Skip to main content

Syskron Security CTF 2020 - Writeup



This blog post includes the writeup for the following questions:

 

Trivia

Vulnerable RTOS

Deadly Malware

Check Digit

 

Monday

Redacted News

Security Headers

 

Tuesday

Leak Audit

 

 

Firstly a big thanks to my teammate Ziphendal for solving the majority of these.

 

 

Vulnerable RTOS

 

The first google search reveals the answer for this one.

 

So the flag for this is syskronCTF{URGENT/11}

 

 

 

Deadly Malware



 

Googling the question leads me to an article by stormshield which contains the answer.




 

So the flag for it is syskronCTF{Triton}

 

 

 

 

 

Check Digit



 

Google directed me to this article on codeproject which explains about how check digit which is used for the verification of several types of numbers. So the hint was already there in the question. Then I searched about its ISO number of the official site of International Organization for Standardization and found it here.

 

The flag is syskronCTF{ISO/IEC 7812}

 

 



 

Redacted News

 

You can solve this one with the help of stegsolve.jar. The link for it is given here.




 

The flag for this one is syskronCTF{d0-Y0u-UNdEr5TaND-C2eCh?}

 

 

 

Security Headers



 

The question points towards the header for the given website. So I used curl to take a look at them and found the flag there.




 

The flag is syskronCTF{y0u-f0und-a-header-flag}

 

 

Leak Audit




The first step was obviously to extract the required content which can be done with the unzip command. Then I used sqlite3 to query the given database. So I opened the given database with sqlite3 and proceeded on. First I checked the no. of tables inside the file with the .tables command. There was only one named personal. With that out of the way I took a look at the table and also its schema with the following commands: Select * from personal

.schema personal

 

Then I solved the questions as follows:

Q - How many employee records are in the file?

A - select count(number) from personal;

376

 

Q - Are there any employees that use the same password?

A - select password, count(password) from personal group by password having count(password) > 1;

mah6geiVoo

 

Q - How many passwords are protected with bcrypt?

A - For this one I printed the whole table and counted them manually. I didn’t expected it to work and was already finding the proper steps for this but miraculously it did worked.

21

 

Finally the flag for this one is syskronCTF{376_mah6geiVoo_21}

Labels:

Comments

Post a Comment

Popular posts from this blog

C4ptur3-th3-fl4g Walkthrough

TryHackMe c4ptur3-th3-fl4g Walkthrough Task - 1 Translation and Shifting Question 1 -  c4n y0u c4p7u23 7h3 f149? Solution -  This one's quite simple. This is called leet in which the text is written with modified spellings with the help of numbers in place of some characters. The answer for this one is - can you capture the flag? Question 2 -  01101100 01100101 01110100 01110011 00100000 01110100 01110010 01111001 00100000 01110011 01101111 01101101 01100101 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110101 01110100 00100001 Solution -  This is written in binary as you can see that every set of 1's and 0's (separated by space) is a string of 8 numbers. So you can use any online resource such as  rapidtables  to convert binary to ascii. The answer for this is -  lets try some binary out! Question 3 -  MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM====== HINT :  Hav...
Post a Comment
Read more

Hacktober CTF - Writeup

  HACKTOBER CTF   This post contains the writeups for: l  Crypto n  Hail Caesar n  Down The Wrong Path l  Forensics n  Captured Memories n  Amcaching In n  Prefetch Perfection n  Prefetch Perfection 2 l  Linux n  Talking to the dead 1 n  Talking to the dead 2 l  Programming n  Message in an array n  Trick or treat l  Steganography n  You believe in ghosts n  Start digging n  Blasphemy   1 OSINT         n Creeping 1        n  Creeping 2         n Creeping 3         n Past Attacks       Hail Caesar In this question we have to decrypt TGG KUSJWV QGM and the question gives us a hint that its a caesar cipher. Although we don’t know the key but we really don’t need one for this. Loading it up in dcode gives us the answer as BOO SCARED YOU   And thus the flag is flag{ BOO...
2 comments
Read more

Krypton Walkthrough

Krypton Walkthrough Level 1 >> Level 2 Level 2 >> Level 3 Level 3 >> Level 4 Level 4 >> Level 5 Level 5 >> Level 6 Level 6 >> Level 7 Level 1 >> Level 2 Hint Read the question carefully. Solution 1. SSH into the server with username as krypton1 and password as KRYPTONISGREAT $ ssh krypton1@krypton.labs.overthewire.org -p 2231 2. The next step is to find the file upon which we'll be practising. This information is provided in the previous level. So lets hop onto the location. $ cd /krypton/ $ ls $ cd krypton1 3. Reading the README file gives us the answer to try skipping that and directly cat the other file $ cat krypton2 OUTPUT: YRIRY GJB CNFFJBEQ EBGGRA 4. With practice you'll be able to recognize this cipher. Also you can use an online service called boxentriq for recognizing the cipher. It'll also help you in breaking it. As of now the cipher is rot13 which is a caesar cipher with key as 13. The way rot13 works is that it adds 13...
Post a Comment
Read more