Categories
Capture The Flag

GirlScript CTF Writeup – August 2020

So this weekend, I participated in a CTF challenge that was organized by GirlScript Goa. It was among the beginner level CTFs, so I was able to solve all but one problem. Nonetheless, I came in 3rd in this and here is my writeup for the solutions of the challenges that I solved.

CTF points/Rank

Miscellaneous Challenges

A Hearty Welcome! (10)

GirlScript CTF Writeup - August 2020 1

It was a 10 point challenge and the easiest one.

Challenge description –> Now: https://discord.gg/9tJjUks and Capture The Flag!

This one was a complete no brainer as you have to join the discord, and the bot will give you the flag–> heLl0{WelC0me_70_h4X0r_kwe57}.

The Diamond (20)

GirlScript CTF Writeup - August 2020 2

This one was a bit tricky, the flag file has no extension to know how to open it. But just for this purpose, there is a linux command file which tells the file type of a given file. Running this command on the flag, we get the result that it is a ZIP Archive.

GirlScript CTF Writeup - August 2020 3

After unzipping, we repeat the process and find that it is a bzip2 archive. Repeating the same process over 4-5 times we finally get ASCII text which gives us the flag: gsCTF{0h_l0rd_0f_dec0mpr3ss10n}

Steganography Challenge

Make America Great Again (30)

GirlScript CTF Writeup - August 2020 4
GirlScript CTF Writeup - August 2020 5

When you see a png image in a steganography challenge, the first thing that pops in mind is the zsteg tool. So, we run the tool in kali, and we got a message.

Ah, you got me there! Here you go:\ngmdzQ1RGe3cxbl90aDNfNHJ0XzBmX3RoM19zdDNnfQ==

GirlScript CTF Writeup - August 2020 6

This is a base64 encrypted text after decrypting it using an online decoder we got the flag–> gsCTF{w1n_th3_4rt_0f_th3_st3g}.

OSINT Challenges

The Social Butterfly (50)

GirlScript CTF Writeup - August 2020 7

It was one of the trickiest challenges in the CTF. Personally, it took me quite a while to figure out the solution.

Here if we go line by line, the first hint we get here is INSTA.

Which means that the word that we want to decode could be an Instagram username or a hashtag. From the second line, we got to know that there are two words first one is of 3 letters and the later one is of 7.

Now the next statement gives us a hint 11 that is based 16 which means its hexadecimal character, i.e. b and similarly the hex value of 14 is e and e is either side of the word means at the second and the second last position.

The Romans told me 500 would be my end indicates the 500 in roman numeral form, i.e. D is at the end and 1, which indicates I in roman form is in the heart that means the middle, from middle 50(L) and 5(V).

These all words can be decoded from the lines now if we see we got 7 characters and we also know the position as given in the ques.

Now the word becomes belived, and if you read carefully the fourth line indicates a little different what you believed could be.

So the first word could be you 🤔. Let’s see if we get something.

And Voila!!! Got an account on Instagram named @you.belived and if we check the comments on the most recent picture we get the flag 😉.

GirlScript CTF Writeup - August 2020 8

Where am I? (50)

GirlScript CTF Writeup - August 2020 9
GirlScript CTF Writeup - August 2020 10

As you can see we got an image from the challenge description

And I did a reverse search on google, and after some crawling, I found the same image on a Bulgarian blog.

GirlScript CTF Writeup - August 2020 11

           Flag is gsCTF{plovdiv}

Wheels Wheels Wheels (50)

GirlScript CTF Writeup - August 2020 12

Like Where Am I Challenge I started looking for reverse searches on google but this time sadly no result then I just got the idea to crop the picture. So I cropped the giant wheel and reverse searched for the building and Voila!! This time I was successful in finding the flag

GirlScript CTF Writeup - August 2020 13

As in the description, it says I have to give the name of the Ferris wheel as the flag, so I searched the Ferris wheel in Parklands and got the answer it was The Wheel of Brisbane. So the flag is gsCTF{the_wheel_of_brisbane}.

Cryptography Challenges

Et Tu, Brute (30)

GirlScript CTF Writeup - August 2020 14

After gathering some experience in the CTFs, you will probably guess this easily as this is ROT encrypted and after spending some more time I found that it was ROT15 and the flag was gsCTF{1t_w45_Gr33k_t0_m3}.

Communication is the key (40)

GirlScript CTF Writeup - August 2020 15

In this challenge, I got a text file consisting of binaries, and the description says that it is a five-bit measuring rate in Bd. So after crawling the google for five-bit ciphers, I found Baudot cipher which is not used now exactly as the description says. So we will decrypt it easily using the online decrypter from https://www.dcode.fr/baudot-code which is, in general, an excellent website for solving crypto challenges.

GirlScript CTF Writeup - August 2020 16

And from here it was just easy I have to put the flag in the CTF format, i.e. gsCTF{EMILE_TELEGRAPHS_HIS_REGARDS}

 Oh so French! (50)

GirlScript CTF Writeup - August 2020 17

If you read the description carefully and search French cipher on google, you will quickly know that Vignere Cipher will be used here, but that is where the challenge begins as to decode vignere cipher we need a key as told in the challenge that we should get the Christian(First) name of the actual inventor might be the key. After some crawling, I found the name of the actual inventor was Giovan Battista Bellaso so that the first name might be the key and Voila!! My guess was correct, and I found the flag.  

gsCTF{1s_it_l3_ch1ffr3_indéch1ffr4bl3}

The Game of Base (60)

GirlScript CTF Writeup - August 2020 18

Looking at the challenge description and name, we can figure out that this challenge involves decoding multiple Base Encodings (Base64, Base26, etc.)

Luckily there is a simple tool basecrack by mufeedvh on Github for this purpose. Quickly cloning the repository and running the script decodes the string.

The flag is gsCTF{y0u_sc0r3d_4_h0m3_run}

Reverse Challenges

Level 1 (30)

GirlScript CTF Writeup - August 2020 19

Running the given python file we get a string in flag format: gsCTF{y0u_G07_f0013d_w17h_Th15_f14g. lol XD}.

Hmm, this doesn’t really look like the flag so we open the file in a text editor and there it is, the real flag in the comments.

gsCTF{tH1s_i5_4_r3aL_fL4g_y0u_Mu5t_sUbm1T_1t!}

Level 2 (40)

GirlScript CTF Writeup - August 2020 20

This time on running the script, it’s asking for the password. Looking at the source code we see that there is a simple string compare function which has the correct flag.

GirlScript CTF Writeup - August 2020 21

Flag: gsCTF{iT5_s1mPlY_1n_tH3_C0d3}

Level 3 (50)

GirlScript CTF Writeup - August 2020 22

We proceed as in level and look at the source code. This time we see that the string is simply cut in parts.

GirlScript CTF Writeup - August 2020 23

On rearranging the string, we find that the flag is: gsCTF{y34H_tHiS_a1nT_sEcuR3}

Level 4 (60)

GirlScript CTF Writeup - August 2020 24

Repeating again and opening the source, we see that the password is first encoded by a function woah() with a key, encoded in UTF-8, and then encoded with base64. The final string is compared to a given value. So reversing the string will get us the flag.

GirlScript CTF Writeup - August 2020 25

We first decode the string with Base64 and we get some ASCII values.


,#(]+X("JUV0^32_12R:
2H)D

We see that woah() is just XORing the string with a given key. So simply passing the decoded string in woah will give us the flag, and here it is: gsCTF{d0N7_L34v3_y0uR_x0r_K3y_bEh1nD!}

It sounds fishy! (40)

GirlScript CTF Writeup - August 2020 26

Opening the given malicious.exe file in a virtual machine (to be safe) shows that the file is corrupted. But simply running the file command on Linux tells us that it is a pdf file.

GirlScript CTF Writeup - August 2020 27

On renaming and opening the file in pdf viewer, we notice that there is white text on white background. Simply copying all text and pasting on a notepad gives us the flag which is: gsCTF{1_Th0uGh7_y0u_w0u1dn7_Se3_m3!}

Get the latest tech news and updates, ethical hacking tutorials, and cybersecurity tips and tricks. Check out MeuSec for more.

Sometimes we include links to online retail stores and/or online campaigns. If you click on one and make a purchase we may receive a small commission.

Comments:

Leave a Reply

Your email address will not be published. Required fields are marked *