PragyanCTF (H1tch)

Writeup by H1tch (www.h1tch.org)

Another nice CTF. This one was pretty laid back went for over a weeks time.  Seemed to have a lot of Stego and crypto challenges pretty low on an type of reverse or forensics. Everything seems to have gone smoothly I didn’t notice any issues. Some members of Overflow Security were in and out of the challenges. Here are the write ups for the ones that I completed.

STEGO

Put on your reading glasses (10 pts)

run strings on file. flag is on the bottom

strings Proxy.jpg
M}EU]sF
1Z5;”A
kjiFF
16bbee7466db38dad50701223d57ace8

What you see is what you get. (50 pts)

run strings the bottom shows us the program used and key to extract.

#strings stego_50.jpg

:W9K

QIK@

RP!h

usethisUT

steghide.sourceforge.net/download.phpPK

usethisUT

Delta_Force\m/

steghide –extract -sf stego_50.jpg

Enter passphrase:

wrote extracted data to “key_stego_1″.

root@kali:~/CTF/pragyan/stego/what-you-see-is-what-you-get# ls
key_stego_1 stegcrack.pl stego_50.jpg

root@kali:~/CTF/pragyan/stego/what-you-see-is-what-you-get# cat key_stego_1

Congrats! This was way too wasy 

This is the key:

PrAgyaNCTF_sTeg1_key

CRYPTO

One more headache (20 pts)
This is a PRGYAN event
text file called substitution given with the following text

dhkuagsn
assuming that PRGYAN is the key
used an online decoder

http://www.braingle.com/brainteasers/codes/keyword.php

entered key: prgyanpr cipher text: dhkuagsn

solution: ilovectf

FORENSICS
Access Code (30pts)
Find the access code
a PDF is shown

RIP JPEG from PDF ( can right click and save it)
this is the JPEG

Did a google image search via drag and drop image into search box and find the artist name is Sascha Herm

The PDF said KEYED painter so go to online keyword cipher decoder
http://www.braingle.com/brainteasers/codes/keyword.php

use KEY: saschahermsasch
with Cipher Text: heitsctrnpsmysk
and get the flag: deltactfpragyan

MISC
Totally abstruse (30 pts)
no point guessing
was given an image.

A goggle image  search on this images brought up the Piet programming language.

found an online interpreter at
http://www.bertnase.de/npiet/npiet-execute.php

execute the image/code.


Hi, 
Welcome to npiet online ! Info: upload status: Ok 
Info: found picture width=115 height=115 and codel size=5 
Uploaded picture (shown with a small border): world.png Info: executing: npiet -e 1000000 world.png Hello, world! Flag: Hello, world!

Leave a Reply

Your email address will not be published. Required fields are marked *

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.