Written By Akademy on Monday, March 2, 2020 | 2:37 AM
Whassup guys welcome to another series of tryhackme CTF challenges. I named this series as CTF 100
with a meaning of capturing 100 flags. This room was created by me.
Guess what, I’m the guy who behind all this crazy challenge, upvote this
room if you like it or let me know if you hate it XD. Since there are
around 9 people solved stage 1 (As for 3/11/2019), this is a good time
to do a write-up. Enough BS, let’s get started.
We have port 3333 open on the machine. Let’s check it out with telnet.
$ telnet <Machine IP>3333
The terminal asking for your address. Enter the address according to your tunnel IP.
Alright! We just capture our first flag. The terminal also mentions
that there are 5 ports are being opened in the machine. Time to perform
another Nmap scan. Answer: you_got_a_message
We are now able to identify all the ports current open in the machine. Let kick start with port 3343.
Upon accessing the port, you will be greeted with a message and an input field. The code can be deciphered using Rot 13 decoder.
Enter the plaintext and capture the flag. Take note of the number as we going to need it afterward. Answer: qt8pm59jh5r49uqdwfw2
Task 1-3: Flag 3 – Ceaser cipher
Let’s move on to the next port (3353).
This is a Ceaser cipher. keep rotating the letter until you get a proper English word. Answer: 5wdtc7jzk33qjauh5gxm
Task 1-4: Flag 4: Vigenere cipher
This task is a bit tricky. Let see what is inside the port 3363. Where is the key. Get it? Basically the key is where. Did you fall into my trap? haha. Answer: sm8jvu8jxu7dz6s7qmsp
Task 1-5: Flag 5 – Morse code
Next port (3373) please.
Use a Morse code translator to yield the following results. Answer: 2p3363hrava9fbq296ca
Task 1-6: Flag 6 – Hex
Let’s hop on into next port (3383)
This one easy, just translate the hex code into ASCII. Answer: skuj9359mqdm6sv8d8z6
Task 1-7: Flag 7 – Silent
Did you get all 5 numbers from the previous task? The number is
89897431566793323331
According to the order of the flags. Open up port 9999 and enter
those numbers. (There is a reason I choose port 9999 as port knocking
channel, use Nmap and check the name of the port)
Does something happen? Time to do another scan.
Another open port. Let’s check it out DO NOT TRUST ANYTHING IT SAID. Keep silent by pressing enter and eventually it will open another path for you.
If you get trolled, I’m truly sorry. The PORT PORT … mean there is another 5 port opened in the machine. Answer: zmht7gg3q3ft7cmc942n
5 more challenges are ready to be solved. Let’s move on to port 4001.
This is a base64 encoded text. Let’s decode the text.
Take note of the number as you gonna need it later on. Answer: dmm32qvfkfwm6yjnw46k
Task 1-9: Flag 9 – Base32
Let’s move on to the port 4002.
This is base32.
As simple as 1 + 1. Answer: fuf8mx74nph26f69mr97
Task 1-10: Flag 10 – Base58
What inside port 4003?
This is a base58. For your information, base58 is almost look-alike to base64 but it is not very well-known. Answer: hud9bm8yc37md5b7t7mn
Task 1-11: Flag 11 – Base85/ASCII85
Port 4004, onward!
Base85 something looks like gibberish to us. Base85 or ASCII 85 contains all the readable ASCII code from decimal 33 to 117. Use the following decoder to decode the text. Answer: 4xm43r2wajrsrbm4775d
Task 1-12: Flag 12 – Base91
What does the port 4005 say?
Hey, another gibberish. This is base91 encoded text and nobody gonna uses it. Answer: qtfvbd7gbvyg9gww5jwj
Task 1-13: Flag 13 – Recollection
Similarly to the task 1-7, collect all 5 numbers and reveal another
path. The number can be ordered as (according to flag number)
1011310415210333555525637
This order is not true, you need to reverse the order and become.
2563735555210331041510113
Use the number on port 9999 to open a new path.
Perform another Nmap scan to find the path.
Huh, port 6000.
More challenges ahead! Answer: aehg24vwn5yyc8jz4tv5
Task 1-14: Flag 14 – pikalang
Do another Nmap scan and I promise this is the last Nmap scan, haha.
Alright, we located all 5 open ports. Let’s move on to the port 6010.
What? We can’t understand this language. Who let the Pikachu out? Actually this is an esolang called pikalang. Check this translator out. Answer: k2phhw85emq3v4njj5g6
Task 1-15: Flag15 – Binaryfuck
Another esolang on port 6020.
This is not an ordinary binary number, this is another esolang called binaryfuck. Check this translator. Answer: qtfvbd7gbvyg9gww5jwj
Task 1-16: Flag 16 – Spoon
Find the spoon on port 6030.
This is another esolang named spoon. Try this translator. Answer: ckjug6sj88xuajfku72h
Task 1-17: Flag 17 – Reversefuck
Drop the bass on port 6040.
Brainfuck is too mainstream, that is why I go for reversefuck. Use this translator. Answer: x4xhrqx3ywzyx2jmgc5j
Task 1-18: Flag 18 – Alphuck
Another brainfuck variation on port 6050.
This is a variation of brainfuck, called alphuck. Use this translator.
Answer: kr2t9qcgt4ht9h6j5ydp
Task 1-19: Until the next challenge.
Did you notice the numbering on the last 5 tasks? That is the port knocking sequence for stage two. The order should be
31031500107968200106100
Use this number to unlock the port on stage 2. IF you have doubts about the sequence, you can perform a check on port 9999. Answer: 31031 50010 7968 20010 6100
Conclusion
That concludes the CTF 100 stage 1 write-up. Stage 2 write-up coming soon. See ya
0 comments:
Post a Comment