lead to the third flag.
Opening the link leads us to a dropbox file that stores a file artifact.docx . It seems blank, we downloaded the file to explore the content of the docx.
We highlighted the whole docx using Ctrl + A and chose the red colour. It seems like someone tried to hide these texts. Although it looks gibberish, we managed to extract a readable flag at the end of some paragraphs and combine it to form a flag.
hack10{tH3_unKn0WN_Of_ThE_L0nG_lO5T_4RT1f4ct5}
