This is part of a series called Archive CTF
Here's the map if you somehow want to access all of the series: The map
This poster is the poster of iCTFF 2019 that happens in UITM Jasin (Melaka).
This is so happen to be my first official CTF competition.
Ok, a little story time. This CTF divided into three category, Beginner, Intermediate and Forensic
So, I should enter the Beginner one right?
But, through my senior at uni, I know that there are vacancy in a team going for intermediate level.
I just enter the team. A little trial by fire there.
There are 2 part for this Intermediate CTF, first is Secure Coding where you make a vulnerability report based on the question given.
The other half is just typical Jeopardy CTF where the questions are divided into category and you can get points each time you settle the question by submitting a string called flag hence the name Capture the Flag.
I actually can't track down the first half of this CTF's question to really explain the report that I've sent to the evaluator.
So, I'm just going to explain the second half of this CTF
crypto100
This is literally the most basic cryptography problem that costs 100 points. After you open the question, you will get this:
bWFsZXtDakFoTGdfR2pfV2ZVZ1ZhRll9
During the event, I just assume that this one is a Base64 string. So, for the sake of confirmation (in retrospect, I should do this), I will run Magic feature on Cyberchef(https://gchq.github.io/CyberChef/) which is a really neat swiss knife for security stuff to show you this string type
So, as you can see this string is a Base64 encrypted. Confirms my intuition.
Also in that screen, you will get this: male{CjAhLg_Gj_wfUgVafY}
The flag format is uitm{this_is_a_flag}
So, we might on to something here
What if we run a Caesar cipher?
A Caesar cipher is a letter substitution cipher is where you move the order of an alphabet to encode this.
Example:
Blog -------> Cmph (Shift + 1)
Blog --------> Dnqi (Shift + 2)
and so on and so forth.
You can read the full explanation of the cipher here:
https://datagenetics.com/blog/july42015/index.html
But, I'm going to attempt to explain to you the types that available in this cipher and the ones that we use
Ok, there are (at least in my knowledge) there are 2 variant of this cipher that are commonly used,
- ROT13
Basically, this is just another name for Caesar cipher.
Fun fact: If you run this cipher 2 times, you will get the original message
- ROT 47
Instead of using ASCII 33 standard, this type of cipher uses ASCII 126 which will include many more symbols in the shift order.
You can read about ASCII 33 and ASCII 126 here: https://learn.parallax.com/support/reference/ascii-table-0-127
This type is cipher is not subtle at all so you can detect this type of cipher immediately
Example:
So, in this case, we will use ROT13(there are no option for Caesar cipher in Cyberchef) and shift the letter until you get the flag
So, this is the flag: uitm{KrIpTo_Or_EnCoDiNG}
crypto200
This is a cryptography question that offers 200 points. This is a level above the challenge before
You will get this after opening the question:
Um0geGlia2dsdGl6a3NiLCB6IGhmeWhncmdmZ3JsbSB4cmtzdmkgcmggeiBudmdzbHcgbHUgdm14aWJrZ3JtdCB5YiBkc3J4cyBmbXJnaCBsdSBrb3pybWd2Y2cgeml2IGl2a296eHZ3IGRyZ3MgeHJrc3ZpZ3ZjZywgenh4bGl3cm10IGdsIHogdXJjdncgaGJoZ3ZuOyBnc3YgImZtcmdoIiBuemIgeXYgaHJtdG92IG92Z2d2aWggKGdzdiBubGhnIHhsbm5sbSksIGt6cmloIGx1IG92Z2d2aWgsIGdpcmtvdmdoIGx1IG92Z2d2aWgsIG5yY2dmaXZoIGx1IGdzdiB6eWxldiwgem13IGhsIHVsaWdzLiBHc3YgaXZ4dnJldmkgd3Z4cmtzdmloIGdzdiBndmNnIHliIGt2aXVsaW5ybXQgZ3N2IHJtZXZpaHYgaGZ5aGdyZ2ZncmxtLg0KSGZ5aGdyZ2ZncmxtIHhya3N2aWggeHptIHl2IHhsbmt6aXZ3IGRyZ3MgZ2l6bWhrbGhyZ3JsbSB4cmtzdmloLiBSbSB6IGdpem1oa2xocmdybG0geHJrc3ZpLCBnc3YgZm1yZ2ggbHUgZ3N2IGtvenJtZ3ZjZyB6aXYgaXZ6aWl6bXR2dyBybSB6IHdydXV2aXZtZyB6bXcgZmhmem9vYiBqZnJndiB4bG5rb3ZjIGxpd3ZpLCB5ZmcgZ3N2IGZtcmdoIGdzdm5odm9ldmggeml2IG92dWcgZm14c3ptdHZ3LiBZYiB4bG1naXpoZywgcm0geiBoZnloZ3JnZmdybG0geHJrc3ZpLCBnc3YgZm1yZ2ggbHUgZ3N2IGtvenJtZ3ZjZyB6aXYgaXZnenJtdncgcm0gZ3N2IGh6bnYgaHZqZnZteHYgcm0gZ3N2IHhya3N2aWd2Y2csIHlmZyBnc3YgZm1yZ2ggZ3N2bmh2b2V2aCB6aXYgem9ndml2dy4NCkdzdml2IHppdiB6IG1mbnl2aSBsdSB3cnV1dml2bWcgZ2JrdmggbHUgaGZ5aGdyZ2ZncmxtIHhya3N2aS4gUnUgZ3N2IHhya3N2aSBsa3Zpemd2aCBsbSBocm10b3Ygb3ZnZ3ZpaCwgcmcgcmggZ3ZpbnZ3IHogaHJua292IGhmeWhncmdmZ3JsbSB4cmtzdmk7IHogeHJrc3ZpIGdzemcgbGt2aXpndmggbG0gb3ppdHZpIHRpbGZraCBsdSBvdmdndmloIHJoIGd2aW52dyBrbG9idGl6a3NyeC4gWiBubG1sem9rc3p5dmdyeCB4cmtzdmkgZmh2aCB1cmN2dyBoZnloZ3JnZmdybG0gbGV2aSBnc3Ygdm1ncml2IG52aGh6dHYsIGRzdml2emggeiBrbG9iem9rc3p5dmdyeCB4cmtzdmkgZmh2aCB6IG1mbnl2aSBsdSBoZnloZ3JnZmdybG1oIHpnIHdydXV2aXZtZyBrbGhyZ3JsbWggcm0gZ3N2IG52aGh6dHYsIGRzdml2IHogZm1yZyB1aWxuIGdzdiBrb3pybWd2Y2cgcmggbnpra3Z3IGdsIGxtdiBsdSBodmV2aXpvIGtsaGhyeXJvcmdydmggcm0gZ3N2IHhya3N2aWd2Y2cgem13IGVyeHYgZXZpaHouIFVvenQgcmggZnJnbi1oRnlIZ3JHZkdyTG1fckFfVWZNKi4
In the event, I just straight assume this string is Base 64 and decode according to that. For the purpose of proper documentation in this blog, I will again use Magic feature in CyberChef to validate whether or not this string is Base 64
As you can see, this is a Base 64 string. Since the output is too long, we will need to run the decoding process separately.
You will get this:
Rm xibkgltizksb, z hfyhgrgfgrlm xrksvi rh z nvgslw lu vmxibkgrmt yb dsrxs fmrgh lu kozrmgvcg ziv ivkozxvw drgs xrksvigvcg, zxxliwrmt gl z urcvw hbhgvn; gsv "fmrgh" nzb yv hrmtov ovggvih (gsv nlhg xlnnlm), kzrih lu ovggvih, girkovgh lu ovggvih, nrcgfivh lu gsv zylev, zmw hl uligs. Gsv ivxvrevi wvxrksvih gsv gvcg yb kviulinrmt gsv rmevihv hfyhgrgfgrlm.
Hfyhgrgfgrlm xrksvih xzm yv xlnkzivw drgs gizmhklhrgrlm xrksvih. Rm z gizmhklhrgrlm xrksvi, gsv fmrgh lu gsv kozrmgvcg ziv ivziizmtvw rm z wruuvivmg zmw fhfzoob jfrgv xlnkovc liwvi, yfg gsv fmrgh gsvnhvoevh ziv ovug fmxszmtvw. Yb xlmgizhg, rm z hfyhgrgfgrlm xrksvi, gsv fmrgh lu gsv kozrmgvcg ziv ivgzrmvw rm gsv hznv hvjfvmxv rm gsv xrksvigvcg, yfg gsv fmrgh gsvnhvoevh ziv zogvivw.
Gsviv ziv z mfnyvi lu wruuvivmg gbkvh lu hfyhgrgfgrlm xrksvi. Ru gsv xrksvi lkvizgvh lm hrmtov ovggvih, rg rh gvinvw z hrnkov hfyhgrgfgrlm xrksvi; z xrksvi gszg lkvizgvh lm ozitvi tilfkh lu ovggvih rh gvinvw klobtizksrx. Z nlmlzokszyvgrx xrksvi fhvh urcvw hfyhgrgfgrlm levi gsv vmgriv nvhhztv, dsvivzh z klobzokszyvgrx xrksvi fhvh z mfnyvi lu hfyhgrgfgrlmh zg wruuvivmg klhrgrlmh rm gsv nvhhztv, dsviv z fmrg uiln gsv kozrmgvcg rh nzkkvw gl lmv lu hvevizo klhhryrorgrvh rm gsv xrksvigvcg zmw erxv evihz. Uozt rh frgn-hFyHgrGfGrLm_rA_UfM*.
Let us try using ROT13, what do we get?
Well, you get damn gibberish text
What else can you use in this case?
So, at this point, I'm just brute force all options at Cryptii on this string to get the flag.
I stumble upon alphabet substitution option on Cryptii and get this (note: there are way to systematically to determine type of cipher used on that string but I forgot how):
In cryptography, a substitution cipher is a method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.
Substitution ciphers can be compared with transposition ciphers. In a transposition cipher, the units of the plaintext are rearranged in a different and usually quite complex order, but the units themselves are left unchanged. By contrast, in a substitution cipher, the units of the plaintext are retained in the same sequence in the ciphertext, but the units themselves are altered.
There are a number of different types of substitution cipher. If the cipher operates on single letters, it is termed a simple substitution cipher; a cipher that operates on larger groups of letters is termed polygraphic. A monoalphabetic cipher uses fixed substitution over the entire message, whereas a polyalphabetic cipher uses a number of substitutions at different positions in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice versa. Flag is uitm-sUbStiTuTiOn_iZ_FuN*
you can read the output
Hence the flag is uitm{sUbStiTuTiOn_iZ_FuN}
As you can see, there are only 2 questions here. These 2 questions are the only questions that my team can finish on this CTF. Well, for my skill set, this is pretty cool.
This is my official start for the world of CTF :)
Comments
Post a Comment