Skip to main content

Syskron Security CTF 2020 - Writeup



This blog post includes the writeup for the following questions:

 

Trivia

Vulnerable RTOS

Deadly Malware

Check Digit

 

Monday

Redacted News

Security Headers

 

Tuesday

Leak Audit

 

 

Firstly a big thanks to my teammate Ziphendal for solving the majority of these.

 

 

Vulnerable RTOS

 

The first google search reveals the answer for this one.

 

So the flag for this is syskronCTF{URGENT/11}

 

 

 

Deadly Malware



 

Googling the question leads me to an article by stormshield which contains the answer.




 

So the flag for it is syskronCTF{Triton}

 

 

 

 

 

Check Digit



 

Google directed me to this article on codeproject which explains about how check digit which is used for the verification of several types of numbers. So the hint was already there in the question. Then I searched about its ISO number of the official site of International Organization for Standardization and found it here.

 

The flag is syskronCTF{ISO/IEC 7812}

 

 



 

Redacted News

 

You can solve this one with the help of stegsolve.jar. The link for it is given here.




 

The flag for this one is syskronCTF{d0-Y0u-UNdEr5TaND-C2eCh?}

 

 

 

Security Headers



 

The question points towards the header for the given website. So I used curl to take a look at them and found the flag there.




 

The flag is syskronCTF{y0u-f0und-a-header-flag}

 

 

Leak Audit




The first step was obviously to extract the required content which can be done with the unzip command. Then I used sqlite3 to query the given database. So I opened the given database with sqlite3 and proceeded on. First I checked the no. of tables inside the file with the .tables command. There was only one named personal. With that out of the way I took a look at the table and also its schema with the following commands: Select * from personal

.schema personal

 

Then I solved the questions as follows:

Q - How many employee records are in the file?

A - select count(number) from personal;

376

 

Q - Are there any employees that use the same password?

A - select password, count(password) from personal group by password having count(password) > 1;

mah6geiVoo

 

Q - How many passwords are protected with bcrypt?

A - For this one I printed the whole table and counted them manually. I didn’t expected it to work and was already finding the proper steps for this but miraculously it did worked.

21

 

Finally the flag for this one is syskronCTF{376_mah6geiVoo_21}

Comments

Popular posts from this blog

Hacktober CTF - Writeup

  HACKTOBER CTF   This post contains the writeups for: l  Crypto n  Hail Caesar n  Down The Wrong Path l  Forensics n  Captured Memories n  Amcaching In n  Prefetch Perfection n  Prefetch Perfection 2 l  Linux n  Talking to the dead 1 n  Talking to the dead 2 l  Programming n  Message in an array n  Trick or treat l  Steganography n  You believe in ghosts n  Start digging n  Blasphemy   1 OSINT         n Creeping 1        n  Creeping 2         n Creeping 3         n Past Attacks       Hail Caesar In this question we have to decrypt TGG KUSJWV QGM and the question gives us a hint that its a caesar cipher. Although we don’t know the key but we really don’t need one for this. Loading it up in dcode gives us the answer as BOO SCARED YOU   And thus the flag is flag{ BOO...

RESTCON CTF

CTFtime   RESTCON CTF   This blog post consists of writeups for :- Basic Basic : 1 Basic : 2 Broken Garbage OSINT The Discovery   Forensic Magic : 1 Dance Monkey   BASIC   Basic : 1 Solution: You just have to take the mirror image of the given string. Flag: RESTCON{RESTCON_FLAG}     Basic : 2 Solution: The equal sign at the end signifies that it has been encrypted using base. So I used CyberChef to convert it using base64. Flag: RESTCON{RESTCON_2ND_BASIC_FLAG}     Broken Solution: The flag was just an inspect away Flag: RESTCON{H1DD3N}     Garbage Solution: A simple strings of the file returned the flag Flag: RESTCON{GR3P_7HE_FL4G}       OSINT The Discovery Solution: I used google search as my first step towards OSINT and found that the given image is of venetian hotel macau room. Then I googled its CEO and found his name on the wikipedia page. Flag: RESTCON{Sheldon_Adelson}       FORENSIC Magic : 1 Sol...