My Write-Up for DCTF 2021, organized by DragonSec Slovenia
Simple Web
• Links to a HTML page with an “I want flag” checkbox and a submit button
• Checking the box and submitting returns “not auth” text
• Checking HTML source code
• Found a suspicious looking HTML tag: <input hidden name="auth" value="0">
• Looks like the auth value is set to 0, which means off
• Setting that to 1 through inspect element
• Successfully found the flag after checking the box and submitting
• dctf{w3b_c4n_b3_fun_r1ght?}
Very Secure Website
• Login page
• Source code is visible
• Asks for a username and a password
• Checks if the username and password equal a tiger128,4 hash
• Found the username: admin, using online decoders
• Found a blog about magic hashes that specifically target PHP “==” hashcheckers
• https://www.whitehatsec.com/blog/magic-hashes/
• After reading about that vulnerability, it seems like we can just input the string “479763000” to get the flag.
• dctf{It's_magic._I_ain't_gotta_explain_shit.}
Julius' Ancient Script
• Seems to be Caesar’s cipher judging by the name
• After shifting the letters and numbers, we get dc7f{7hT_dRT_hU6_bTT1_cU67}
• Seems like I need to rotate the numbers and capital letters, while keeping the lowercases as they are
• By knowing that the 7 is suppose to be a t (the flag is always in the form dct{flag}), I can rotate it until I get the orientation I need
• Got the flag dctf{th3_d13_h4s_b33n_c4st}
This One Is Really Basic
• The attached file is a text file that looks to be base 64 encoded
• Plugging it into cyberchef (automatic base64 decoder) seems to keep wanting to decode it again and again
• The challenge description says “the meaning of life and everything” which means 42, a reference to hitchhiker’s guide to the galaxy
• We can deduce that it’s just base64 encoded 42 times
• dctf{Th1s_l00ks_4_lot_sm4ll3r_th4n_1t_d1d}
Strong Password
• The attached file is a encrypted Zip, which asks for a password
• Going to use zip2john and then john the ripper to brute force the password with the wordlist RockYou
• Got the password to the file, but it’s a bunch of lorem ipsum text
• Tried to play around with it for a while, then I thought why not check the hex code with hexeditor
• The flag was hidden in the metadata of the text file
• dctf{r0cKyoU_f0r_tHe_w1n}
Bad Apple
• Attached file is an MP4 of a music video
• At 1:32-1:42 the audio seems to be jumbled up
• Tried an online morse code decoder, doesn’t seem to work
• I started to suspect that it’s something to do with audio waves, so we can use sonic visualizer after we convert it to MP3
• Using the spectrograph and scrolling out really far we find something that looks like a QR code
• Used an app on my phone to convert the QR code, which leads to text of the flag
• dctf{sp3ctr0gr4msAreCo0l}
Extraterrestrial Communication
• Attached file is an MP3
• The challenge comes with a hint: “On a completely unrelated note, did you know how they trasmitted the first image from the moon?"
• Okay, first thought was that it’s morse code
• Tried another morse code decoder, doesn’t seem to be correct. The audio waves look a lot like radio, so I need to find out which type of radio was used to transmit the first image to the moon.
• After hours of googling, I found out SSTV, a way for satellites to send images using radio waves.
• This article helped me a lot: https://ourcodeworld.com/articles/read/956/how-to-convert-decode-a-slow-scan-television-transmissions-sstv-audio-file-to-images-using-qsstv-in-ubuntu-18-04
• I downloaded software called “MMSSTV” with a virtual audio driver and then played the attached MP3 file I got from the challenge
• After the MP3 stopped playing, I looked at the history tab in the MMSSTV program and it’s the DragonSec logo with the flag right in front of it dctf{wHat_ev3n_1s_SSTV}