CTFlearn
Base 2 2 the 6Basic Injection
Binwalk
Character Encoding
Forensics 101
So many 64s
Taking LS
Where Can My Robot Go?
Wikipedia
Base 2 2 the 6
Category: Cryptography
Description
There are so many different ways of encoding and decoding information nowadays… One of them will work!
Q1RGe0ZsYWdneVdhZ2d5UmFnZ3l9
Solution
The title is the answer. 26 = 64, so we’ll try to decode it with Base64 using CyberChef or any other decoder. We get our flag
CTF{FlaggyWaggyRaggy}
Basic Injection
Category: Web
Description
See if you can leak the whole database using what you know about SQL Injections. link.
Solution
To solve this, simply input OR 1=1; # or ' OR 1=1;-- (with a space after double dash). This leaks the database and gives us the answer
Name: fl4g__giv3r
Data: CTFlearn{th4t_is_why_you_n33d_to_sanitiz3_inputs}
Binwalk
Category: Forensics
Description
Here is a file with another file hidden inside it. Can you extract it? https://mega.nz/#!qbpUTYiK!-deNdQJxsQS8bTSMxeUOtpEclCI-zpK7tbJiKV0tXYY
Solution
Downloaded file is an image. Running binwalk --dd='.*' command on the image extracts all files hidden in the .jpeg. One of them is a PNG, containing the flag
ABCTF{b1nw4lk_is_us3ful}
Character Encoding
Category: Cryptography
Description
In the computing industry, standards are established to facilitate information interchanges among American coders. Unfortunately, I’ve made communication a little bit more difficult. Can you figure this one out?
41 42 43 54 46 7B 34 35 43 31 31 5F 31 35 5F 55 35 33 46 55 4C 7D
Solution
Decode the values using CyberChef or any other hex decoder and you get the flag
ABCTF{45C11_15_U53FUL}
Forensics 101
Category: Forensics
Description
Think the flag is somewhere in there. Would you help me find it? https://mega.nz/#!OHohCbTa!wbg60PARf4u6E6juuvK9-aDRe_bgEL937VO01EImM7c
Solution
The downloaded file is a .jpg Minions meme. Running strings command on the file (or opening it with any text editor) reveals our flag
flag{wow!_data_is_cool}
So many 64s
Category: Cryptography
Description
Help! My friend stole my flashdrive that had the flag on it. When he gave it back the flag was changed! Can you help me decrypt it? https://mega.nz/#!OHhUyIqA!H9WxSdG1O7eVcCm0dffggNB0-dBemSpBAXiZ0OXJnLk
Solution
We download a .txt file containing a long string. Each Base64 decode makes the string shorter, so we can try to decode it manually, feeding the output into input using tools like CyberChef or write a simple script to automate the work.
import base64
message = open("flag.txt").read()
# decode if possible, if not - we decoded what we could, just print the message
while True:
try:
message = base64.b64decode(message)
except Exception:
break
print(bytes.decode(message))
We get our flag
ABCTF{pr3tty_b4s1c_r1ght?}
Taking LS
Category: Forensics
Description
Just take the Ls. Check out this zip file and I be the flag will remain hidden. https://mega.nz/#!mCgBjZgB!_FtmAm8s_mpsHr7KWv8GYUzhbThNn0I8cHMBi4fJQp8
Solution
Downloaded file is a .zip archive. Unzip and we can find a folder called The Flag. Enter it, run ls -la command to find .ThePassword directory. Enter again and view ThePassword.txt with help of cat or similar command
Nice Job! The Password is "Im The Flag".
Wrapping the password into our flag format we get
CTFlearn{Im The Flag}
Where Can My Robot Go?
Category: Miscellaneous
Description
Where do robots find what pages are on a website? Hint: What does disallow tell a robot?
Solution
According to Google, robots.txt is a file that blocks search engines from indexing pages and assets on your site. With that knowledge, let’s visit https://ctflearn.com/robots.txt. We can see that page 70r3hnanldfspufdsoifnlds.html is hidden from indexing. Visiting the page gives us our flag
CTFlearn{r0b0ts_4r3_th3_futur3}
Wikipedia
Category: Miscellaneous
Description
Not much to go off here, but it’s all you need: Wikipedia and
128.125.52.138
Solution
As the description says, visit the English version of Wikipedia and search for 128.125.52.138. We see one entry. Inspecting the diff link we notice
In a certain CTF competition, the flag to a certain problem is "cNi76bV2IVERlh97hP".
Wrap it in standard flag format and submit to get the points.
CTFlearn{cNi76bV2IVERlh97hP}