Monday, 18 November 2013

CSCamp CTF Forensics 200(dataNov-8-2013)

As i said i dont remmeber exactly the questions..This was regarding to find the fake users in the database..
As per i remember the question said -
There was a admin who lost his database which was accessed by a script kiddie with tampering of data..Now the task was to find the users who have been registered.

File can be downloaded from here :

Well if you look at the file in text editor it is find to difficult..In notepad++ if you find for \r [carriage return] you would get the count as 5..all those five is the answer.
One more method is to use hexedit.
You would find 2 dots before INSERT and all those users will be the answer.

Now the question said you need to find md5(user1,user2,...userN)

so the answer will be :
MD5 hash for Aurora Davis,Melodie Patton,Octavius Gamble,Lara Benson,Leilani Rivas is : 71284b9edd33e4141952b325a9c6acda

Flag : 71284b9edd33e4141952b325a9c6acda

Sunday, 17 November 2013

CSCamp CTF Stegnography-3[Interesting play!]

This is something a new and a learning thing.There is a tool which can encrypt your text by giving you a meaningless play.Lets get started

Question :
Phil says "I love you, no really."
Kenny says "Hot steamy grits!"
Jason says "Hot steamy grits!"
Jason says "No."
Adam says "Get off my colon"
Andy says "Who said OJ?"
Paul says "Who said OJ?"
Sam says "Jason paid me for it."
Mike says "Jason paid me for it."
Phil says "Jason paid me for it."
Paul says "But I read slash-dot"
JYA says "Well smother me in curry sauce and lick me."
Andy says "Did he mean to die just then?"
Andy says "Mike - you ladyboy!"
Sam says "I said, you've got beautiful eyes."
Harold says "Mine's a pint"
Harold says "I'm so excited"
Andy says "I said, you've got beautiful eyes."
Kenny says "So avoid that then!"
Mike says "Did he mean to die just then?"
Sam says "But I read slash-dot"
Mike says "Show me the fish!"
Andy says "Okay, now think of a funny line"
Sam says "Well smother me in curry sauce and lick me."
JYA says "Who said OJ?"
Andy says "Mike - you ladyboy!"
Jason says "Okay, now think of a funny line"
Mike says "Jason paid me for it."
Mr Hanky says "I never talk politics."
Mike says "Mmmm ... "
Sam says "Okay, now think of a funny line"
Kenny says "Mine's a pint"
Mr Hanky says "Mike - you ladyboy!"
Paul says "Who said OJ?"

Saturday, 16 November 2013

CSCamp CTF - Crypto 1a

Ah this took me a lot of time to figure out eventhough it was only 30 points.Points doesn't matter.Does it?Uh only if you are good enough.In learning stage never look for points.

well enough of philosophy :-p Now lets get back to work.

Question was to decrypt the message
Message was : Zc duwcievvohpxqv uf bue xw iuzmgwtpthshon. Xpby wg tzx bak eikdxqht; wh'y sse rui ru tx bagh agexmky. Hvk qpiz og hnp pwpkfqgdi mfs rsk qmdx nogn zj bak yse tr thcsfilwm.

Now i guessed it as vigenere cipher and confirmed with admins about it.They told to proceed as i was in correct path.

Now how do i find the key..just keep trying from 1..At 8 you get it.I mean you can see the plain text ..
Key is "GOOGLEIT".

try here :

You see this ?
"TO PolYaLphabetic oR NoT to PolYalphabeTic. ThIs iS not THe QUeStiOn; iT's hoW YoU do it THaT MaTteRs. the flag iS The loWeRcaSe eMm dee fiVe haSh of THe keY in lOWeRcase."

now the message clearly says : md5(googleit)
MD5 hash for googleit is : 36a2b79e4c40eabc3824b2bb433978f4

Flag :  36a2b79e4c40eabc3824b2bb433978f4

CSCamp Crypto-PNG

Again i don't remember the exact question.
There is an encrypted image can you tell me what is the message?

Download the file here :

When googled about it there was a similar question in some CTF and i found that xor cipher.So asked one of the admin and confirmed it.Now which tool do we use? Xortool from hellman.Astonishingly he himself was there in the irc :-p
Download it here :

Go to the xortool and type this in command line "python ./ -c 00"
First time i used the tool and was totally impressed.

Key is : x0Rk3y
well i havent made the python a executable.If you are using linux you can just run this command "chmod +x" and after this you can just use xortool.
Now lets go ahead note that i haven't made my a executable.
Lets run this command now enc.png python ./
After this you would see a folder named "xortool_out" and in that a file named "0.out"
Rename it to .png and open it in paint or whichever image viewer you want.

you will see "The key is pwnthexorcrypto"

Flag : pwnthexorcrypto

CSCamp CTF Stegnography-1

As the portal has been closed i cant get the exact questions,but i have files.So you can try out.


There was a file to download and the hint given was "your eyes are blurry"

file download :

It was 50 points.Simplest one.

Open in paint and use the "fill with color" option.Select any color you want apart from white because you cant see properly.

Can you see this now ?
The Flag is {Are_you_color_blind}

Flag : Are_you_color_blind

Tuesday, 12 November 2013

Zeromutarts - Serial verifier

Website :

Question :
Try to validate the nice little piece of code. You will get your flag here: Serial verifier

As i tried on windows i would like to share only windows

File : Windows

Solution : 
Click on Serial verifier link.You would get this

I used ida-pro.
Basic approach : view->open subviews->strings , you would land up something like this :-)

Now double clicking on the string "I would like to know your serial now" ,you would landup to ida-view.switch to graph-view and again go to view->open subviews->pseudocode

Zeromutarts - the magic of rsa

Website :

Question :
You were able to hear some whispering on the last crypto party! *whisper* d is 35181901. Keep it secret or we are doomed!

There are 2 files namely and rsa.txt,you can download it from here..



I would suggest to read about RSA here in wiki

the parameters we know is n,e and d
oh wait!! what is d? look at the question.. d is 35181901

plain-text = (cipher-text)^d mod n

This is the formula.we know all the parameters.Ciphertext is the one in rsa.txt. I would suggest you to write it in a script because trust me you will learn a lot.

Anyway you could use this website as well :
RSA Calculator

substituting d,n and the ciphertext we would get

FLAG : you_got_the_basics_my_padawan

Zeromutarts Challenge-5 (encodings)

Website :

Question :
I believe a flag is hidden in this encoding. Can you find it?:


Fine , First thing to observe is "==" in the message ..Its a base-64 encoding is what can be concluded..

Base-64 online tool

we get :
Maybe you should think the other way: [)"}rgheo_hg_gr{tnys" :rfnperjby av tnys rug gbt hbL /b\ !rpvA( :?ti tfihs neve uoy nac ,raen si dnE nA]

After reversing we get : 
An End is near, can you even shift it?: (Avpr! \\b/ Lbh tbg gur synt va ybjrepnfr: "synt{rg_gh_oehgr}")

After shifting 13 times that is 'M' is the key..
we get :
Na raq vf arne, pna lbh rira fuvsg vg? : )Nice! \o/ You got the flag lowercase: "flag{et_tu_brute}")]

Flag : et_tu_brute

Zeromutarts Challenge-4 (chbs)

Website :

Question :

Answer :
Looks like trivia question and yes it is  :-)

Google "Tr0ub4dor&3"...

third website says this :
This comic is saying that the password in the top frames "Tr0ub4dor&3" is easier for password cracking software to guess than "correcthorsebatterystaple"

Challenge is chbs and the string is "correcthorsebatterystaple".hence it matches..But remember the format ?

Flag : correct_horse_battery_staple

Zeromutarts Challenge-3 (Caeser's Last Wish)

Website :

Question :
Caesar left a message for me. Can you decrypt it?

message :
zh zrxog qhyhu pdnh lw wkdw hdvb.. rxu hqfubswlrq lv rqh vwhs dkhdg!livi mw er mrgvihmfpi xlsyklx sj geiwevr alex ai amwl, ai viehmpc fipmizi, erh alex ai syvwipziw xlmro, ai mqekmri sxlivw xlmro epws. ai amwl xli jpek mw jpek{xairxc_xlvii_wxefw_evi_aec_xss_qerc}

Caeser online tool

Simple caesar decryption would give us a hint :
we would never make it that easy.. our encryption is one step ahead!ifsf jt bo jodsfejcmf uipvhiu pg dbftbso xibu xf xjti, xf sfbejmz cfmjfwf, boe xibu xf pvstfmwft uijol, xf jnbhjof puifst uijol bmtp. xf xjti uif gmbh jt gmbh{uxfouz_uisff_tubct_bsf_xbz_upp_nboz}

Now we need to try Shift Caeser: Lets check from key 1,2,3,4 woajh got it :-)

In the same online tool you see this ?
"Number of letters to shift to the right:" In the box put 4 and click decipher.

We get :
vd vntkc mdudq lzjd hs sgzs dzrx.. ntq dmbqxoshnm hr nmd rsdo zgdzc!here is an incredible thought of caesarn what we wish, we readily believe, and what we ourselves think, we imagine others think also. we wish the flag is flag{twenty_three_stabs_are_way_too_many}

Flag : twenty_three_stabs_are_way_too_many

Zeromutarts Challenge-2 (antonin)

website :

Question :

I got a letter from my friend Antonín. However, it's all Czech to me, maybe you can read it.

Message :
E.ap ipc.bew
C dgoy ,aby yt n.y ötg rbt, yh. itp yh. .bjpözy.e ojptnn C ötgv Go. cy ,co.nö abe et bty uck. cy yt abötb.v

Yh. coV inau{i..n'ot'xth.mcab'ncr.'ötg}

Well now the question is clear so how do we proceed ?
Lets have some google search..Who is antonin? is there a encoding method blah blah..

wiki says that the guy in the picture is antonin dvorak and there is a dvorak encoding..
Antonin Dvorak  Dvorak Encoding

Lets search for a online tool.
dvorak cipher decoder

After we convert it to QWERTY we get this :
Dear griend,
I hust want tk let öku onkw tje secret gkr tje encrö/ted scrkll I sent öku. Use it wiselö and dk nkt five it tk anökne.
Tje secret is> glaf_geelqskqbkjemianqlioeqöku+

So now its which alphabets is replaced from normal english

g replaced with f
h replaced with j
o replaced with k
ö replaced with y
/ replaced with p
q replaced with _

Now how do you think i got to know that q is _ ? Uh , simple what does the zeromutarts home page say? it says the format for flag is x_x_x_x  right? :-)

After replacing you will get this :
Dear friend,
I just want to let you know the secret for the encrypted scroll I sent you. Use it wisely and do not give it to anyone.

The secret is> flag_feel_so_bohemian_like_you

Flag : feel_so_bohemian_like_you

Zeromutarts Challenge-1 (404)

Well this is the write up regarding the beginners CTF which was held recently..Got over yesterday but still you can solve the challenges as the site is live..

Website :

Question :
HTTP codes are kinda fun

The challenge is about Http error codes.So  lets dig in deep what is error 404 from our friend wikipedia.

well it tells us that "It is the webpage when user tries to access dead link or broken link".
So just try some random page like login.php..

this would result in :

404 - Not Found

414 is so much better...

so now search what is 414 error,its nothing but a huge link.try randomly giving something and you would land up in flag..

something like this :

Now you will see the flag : 

Saturday, 2 November 2013

EMCDefendersleague2013 week-1 challenge-7 solution

Files can be downloaded from here :


Question : We have obtained an innocent looking file from our sources who confirm that there is a coded message hidden somewhere inside. Get the message!

Hint 1:Hidden in bits!

Hint 2:PE File Format

Hint 3:Hex Editor

We know that the file is a PE executable.
Now a good reverser's best tool is "strings"

Command : strings Contest7.sample

Now scroll a bit and observe this string 
0x53 0x4a 0x6a 0x58 0x65 0x66 0x61 0x52 0x53 0x7a 0x58 0x42 0x6f 0x71 0x56 0x57 0x52 0x74 0x46 0x66 0x6a 0x72 0x5a 0x73 0x78 0x75 0x64 0x76 0x43 0x54 0x48 0x62 0x63 0x55 0x6f 0x51 0x4a 0x58 0x75 0x78

now we know that its a hex string,Converting it to ASCII gave me the answer.
I dint go by the hints.but this would be a easy reversing.

here you go the flag is : SJjXefaRSzXBoqVWRtFfjrZsxudvCTHbcUoQJXux

By this week-1 questions and solutions are done.Hope you enjoyed it! Thank you..

EMCDefendersleague2013 week-1 challenge-6 solution

Files can be downloaded here :

Mickey Mouse loves to be in company with his friends and when they are not available, Mickey always keeps a group photo with him.

Hint 1:Hidden in bits!

Hint 2:Steganography

file name : Contest6.sample

so we know that its a zip file and when we try extracting we get a pop up for password like this :

so we need to use a zip cracker.Just a guess of range to be 4 solved it.It worked with a lucky guess.but be sure to have bigger for other similar challenges.Here is the link for zip password cracker which i used temporarily.

password is : xtOQ