https://ctf.cyberhavoc.in/

FLAG FORMAT: CHCTF{}

Reverse Engineering

Start The Dos

DESCRIPTION : Leon wants you to be a part of Agents of Havoc. He wants you to understand this software as old as hacking itself so as to fire a DoS Attack against whiterose’s targets. Help him before he suspects your intentions.

file: dosser.s

if look in this assembly code we can see that it is checking characters one by on like this:

mov al, [esi]
    cmp al, 0o114
    jne cmp_fail
    inc esi

we can get flag by converting all this values we get from assembly cmp

python code to do that:

print("CHCTF{", end='')
for i in [0o114, 0o63, 0o63, 0o124, 0o137, 0o103, 0o122, 0o64, 0o103, 0o113, 0o63, 0o122, 0o137, 0o65, 0o124, 0o122, 0o61, 0o113, 0o63, 0o123, 0o137, 0o64, 0o107, 0o64, 0o61, 0o116]:
    print(chr(i), end='')
print("}")
flag:  CHCTF{L33T_CR4CK3R_5TR1K3S_4G41N}

Crypto

The Beginning Of All

DESCRIPTION:

I was working on my laptop when my laptop suddenly glitched. I discussed it with my friends and to our surprise we all had the same color glitch. I guess it has to do something with the odd behavior of the people around me.

Remember the flag format!

file: glitches.mp4

When i first open this file it is just some random frames of color of 3x2 matrix. so i just googled “color code cipher ctf” and got this link:

https://www.dcode.fr/hexahue-cipher

After decoding we get this: CHCTF5URR3ND3R 0R 5UFF3R

flag: CHCTF{5URR3ND3R_0R_5UFF3R}

Leaked Convo

given text:

duv#r!|"rG Xrr} (|$! %|vpr y|&; Znxr "$!r {| |{r urn!" $";
a(!ryyG N!r (|$ q|{r &v#u (|$! "r#$}L
Yr|{G R%r!(#uv{t v" "r#; aur }n(y|nq" n!r "r#; aur #n!tr#" n!r sv'rq; V#’" w$"# n zn##r! |s #vzr {|&.
duv#r!|"rG aur p|{pr}# |s &nv#v{t or&vyqr!" zr; ]b]T`*>DBlD>g@lD=lBDArDlDb@lWAr,; dr {rrq #| xrr} !|#n#v{t |$! p|{%r!"n#v|{ "| #un# {|#uv{t tr#" yrnxrq;
a(!ryyG [|#rq.

It is rot 47 with n=81. and flag is in rot13.

flag: CHCTF{175_71M3_70_574r7_7H3_W4r}

Top Password

DESCRIPTION: Out of nowhere, Leon signaled something to Cisco. Kind of some secret language. Since Leon is out of his place, why not a peek-a-boo into his room? I climbed to the 2nd floor to his room where I found his Tablet charging and a note pinned on the board. Maybe that’s the password for the tablet. I NEED THAT!

file: image.png

cipher text: WXERGT_CSZWQWREGIYQZ

given image is French Sign Language which decode to : JUMPINGEVENSTEPSONLY

It is hill cipher. the matrix number values are (2, 4, 6, 8) from the JUMPINGEVENSTEPSONLY and alphabet 27 character.

decoded text: DESTRUCTION_AT_PEAK_

flag: CHCTF{DESTRUCTION_AT_PEAK}

Digital Forensics

The Cryptic Sound

file: Right or Wrong.wav

it is morse code in audio

tool used: https://morsecode.world/international/decoder/audio-decoder-adaptive.html

flag: CHCTF{BONSOIRELLIOT}

Dump Digging

file: Is it True.pcapng

there is one png file zero or one.png to extract it open Wireshark

File > Export Objects > HTTP and select file and save.

inside this jpg image there is hexdump data

image

copy that and convert to raw data and save and change the header to 89 50 4E 47 0D 0A 1A 0A and save as .png there is flag in this image.

flag: CHCTF{Th3_most_pow3rful_motivator_in_th3_world_is_r3v3ng3}

Web

Tyrell’s Password Maze

in HTML source code we can see this js:

var _0xcb06=["\x76\x61\x6C\x75\x65","\x75\x73\x65\x72\x6E\x61\x6D\x65","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x70\x61\x73\x73\x77\x6F\x72\x64","\x43\x79\x62\x65\x72\x48\x61\x76\x6F\x63","\x43\x79\x62\x65\x72\x48\x61\x76\x6F\x63\x23\x31\x32\x33\x34\x35","\x4C\x6F\x67\x69\x6E\x20\x73\x75\x63\x63\x65\x73\x73\x66\x75\x6C\x21","\x51\x30\x68\x44\x56\x45\x5A\x37\x51\x6A\x42\x75\x4E\x54\x42\x70\x63\x6C\x38\x7A\x4D\x54\x45\x77\x4E\x31\x38\x33\x61\x47\x6B\x31\x58\x32\x6B\x31\x58\x32\x31\x35\x58\x32\x74\x70\x62\x6D\x64\x6B\x62\x32\x31\x66\x4E\x47\x35\x6B\x58\x33\x6B\x77\x64\x58\x49\x7A\x58\x32\x70\x31\x4E\x54\x64\x66\x4E\x46\x39\x32\x61\x54\x56\x70\x4E\x7A\x42\x79\x66\x51\x6F\x3D","\x6C\x6F\x67","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x72\x65\x73\x75\x6C\x74","\x57\x65\x6C\x6C\x20\x64\x6F\x6E\x65\x2C\x20\x45\x6C\x6C\x69\x6F\x74\x2E\x20\x59\x6F\x75\x20\x68\x61\x76\x65\x20\x70\x72\x6F\x76\x65\x6E\x20\x79\x6F\x75\x72\x73\x65\x6C\x66\x20\x74\x6F\x20\x62\x65\x20\x61\x20\x73\x6B\x69\x6C\x6C\x65\x64\x20\x68\x61\x63\x6B\x65\x72\x2E\x20\x42\x75\x74\x20\x74\x68\x65\x20\x72\x65\x61\x6C\x20\x63\x68\x61\x6C\x6C\x65\x6E\x67\x65\x20\x69\x73\x20\x79\x65\x74\x20\x74\x6F\x20\x63\x6F\x6D\x65\x2E\x20\x41\x72\x65\x20\x79\x6F\x75\x20\x72\x65\x61\x64\x79\x20\x74\x6F\x20\x75\x6E\x72\x61\x76\x65\x6C\x20\x74\x68\x65\x20\x73\x65\x63\x72\x65\x74\x73\x20\x6F\x66\x20\x74\x68\x65\x20\x6D\x61\x7A\x65\x20\x61\x6E\x64\x20\x64\x69\x73\x63\x6F\x76\x65\x72\x20\x74\x68\x65\x20\x74\x72\x75\x74\x68\x20\x62\x65\x68\x69\x6E\x64\x20\x74\x68\x65\x20\x63\x68\x61\x6F\x73\x20\x69\x6E\x20\x74\x68\x65\x20\x63\x79\x62\x65\x72\x20\x77\x6F\x72\x6C\x64\x3F","\x49\x6E\x76\x61\x6C\x69\x64\x20\x75\x73\x65\x72\x6E\x61\x6D\x65\x20\x6F\x72\x20\x70\x61\x73\x73\x77\x6F\x72\x64\x2E"];function login(){const _0x4367x2=document[_0xcb06[2]](_0xcb06[1])[_0xcb06[0]];const _0x4367x3=document[_0xcb06[2]](_0xcb06[3])[_0xcb06[0]];if(_0x4367x2=== _0xcb06[4]&& _0x4367x3=== _0xcb06[5]){alert(_0xcb06[6]);console[_0xcb06[8]](_0xcb06[7]);document[_0xcb06[2]](_0xcb06[10])[_0xcb06[9]]= _0xcb06[11]}else {alert(_0xcb06[12])}}

we can use devtools to deobfuscate this

we can see the username, password, and base64 string

image

Q0hDVEZ7QjBuNTBpcl8zMTEwN183aGk1X2k1X215X2tpbmdkb21fNG5kX3kwdXIzX2p1NTdfNF92aTVpNzByfQo=

flag: CHCTF{B0n50ir_31107_7hi5_i5_my_kingdom_4nd_y0ur3_ju57_4_vi5i70r}

Happy Hacking