RITSEC CTF 2019 CHALLENGES [WRITEUPS] | November 18, 2019

RITSEC CTF 2019

 

 

CHALLENGE

 

SOLUTION

they given an image by this hint "Artist" i took look at EXIF DATA :

the " user comment " contain base64 , after decryption :

EVGFRP{SBERAFVPF_SNVYF_JBAG_URYC_LBH_URER}

 the flag encoded with caesar cipher 

, so 

FLAG : RITSEC{FORENSICS_FAILS_WONT_HELP_YOU_HERE}

 

 CHALLENGE

 SOLUTION

 

the seconde challenge there's two methods to solve it , let's take the easy one

after downloading the pcapc i opened it with wireshark  :

 

the packet contain 2 base64 encoded i decrypt it  , the decryption has a gz archive so let's  compile the archive:

https://base64.guru/converter/decode/file

 

 

file name chromebin by using binwalk tool for extracting the embedded files , given chrome folder and 0.tar file after seeing these i assumed that's google chrome backup , in the description they want us to check the history , so the path is : /Chrome/User Data/Default/history

using some databases reader 

 

RITSEC{SP00KY_BR0WS3R_H1ST0RY}

they said "Favorite" so opened Bookmarks file and when i look at names values it's contain familiar words , so using this command 

cat Bookmarks | grep 'name"' | cut -d':' -f 2 | tr -d '^ *,"\n\r'

i got

RITSEC{CHR0M3_BM_FTW}

 

----------------------------------------------

 

CHALLENGE

 

SOLUTION 

they given a large file with multiple base encoded ciphertext : base64/base16/base32 encoded a lot of times , i wrote this script :

```

#!/usr/bin/env

python import sys

import base64

def base64randomde():

flag = open('onionlayerencoding', 'r').read()

while "RITSEC" not in str(flag):

try: flag = base64.b16decode(flag)

except TypeError: try:

flag = base64.b32decode(flag)

except TypeError: try:

flag = base64.b64decode(flag)

except TypeError: break

print(flag)

print(base64randomde()) 

```

 flag : RITSEC{0n1On_L4y3R}

 

CHALLENGE

 

SOLUTION

 

by just removing <region>  part :

http://bucketsoffun-ctf.s3.amazonaws.com/

i got error page contained "youfoundme-asd897kjm.txt"

FLAG : RITSEC{LIST_HIDDEN_FILES}

i wanted to complete the CTF but i was busy and my team also

#0v3n_Sh3ll ❤

Written on November 18, 2019