madhusudanlive logo
Stay Zen!

Secarmy CTF 2.0 junior walkthrough - team krypton

Writeups of Secarmy CTF 2.0 junior. it is an entry level CTF in a jeopardy style for beginner to mid level Cyber Security enthusiasts.
Secarmy CTF 2.0 junior walkthrough - team krypton

Secarmy CTF 2.0 is an entry level CTF in a jeopardy style for beginner to mid level Cyber Security enthusiasts, a total of 44 challenges were there and greater than 1500 people had participated, this was not a group event but individual, i ranked 20th in this CTF #krypton.

Here is a walktrough of these challenges, I was able to complete.

Welcome

Welcome challenges were fairly simple and needed to just visit or hit a particular service, there were 3 challenges in this category.

1. Welcome all: This one was the easiest, just had to submit the flag in from the description itself.

screenshot of welcome challenge solution
welcome challenge

2. Netcat: Just doing a netcat with give IP address revealed the flag

screenshot of terminal using nc netcat command to retrieve solution
netcat challenge

flag : secarmy{W3lc0m3_T0_S3c4RmyC7F0x02}

3. Instafamous: This was the very old post from secarmy instagram account, the flag was in the description of post

screenshot of secarmy's instagram post
insta famous challenge

flag : secarmy{w3lc0me_1n$t@\_f@m1ly}

Starters

These challenges were related to concepts like number systems, encryption, etc

1. “16+8”

flag : secarmy{Num3er_sys73m}

we have given two files with numbers in it

73 65 63 61 72 6d 79 7b
--------------------------------------------------------------------
116 165 155 63 145 162 137 163 171 163 67 63 155 175

as the name suggests the first part was hex and the second was octal so doing a simple conversion we got the flag.

2. Die basis

flag : secarmy{fl@g_1s\_\_th3_b@s3}

two files given :

********c2VjYXJteXtmbEBnXzFzXw==*******
**********L52GQM27MJAHGM35*********

the first one was base64 and the second one was base32 encoded

3. Easy capture

flag : secarmy{h3r3_y0u_c@ptur3}

01110011 01100101 01100011 01100001 01110010 01101101 01111001 01111011 01101000 00110011 01110010 00110011 01011111 01111001 00110000 01110101 01011111 01100011 01000000 01110000 01110100 01110101 01110010 00110011 01111101

4. Image

flag : secarmy{th3_im@ge_s4ys_i7_a11}

doing a simple zsteg revealed the flag

a meme on image steganography
image steganography challenge

5. Th3 G1f7

flag : secarmy{h3re_1s_th3_g1ft}

same thing again the flag was revealed by a zsteg

an image of gift box
streganography | zsteg

Forensics

These challenges were mix of steganography, exif data, file headers, and others to illustrate the concepts in basically digital forensics.

1. its all in your head

flag : secarmy{h3ad3rs_t3ll_a_l0t}

a corrupted png file was given , i tried hexdump but the magic bytes were different from png so i changed them with hexedit which revealed the flag.

photo of flag surrounded by multiple green rectangles
incorrect headers of PNG file

2. secret

flag : secarmy{ain’t_visible?}

a pdf with a username and a password hidden by asterisks after using pdftotext tool the flag was found

3. the confusion

flag : secarmy{WA3_I7_s0_c0nfu3ing}

flag was split and hidden in two images the first part was ROT13 and second was ROT47

3. the bin

flag : secarmy{PAST3_B1N_H@S_S0LUT10N}

here you have the flag :

61 48 52 30 63 48 4d 36 4c 79 39 77 59 58 4e 30 5a 57 4a 70 62 69 35 6a 62 32 30 76 54 45 30 35 63 57 56 33 64 57 6b 3d
--------------------------------------------------------------------
61 48 52 30 63 48 4d 36 4c 79 39 77 59 58 4e 30 5a 57 4a 70 62 69 35 6a 62 32 30 76 57 6d 52 71 54 6a 6

hex to text conversion gave two links of pastebin out of which the second one was working flag

4. Save them

flag : secarmy{PAST3_B1N_H@S_S0LUT10N}

Binary / Reversing

1. Stringy flag : secarmy{l00k_a7_th3_str1ng5!!}

as the name suggests i did strings on the elf which gave me some weird strings c2VjYXJtH eXtsMDBrH X2E3X3RoH M19zdHIxH bmc1ISF9H i tried base64 but it didn't worked then i removed the H at the end and it gave me flag

2. Smash it

flag : secarmy{sm@sh1ng_st@ck_1s_t00_much_fun}

here’s the binary

screenshot of a disassembled binary file
reversing binaries | Smash It

3. F-L-A-S-H flag: secarmy{7h1s_w45_345y_p34zy}

here’s the binary

screenshot of a disassembled binary with flag
reversing binaries | FLASH

4. backyard cow

flag : secarmy{d0y0u_l1k3_c0w_languag3\_\_\_?}

here’s the binary

on reversing it with radare2 gave me a link to google drive file which has moo written everywhere, then i decoded it with cow interpreter

screenshot of disassembled binary with cow esoteric language
reversing binaries | backyard cow

web

web challenges were easy one’s the flag’s were in source code, all are captured without using any other tool or intercepting.

1. prizes flag : secarmy{s0urc3_i5_n3ces5ary}

2. web_salad flag : secarmy{w3b_buck3t_3nc0un7er3d}

3. Cookie Bank

flag : secarmy{the\_$hy_c00kie_w1th1n}

4. silly mangolian 2.0

flag : secarmy{why*1s_th1s_m0ng0li@n*$uch\_@_f00l}

Prev article Interface Dot Matrix Display with Arduino: Code & Connections

photo of Madhusudan Babar
Say Hello

Thanks for visiting my site, if you have any questions or just want to say hello, feel free to reach out to me. You can also mail me directly at krypton@madhusudan.live