Syskron CTF 2020 Beginner Writeup

Welcome

Welcome

Challange

welcome-letter.pdf

Solution

Copy and paste the solution from the letter.

Flag : syskronCTF{th4nk-you}

Trivia

In this Trivia section, I found solutions only by googling, I don't know these things before. I think this is the meaning of doing CTFs. Learning things.

Vulnerable RTOS

Challange

Solution

While googling I found this post. And there the vulnerability we want.

Flag : syskronCTF{urgent}

Deadly malware

Challange

Solution

I found this post from google. And that is about malware, that we want.

Flag : syskronCTF{triton}

Security framework

Challange

Solution

After Googling "Cybersecurity Framework" I found this pdf and 6th (or 13th) page of the pdf lead me to the flag.

Flag : syskronCTF{ID-PR-DE-RS-RC}

Monday

Redacted news

Challange

2020-10-1-secureline.png

Solution

PNG files have a transparent layer, what I do is, I changed this PNG to JPG.

First, install ImageMagick I use this command.

sudo apt install ImageMagick

after that, I use this command to convert the PNG image to JPG.

convert 2020-10-1-secureline.png 2020-10-1-secureline.jpg

and it reveals the secret.

Flag : syskronCTF{d0-Y0u-UNdEr5TaND-C2eCh?}

Security headers

Challange

Solution

I navigate www.senork.de by Chrome. Open the Chromes Dev Tools (F12) and go to the Network tab and Refresh the page. That will update the Network tab content. Click on "www.senork.de" on the list. In the Headers sub-tab and on under Response Headers section you can find the flag.

Flag : syskronCTF{y0u-f0und-a-header-flag}

Tuesday

Leak Audit

Challange

Download BB-inDu57rY-P0W3R-L34k3r2.tar.gz

Solution

I used this program (SQLiteDatabaseBrowser) to open the database file.

Answer 1

Count how many rows in the database. Using this program is only, browse the table and navigate to the bottom of the page.

Answer 2

I run this query to get the answer.

SELECT * FROM personal AS per1 JOIN personal AS per2 on per1.password = per2.password WHERE NOT per1.number = per2.number

Answer 3

Bcrypt hashes contain a hash algorithm identifier. We can identify and filter all Bcrypt encrypted passwords with this part of the hash. 

I use this SQL query to filter encrypted passwords.

SELECT * FROM personal WHERE password like '$2b$%'

Find out more about BCRYPT in here.

After combining all answers we can make the flag.

Flag : syskronCTF{376_mah6geiVoo_21}

Bash History

Challange

Download bash_history

Solution

This file contains 218 of commands. When I read through commands I saw that there are some base64 encrypted commands and I decrypted them and I found this base64 hash.

xYTjBNR3hsTFdGc2JDMUVZWFJoSVNGOQ==

I tried to decrypt this but failed because it didn't contain complete hash. After that, I found this command.

echo ZWNobyBjM2x6YTNKdmJrTlVSbnQwU0dWNU== | base64 -d

after running this it reveals this command.

echo c3lza3JvbkNURnt0SGV5

I also decrypt this and It shows half of the flag. I realize that this should be completed by combining the other uncompleted hash.

After running this command

echo ZWNobyBjM2x6YTNKdmJrTlVSbnQwU0dWNUxYTjBNR3hsTFdGc2JDMUVZWFJoSVNGOQ== | base64 -d

 it reveals this

echo c3lza3JvbkNURnt0SGV5LXN0MGxlLWFsbC1EYXRhISF9 

it is also a base64 hash.

Flag : syskronCTF{tHey-st0le-all-Data!!}