RCTF{RootersCTF WriteUps}
Here are the official the write-ups for the challenges presented in Rooters CTF, hosted by Team 1ncogn1to, the CTF team of USICT.
RCTF was a worldwide Free-for-all competition dedicated to InfoSec and CyberSec Community. It was a Jeopardy-type capture the flag competition, held online where participants were presented with questions related to Cryptography, Web Hacking, Forensics, Reverse, Steganography and other various fields of cyber and information security.
Overview:-
URL: http://www.rootersctf.in/ (still online)
Organizer: USICT
Duration: 15 Hrs
Team: 1ncogn1to
Crypto 10: Old Is Gold
Challenge
Decode this: 444–66–333–666–99–7–777–33–7777–7777–444–666–66.
Put the flag in RCTF{}
Solution
Here, Old refers to the old-fashioned basic cell phones and the given encrypted the text contains only repeated decimal numbers. Thus, it seems like the flag is encrypted with an old-fashioned keypad just like it was used to type back then.
444 — I
66 — N
333 — F
666 — O
99 — X
7 — P
777 — R
33 — E
7777 — S
7777 — S
444 — I
666 — O
66 — N
Flag
RCTF{INFOXPRESSION}
Note: Flag is case-insensitive
Crypto 20: Francis Secret
Challenge
Put the flag in RCTF{}
Cipher Text :- “AAAABAAAAAAAABAABBABABBAAAAABAABAAAABBBAAABBBAABAABAAAAABAAABAAABAABBABAAAAAABAAAAAAABAABA”
Solution
Google about Francis Cipher we found ou this link after using this online decoder we found out the flag
Flag
RCTF{BACONCIPHERISGREAT}
Crypto 30: Automate or Die!
Challenge
Try, try and fail, but never fail to try!” Cipher Text
Solution
The given quote suggests repetition and Cipher Text contains a base64 encoded value. So maybe it’s the repeated base64 encryption.
A simple python script can decode it recursively until the flag is obtained.
#!/usr/bin/env python3import base64with open("cipher.txt", 'rb') as f:
flag = f.read()while True:
flag = base64.b64decode(flag)
if flag.decode("utf-8")[0:4] == 'RCTF':
print(flag)
exit()
Flag
RCTF{b@se64_1s_c00l}
Crypto 50: Indecipherable
Challenge
Sometimes what we are looking for is right in front of us. Cipher Text.zip
Cipher File:- Download
Solution
The given file is an encrypted zip file which can be cracked by dictionary attack using a fcrackzip tool.
$fcrackzip -v -D -u -p rockyou.txt cipher_text.zip
Forensics 50: Monitor me
Challenge
Put the flag in RCTF{}
Given File:-Download
Solution
Given file the .pcap file, so after opening in the Wireshark, there is only WPA capture packet so after cracking using aircrack-ng got the key that’s the flag
Flag
RCTF{saras0ta}
Forensics 100: Locate Me!
Challenge
Put the flag in RCTF{}
Given File:- Download
Solution
Given file the .pcap file, so after opening in the Wireshark, we got different types of some TCP, HTTP, and other packets finding the flag using Wireshark data-text-lines contains “flag”
after following the HTTP stream we got the imagem_01.jpg file.
using the foremost tools extract the image
Uploading the jpg image http://exif.regex.info/exif.cgi
Ongoing to the mention co-ordinate it will give the flag
Flag
RCTF{IIha Rata}
Stegano 10: 50 Shades of Stegano
Challenge
You can’t see me!
Solution
Challenge name give the hint that the flag is in the shades. So let’s try the stegsolve. This tool is bascily use the filter to shows the image. This tool is not preinstalled in kali or parrot os. You can download it from Github or from this small script
#!/bin/bash -exwget $java -jar stegsolve.jarttp://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
chmod +x stegsolve.jar
mkdir bin
mv stegsolve.jar bin/$java -jar stegsolve.jar
Flag
RCTF{C0L0URBL1ND}
Stegano 50: M4SS4CR3
Challenge
Ask Elliot Alderson about his password. He might be able to help you.
Solution
$strings image.pngScreenshot at 2019-01-02 17-19-21Screenshot at 2019-01-02 17-20-17
Gives us a view that there is url.tx in the image.
Let’s use binwalk to extract the files.
$binwalk -e image.png
It gives us the url.txt file. Which gives us this Link
To decode the msg we need to find the password. Challenge gives us a hint about the password. Let’s try to find out the Elliots password.
After googling a found a Reddit post. Link
Pass:-M4ss4cr30fth3b0urg3o1s1e
Using this password we got our flag
Flag
RCTF{wubba_lubba_dub_dub}