CyberYoddha CTF Writeup

I played this CTF as a solo player and i finished 84th/727 teams. It was great fun participating in this CTF. Let’s see how I solved some challenges.

WELCOME

Welcome

Type “?flag” in the discord server, carlbot would DM you the flag.

FLAG: CYCTF{W3lc0m3_t0_Cyb3rY0ddh@_CTF_2020!}

TRIVIA

Trivia 1

FLAG: Linus Torvalds

Trivia 2

FLAG:Gary Kildall

Trivia 3

FLAG: Yahoo

Trivia 4

FLAG: Honeypot

Trivia 5

FLAG: Shoulder Surfing

Trivia 6

FLAG: Logic Bomb

Trivia 7

FLAG: System File Checker

Trivia 8

LOGO:

FLAG: Haskell

SHEBANG

Shebang0

As the challenge description says we have to connect to the server via ssh for solving these challenges.

1
2
3
1. "ssh shebang1@cyberyoddha.baycyber.net -p 1337"" with password shebang0.
2. "ls -al" reveals flag.txt.
3. "cat .flag.txt" gives you the flag.

FLAG: CYCTF{w3ll_1_gu3$$_b@sh_1s_e@zy}

Shebang1

1
2
3
1. "ssh shebang1@cyberyoddha.baycyber.net -p 1337" with password [previous Flag].
2. "ls" reveals flag.txt, but cat flag.txt shows a lot of garbage output.
3. "cat flag.txt | grep 'CYCTF'" gives you the flag.

FLAG: CYCTF{w3ll_1_gu3$$_y0u_kn0w_h0w_t0_gr3p}

Shebang2

1
2
3
1. "ssh shebang2@cyberyoddha.baycyber.net -p 1337" with password [previous Flag].
2. "ls" reveals a ton of files.
3. "grep "CYCTF" -R {" gets the flag (grep with -R does a recursive search of all files in directory).

FLAG: CYCTF{W0w_th@t$_@_l0t_0f_f1l3s}

Shebang3

1
2
3
1. "ssh shebang3@cyberyoddha.baycyber.net -p 1337" with password [previous Flag].
2. "ls" and cat reveals 2 large similar files...
3. "diff file.txt file2.txt" reveals the FLAG.

FLAG: CYCTF{SPOT_TH3_D1FF}

Shebang4

1
2
3
4
1. "ssh shebang3@cyberyoddha.baycyber.net -p 1337" with password [previous Flag].
2. "ls" reveals that the flag is a png file.
3. "scp -P 1337 shebang4@cyberyoddha.baycyber.net:flag.png ./" allows you to copy file over ssh.
4. opening "flag.png" reveals FLAG.

FLAG: CYCTF{W3ll_1_gu3$$_th@t_w@s_actually_easy}

WEB EXPLOITATION

Look Closely

On opening the link we got:

On searching for “cyctf” on the source page i got the flag.

FLAG: CYCTF{1nSp3t_eL3M3nt?}

Disallow

On visiting link i was presented with this page:

So challenge name is Disallow so the first thought that comes to mind is to search for the robots.txt file. ( robots.txt file contain disallow feature)

Got the flag by opening the link found in robots.txt.

FLAG: CYCTF{d33r0b0t$_r_sUp3r10r}

Data Store

On Visiting the link we are presented with a Login Page.

First thing i tried is default username and password like “Admin:Password” this didn’t work
the second thing that came to my mind is SQL Injection so i started trying SQLi Payloads and
the “admin ‘ OR 1 – -“ got me logged in.

On the next page i got the flag.

FLAG: CYCTF{1_l0v3_$q1i}

Something Sw33t

On visiting the link i got this page:

After checking the source code i found nothing. Then i looked at the cookies for this webpage and found a intresting cookie named “don’t look here”.

On inspecting the cookie i came to know that it is a flask cookie so i used a “flask-unsign” a tool which decodes the flask cookies. On decoding the cookie i found a bunch of base4 encoded strings.

On decoding these base64 encoded strings i got the flag.

FLAG: CYCTF{0k_1_see_you_maybe_you_are_smart}

Data Store 2

On visiting the link i got the same login page as the Data Store challenge

This time a file was provided on reading which i got to know that this the username field is sanitised and thus cannot be used for SQLi.

Using the same payload used in previous challenge in the password field got me logged in.
On the next page i got the flag.

FLAG: CYCTF{S@n1t1ze_@11_U$3R_1npu7$}

Data Store 3

On visiting the link i got a login page with a single password field

Using the payload “‘=0–+” in the password field got me logged in.

On the next page i got the Flag.

FLAG: CYCTF{D0n7_M@k3_D3bug_Publ1c}

CRYPTO

Beware the Idles of March

It looks like a rotation cipher so put the string “JFJAM{j@3$@y_j!wo3y}” in cyberchef and applied Rotation,on the rotation of 19 got the flag.

FLAG: CYCTF{c@3$@r_c!ph3r}

Home Base

Put the string in cyberchef and converted it From Hex > Base 32 > Base 64 > Base 85, and got the flag.

FLAG: CYCTF{it5_@_H0m3_2un!}

Sus

The Hint gives the idea that it can be vigenere cipher so i put the string “ooflgqofllcedopwvtnhyacwllhehdl” in cyberchef and used vigenere decoder and got the flag. Key is SALAD but you can just do auto decryption at dcode.fr to get “wouldyoulikesomevinegarwiththat”.

FLAG: CYCTF{wouldyoulikesomevinegarwiththat}

Rak 1

The Hint tells that it is an Advanced encryption, so in cyberchef i tried AES decode and got the flag.

  • Cipher Text = “df 48 b8 6e 14 87 f6 8b a8 9c 2c c8 d3 2b ec 73 06 01 0a 01 e2 75 26 fe 38 d5 67 59 e6 55 33 b2 aa e0 2d 67 34 48 7d 52 8a 18 0d 36 d7 f2 18 8f”
  • Key = “B55D3CE3183E06928 BA82F8980B661A30A 6C4B2BA499062CF6A 31EB1CD581E55”
  • IV = “00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f”

FLAG: CYCTF{wh0_kn3w_yU0_w3r3_sO_sm@r7}

MISC

Lorem Ipsum

I compared the given text with original Lorem ipsum text and found that there are some words which are extra in the given text. So After comparing the whole text i got cyctflatiniscool which is our flag.

FLAG: cyctf{latiniscool}

FORENSICS

Image Viewer

Used Exiftool on the image and got the flag.

FLAG: CYCTF{h3h3h3_1m@g3_M3t@d@t@_v13w3r_ICU}

The row beneath

1
Used "Strings plan.png | grep "CYCTF" and got the flag.

FLAG: CYCTF{L00k_1n_th3_h3x_13h54d56}

What’s the password?

Used “steghide extract -sf sudo.jpg” with “sudo” as password to get flag.

FLAG: CYCTF{U$3_sud0_t0_achi3v3_y0ur_dr3@m$!}

Flag delivery

Replaced characters with . and - since it is morse code, used morse decoder and got the flag.

FLAG: CYCTF{R3@D_B3TW33N_TH3_L1N3S}

Flag delivery 2

The challenge gave us a corrupted file and on opening it in the hex editor i got to know that it is a png file, so i fixed the wrong header and the data part.


I got the flag after exporting the file from hex editor.

FLAG: CYCTF{Br0k3n_1m@g3s_@r3_@_p@1n_1n_th3_b@ck}

Steg 2

I used stegsolve and changed the colour plane found the flag in Red Plane 1.

FLAG: CYCTF{l$b_st3g@n0gr@phy_f0r_th3_w1n}

Steg Ultimate

First i used steghide to extract a text file embedded in given image.

The embedded file gave a link which gave us base64 encoded strings.

When i converted the base64 encoded string to file with a online decoder i got the flag.

FLAG: CYCTF{2_f0r_th3_pr1c3_0f_1_b64}

REVERSE ENGINEERING

Password 1

Challenge provides the following code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import random

def checkPassword(password):
    if(len(password) != 43):
      return False
    if(password[26] == 'r' and 
      password[33] == 't' and 
      password[32] == '3' and 
      password[16] == '3' and 
      password[4] == 'F' and 
      password[21] == 'r' and 
      password[38] == '1' and 
      password[18] == 'c' and 
      password[22] == '@' and 
      password[31] == 'g' and 
      password[7] == 'u' and 
      password[0] == 'C' and 
      password[6] == 'p' and 
      password[39] == '3' and 
      password[3] == 'T' and 
      password[25] == '3' and 
      password[29] == 't' and 
      password[42] == '}' and 
      password[12] == 'g' and 
      password[23] == 'c' and 
      password[30] == '0' and 
      password[40] == '3' and 
      password[28] == '_' and 
      password[20] == '@' and 
      password[27] == '$' and 
      password[17] == '_' and 
      password[35] == '3' and 
      password[8] == '7' and 
      password[24] == 't' and 
      password[41] == '7' and 
      password[13] == '_' and 
      password[5] == '{' and 
      password[2] == 'C' and 
      password[11] == 'n' and 
      password[9] == '7' and 
      password[15] == 'h' and 
      password[34] == 'h' and 
      password[1] == 'Y' and 
      password[10] == '1' and 
      password[37] == '_' and 
      password[14] == 't' and 
      password[36] == 'r' and 
      password[19] == 'h'):
      return True
    return False

password = input("Enter password: ")
if(checkPassword(password)):
  print("PASSWORD ACCEPTED\n")
else:
  print("PASSWORD DENIED\n")

I changed the code to the following code and got the flag.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
password=['a']*43
password[26] = 'r'
password[33] = 't'
password[32] = '3'
password[16] = '3'  
password[4] = 'F'  
password[21] = 'r' 
password[38] = '1'  
password[18] = 'c'  
password[22] = '@'  
password[31] = 'g'  
password[7] = 'u'  
password[0] = 'C'  
password[6] = 'p'  
password[39] = '3'  
password[3] = 'T'  
password[25] = '3'  
password[29] = 't'  
password[42] = '}'  
password[12] = 'g'  
password[23] = 'c'  
password[30] = '0'  
password[40] = '3'  
password[28] = '_'  
password[20] = '@'  
password[27] = '$'  
password[17] = '_'  
password[35] = '3'  
password[8] = '7'  
password[24] = 't'  
password[41] = '7'  
password[13] = '_'  
password[5] = '{'  
password[2] = 'C'  
password[11] = 'n'  
password[9] = '7'  
password[15] = 'h'  
password[34] = 'h'  
password[1] = 'Y'  
password[10] = '1'  
password[37] = '_'  
password[14] = 't'  
password[36] = 'r'  
password[19] = 'h'
print(password)
for char in password:
    print(char, end="")

FLAG: CYCTF{pu771ng_th3_ch@r@ct3r$_t0g3th3r_1337}

Password 2

Challenge provides the following code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import random

def checkPassword(password):
    if(len(password) != 47):
      return False
    newPass = list(password)
    for i in range(0,9):
      newPass[i] = password[i]
    for i in range(9,24):
      newPass[i] = password[32-i]
    for i in range(24,47,2):
      newPass[i] = password[70-i]
    for i in range(45,25,-2):
      newPass[i] = password[i]
    password = "".join(newPass);
    return password == "CYCTF{ju$@rcs_3l771l_@_t}bd3cfdr0y_u0t__03_0l3m"

print(password)
for char in password:
    print(char,end='')

I changed the code to the following code and got the flag.

1
2
3
4
5
6
7
8
9
10
11
12
13
password = "CYCTF{ju$@rcs_3l771l_@_t}bd3cfdr0y_u0t__03_0l3m"
newPass = list(password)
for i in range(0,9):
    newPass[i] = password[i]
for i in range(9,24):
    newPass[i] = password[32-i]
for i in range(24,47,2):
    newPass[i] = password[70-i]
for i in range(45,25,-2):
    newPass[i] = password[i]
print(newPass)
for char in newPass:
    print(char, end='')

FLAG: CYCTF{ju$t_@_l177l3_scr@mbl3_f0r_y0u_t0_d3c0d3}

PASSWORD CRACKING

secure (I think?)

I used crackstation on the given hash and got the flag.

FLAG: securepassword

Crack the Zip!

Run “fcrackzip -Du -p /usr/share/wordlists/rockyou.txt flag.zip” on the given zip and i got the password for the zip, opened the zip and got the flag in the file inside the zip.

FLAG: cyctf{y0u_cr@ck3d_th3_z!p…}

supa secure

Run “hashcat -m 20 -a 0 -o cracked.txt hash.txt /usr/share/wordlists/rockyou.txt –force” with [given hash]:[given salt (cyctf)] in the hash.txt gets the flag.

FLAG: cyctf{ilovesalt}

Me, Myself, and I

Used crackstation on the given hash

FLAG: CYCTF{whoami}

Hacking CTF
CTF Writeups

All articles in this blog except for special statements,Both adopt CC BY-SA 4.0 protocol, Please indicate the source!