Week_3
WARNING: Like all my CTF notes, this contains spoilers.
3x01 - 10pts
https://crypto.qutwhitehats.club/ch1
For simplicity sake, to be able to easily attempt this weeks challenges, please navigate to: https://www.katacoda.com/0xollie/scenarios/0x01 sign up/sign in and click onto the terminal.
INPUT: apt install httpie -y
wait approx 1 minute for it to install.
obtain ciphertext by running the following command: http get https://crypto.qutwhitehats.club/ch1
To input an answer run the following command: http post https://crypto.qutwhitehats.club/ch1 answer=“answerhere”
If you are correct, the flag will be returned. If not try again :)
http get https://crypto.qutwhitehats.club/ch1
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 111
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 08:54:02 GMT
ETag: W/"6f-vN90VZXmEhz9Tnfz4W9nDf0yeEc"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "guvegrra vf na hayhpxl ahzore",
"description": "Decrypt this rotten message",
"name": "Challenge 1"
}
- Hint referenced rotten, could mean ROT cipher
- ROT13 or Ceasar cipher key = 13
- Used
https://www.cryptool.org/en/cto-ciphers/caesar
, with parse key alphabet and key = 13 http post https://crypto.qutwhitehats.club/ch1 answer="thirteen is an unlucky number"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 104
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 08:56:02 GMT
ETag: W/"68-aAD0TzSj7bz0zRxeuld+so0y6CM"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{rott3n_unlucky}",
"message": "Congratulations!",
"plaintext": "thirteen is an unlucky number"
}
- Submitted:
flag{rott3n_unlucky}
3x02 - 10pts
https://crypto.qutwhitehats.club/ch2 Refer to challenge 1 for detailed instructions!
http get https://crypto.qutwhitehats.club/ch2
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 124
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 08:56:56 GMT
ETag: W/"7c-qtmBGyGbUPh4yl3oh0gieBJ7NyE"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "vxtltk vbiaxk ghm max ltetw wkxllbgz",
"description": "Another hidden message to decrypt",
"name": "Challenge 2"
}
- Ceasar cipher
- Used
https://www.cryptool.org/en/cto-ciphers/caesar
, with parse key alphabet and key = 19 http post https://crypto.qutwhitehats.club/ch2 answer="ceasar cipher not the salad dressing"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 116
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 08:58:51 GMT
ETag: W/"74-ITkUm0Iituouvb2rh4JLIx0x9qA"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{im_the_salad_master}",
"message": "Congratulations!",
"plaintext": "ceasar cipher not the salad dressing"
}
- Submitted:
flag{im_the_salad_master}
3x03 - 20pts
https://crypto.qutwhitehats.club/ch3 Refer to challenge 1 for detailed instructions!
NOTE 1: Do not add the comma in your answer NOTE 2: The first letter should be a J not I so the proper ciphertext should be read as: Jy ksxa m ksyeohg, xasyeohg yhxx wohmxh fhxbsh yh xhpwmj
http get https://crypto.qutwhitehats.club/ch3
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 193
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 08:59:26 GMT
ETag: W/"c1-ageiGI9gpTdQAF9c5Dxw8YiVDWw"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "Iy ksxa m ksyeohg, xasyeohg yhxx wohmxh fhxbsh yh xhpwmj.",
"description": "This wont be as easy as the others, things have been substituted around this time",
"name": "Challenge 3"
}
- Identified as Monoalphabetic substitution cipher
- Im just a jumbled, stumbled mess please rescue me senpai.
- Did not work, reached out to NinjaGoat to confirm my answer
- Came back 2hr later to the challenge and found it updated with NOTE 1 and NOTE 2
- im just a jumbled stumbled mess please rescue me senpai
- Still did not work
http post https://crypto.qutwhitehats.club/ch3 answer="Im just a jumbled stumbled mess please rescue me senpai"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 84
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 12:34:00 GMT
ETag: W/"54-wX274uRivfo0LoIEHOxHITQxNFs"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"message": "You are using the challenge correctly, but thats not the right answer."
}
- Wasted hours on the formatting until Lazarus97 helped me out with the hint to start with capital (I) and end with period (.)
http post https://crypto.qutwhitehats.club/ch3 answer="Im just a jumbled stumbled mess please rescue me senpai."
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 167
Content-Type: application/json; charset=utf-8
Date: Sat, 14 Mar 2020 00:20:30 GMT
ETag: W/"a7-MzB2ggOe+csp4chulOXRdDzIMKk"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{no_w33bs_please}",
"key": "MEBGHDICJKTOYPLWZFXASVURQN",
"message": "Congratulations!",
"plaintext": "Im just a jumbled stumbled mess please rescue me senpai."
}
- Submitted:
flag{no_w33bs_please}
3x04 - 20pts
https://crypto.qutwhitehats.club/ch4 Refer to challenge 1 for detailed instructions!
http get https://crypto.qutwhitehats.club/ch4
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 182
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 09:18:07 GMT
ETag: W/"b6-fc4dk9BqteknVc/tPuo4oQkT1II"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "t yeedv cre satpfntn eierdi aikfer e cf dctlootbdePcecea feoueoayfmsonsin o sr eu",
"description": "Lets step it up a notch now, were on rails now",
"name": "Challenge 4"
}
- Hint referes to rails, could be to the rail fence or zigzag cipher
- Used
https://www.boxentriq.com/code-breaking/rail-fence-cipher
and manually found rails = 5 and offset = 3 - Picket fences are a type of fence often used decoratively for domestic boundaries
http post https://crypto.qutwhitehats.club/ch4 answer="Picket fences are a type of fence often used decoratively for domestic boundaries"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 175
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 12:18:57 GMT
ETag: W/"af-WbPtrJSDE5AB3xwQTXWgjZLwj7U"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{not_those_kind_of_rails}",
"key": "5",
"message": "Congratulations!",
"plaintext": "Picket fences are a type of fence often used decoratively for domestic boundaries"
}
- Submitted:
flag{not_those_kind_of_rails}
3x05 - 20pts
https://crypto.qutwhitehats.club/ch5 Refer to challenge 1 for detailed instructions!
http get https://crypto.qutwhitehats.club/ch5
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 141
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 09:18:33 GMT
ETag: W/"8d-3xloBBvbdwIyT191lOH6Kpx+5q8"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "w tesitel ksrInh lj timum kiateatla k tal ",
"description": "You get the idea, decrypt this transposition",
"name": "Challenge 5"
}
- Hint reference to
idea
could be to the International Data Encryption Algorithm (IDEA) - Tried the https://www.boxentriq.com/code-breaking/columnar-transposition-cipher
- Found reasonable success with autosolve using min key len = 1, max key len = 9, key = efbhcagdi
- Possible solution “just wan milk thtt taste aike reallmilki”
- Suspected it may be popular Paul’s Milk advert “I just want milk to taste like real milk”
- Tried submiting it but did not have any luck
- Manually unjumbled the text
http post https://crypto.qutwhitehats.club/ch5 answer="I just want milk that taste like real milk"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 139
Content-Type: application/json; charset=utf-8
Date: Wed, 18 Mar 2020 12:37:33 GMT
ETag: W/"8b-kR5wT1iWPWViQPz1uD0GwzxmtZU"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{he_needs_some_milk}",
"key": "FULLCREAM",
"message": "Congratulations!",
"plaintext": "I just want milk that taste like real milk"
}
- Submitted:
flag{he_needs_some_milk}
3x06 - 30pts
NOTE: please put spaces between words discovered when decrypted
https://crypto.qutwhitehats.club/ch6 Refer to challenge 1 for detailed instructions!
http get https://crypto.qutwhitehats.club/ch6
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 325
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 09:21:00 GMT
ETag: W/"145-+jIDNNCg8+5u15Fg/MOjcqZ6uBI"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": ".... . .-.. .--. -- . .--. .-.. . .- ... . --.. .- -.-. .... .- ... - .-. .- .--. .--. . -.. -- . .. -. .... .. ... ..- -. -.. . .-. --. .-. --- ..- -. -.. -... .- ... . -- . -. -",
"description": "letters might be too easy for you, lets remove them",
"name": "Challenge 6"
}
- Used
http://www.unit-conversion.info/texttools/morse-code/
to convert from morse code to text - help????me????please????zac????has????trapped????me????in????his????underground????basement
- Within vim command mode used
:s/????/\ /g
to replace the questions marks with a space - help me please zac has trapped me in his underground basement
http post https://crypto.qutwhitehats.club/ch6 answer="help me please zac has trapped me in his underground basement"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 137
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 09:25:15 GMT
ETag: W/"89-tJJJ+BWcGtkCwBVGbF08OJ0qWJ0"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{MOAR_morse_code}",
"message": "Congratulations!",
"plaintext": "help me please zac has trapped me in his underground basement"
}
- Submitted:
flag{MOAR_morse_code}
3x07 - 60pts
https://crypto.qutwhitehats.club/ch7 Refer to challenge 1 for detailed instructions!
http get https://crypto.qutwhitehats.club/ch7
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 121
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 09:25:55 GMT
ETag: W/"79-tBLCqrQc54RCJeQvQs+a2fpokbo"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "",
"description": "If we have a public RSA key of (e=3,n=55), encrypt the message n=6",
"name": "Challenge 7"
}
- Used Python interactively to resolve RSA
python
Python 3.8.2 (tags/v3.8.2:7b3ab59, Feb 25 2020, 23:03:10) [MSC v.1916 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> m=6
>>> e=3
>>> n=55
>>> print(pow(m,e,n))
51
>>>
- Submitted the ciphertext as answer
http post https://crypto.qutwhitehats.club/ch7 answer="51"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 79
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 10:44:01 GMT
ETag: W/"4f-AS6Ip42iSxPJ8sQQOXugT3TjMoE"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{mod_maths_is_fun}",
"message": "Congratulations!",
"plaintext": "51"
}
- Submitted:
flag{mod_maths_is_fun}
3x08 - 50pts
https://crypto.qutwhitehats.club/ch8 Refer to challenge 1 for detailed instructions!
http get https://crypto.qutwhitehats.club/ch8
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 153
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 09:26:46 GMT
ETag: W/"99-EfX0j7q1qxe1HUgjqWUQqVmhejc"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "cec6914c7d961496bb373513195bd255",
"description": "Ive done something very special to my password, youll never get it",
"name": "Challenge 8"
}
- Looked like MD5 searched using crackstation.net, but came up negative
- Used
https://md5.gromweb.com/?md5=cec6914c7d961496bb373513195bd255
- Found MyVerySecurePassword1337
http post https://crypto.qutwhitehats.club/ch8 answer="MyVerySecurePassword1337"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 120
Content-Type: application/json; charset=utf-8
Date: Sat, 14 Mar 2020 00:53:09 GMT
ETag: W/"78-310bPlY3A4RYFUoM+98c5oHCOkw"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{#hash_tag}",
"message": "Congratulations!",
"note": "reverse md5 hash",
"plaintext": "MyVerySecurePassword1337"
}
- Submitted:
flag{#hash_tag}
3x09 - 40pts
https://crypto.qutwhitehats.club/ch9 Refer to challenge 1 for detailed instructions!
http get https://crypto.qutwhitehats.club/ch9
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 101
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 09:27:52 GMT
ETag: W/"65-c8IxnVKPFywugP0qOgKIrEFSC5Q"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"ciphertext": "R olev nv hlnv ilfmw qfrxb hlug dzin kvzxsvh",
"description": "@#",
"name": "Challenge 9"
}
- Hint refers to atbash encoding
- Used
http://rumkin.com/tools/cipher/atbash.php
- I love me some round juicy soft warm peaches
http post https://crypto.qutwhitehats.club/ch9 answer="I love me some round juicy soft warm peaches"
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 147
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Mar 2020 10:34:51 GMT
ETag: W/"93-9Tch5Ps3EW01fXTAPF6BvtZI+Pg"
Server: nginx/1.14.0 (Ubuntu)
X-Powered-By: Express
{
"flag": "flag{its_better_with_two}",
"message": "Congratulations!",
"note": "atbash cipher",
"plaintext": "I love me some round juicy soft warm peaches"
}
- Submitted:
flag{its_better_with_two}
A_Catchy_Tune - 75pts
This song will get stuck in your head! flag syntax: flag{insert_flag_here}
- Downloaded mp4 audio file
- Downloaded and installed Audacity
- Used, Effect -> Low pass filter -> 200 Hz, 12 dB
- Exported as wave file, File -> Export
- Attempted to use the https://morsecode.world/international/decoder/audio-decoder-expert.html
- Got
SPEANDWHITE5R ES E SPINTM
- Repeated, Effect -> Low pass filter -> 700 Hz, 6 dB
- Exported as wave file and then repeated use of online decoder
- Got
SPINMEAROUNDWHITE5ATS E E SPINMEAROUNDITEHATS SPINMEAROUNDWHITIHATS
- Attempted the following submissions
- flag{SPIN ME AROUND WHITEHATS}
- flag{SPIN ME AROUND WHITEHATS SPIN ME AROUND WHITEHATS}
- Finally got it
- Submitted:
flag{SPINMEAROUNDWHITEHATS}