OWASP-LPU CTF February 2022
OWASP LPU Student Chapter came up with a Capture the Flag Challenge which varies in Different Categories like Web, Forensics, Crypto, Steganography, OSINT, and MISC.
Let me go through the walkthrough of my challenges from different categories. Starting with Cryptography.
Here comes with my first one Beep Beep Beep ……
Here I have given a wav file which you can pass it in the by listening to that you can get to know that is a morse code. By using this audio decoder you can decrypt it easily. you can upload and here’s what you will get
By keeping it in the Flag Format here is the flag OWASPLPU{1TSM0RS3C0D3DUD3}
Moving to the Next one I am you and you are me
From the Description its saying A is D and B is E which is a Kind of Substitution cipher but we don't see alphabets over here there are some numbers Its not binary and its getting incremented. We know the Flag format by trying that we could get that its Alphabetical Ranks Added Cipher using this online tool you can crack easily
You could see the meaningful text which can be wrapped in flag format got the flag wont worked so when we use the snake case it worked and the final flag is OWASPLPU{THIS_IS_JUST_A_SIMPLE_MAPPING}
We got a Flag image here which is
By the description we can get the point it’s saying about keypad phone and by that we could say it's keypad cipher using this online tool you could get the flag
here comes the flag keeping in the format it becomes OWASPLPU{be_strong_just_like_the_nokia} here case doesn't matter
The name and description sounds like related to the train and the cipher name is related to train is Rail-Fence-Cipher though the tool by code you can get the flag
Flag is OWASPLPU{YOUDIDHARDWORKDIDYOU}
And… the flag image is
through the description, we could get some information that related to ships and navy and here are the flags and the cipher is
Writing in the snake case and keeping in format makes OWASPLPU{WE_ARE_STUCK_IN_CYCLONE} the flag
U+4A U+42 U+4C U+45 U+32 U+56 U+4A U+57 U+47 U+56 U+46 U+45 U+57 U+53 U+4B U+5A U+4B U+5A U+43 U+45 U+4B U+56 U+43 U+44 U+47 U+4A U+45 U+44 U+4B U+53 U+53 U+58 U+4C U+46 U+4E U+45 U+47 U+4D U+53 U+49 U+47 U+56 U+46 U+46 U+4F U+57 U+4A U+55 U+47 U+49 U+33 U+55 U+53 U+57 U+4B U+53 U+49 U+35 U+49 U+56 U+45 U+4D U+32 U+47 U+4A U+41 U+32 U+55 U+34 U+55 U+32 U+4A U+4A U+55 U+5A U+45 U+49 U+53 U+4B U+4B U+4A U+42 U+4B U+46 U+53 U+56 U+4A U+53 U+4A U+35 U+44 U+55 U+45 U+56 U+53 U+48 U+49 U+34 U+5A U+44 U+45 U+55 U+53 U+48 U+49 U+5A U+44 U+55 U+4B U+54 U+32 U+4E U+4C U+49 U+32 U+55 U+53 U+53 U+53 U+54 U+4B U+59 U+33 U+46 U+41 U+55 U+53 U+44
This is the content the file has this is having multiple encryptions. First decoding from Unicode notation then base 32 and again base 32 at last Ascii 85 gives us the Output
Flag is OWASPLPU{Y0u_sur3_4r3_4w3s0m3_wi7h_411_7h3_ski115}
Moving to Forensics Categeory
Uploading the Image in aperisolve online tool or by using Zsteg or Exif you can get the flag or even in Strings
This is a Stego Challenge and Passkey for extracting file is OWASPLPU this can get from the Hints too using that and solving we will get the flag
Where is the Passkey Writeup Link: https://balalikhith.medium.com/owasp-lpu-ctf-where-is-the-passkey-20e0ed3f868a
What’s Hiding Writeup Link:
https://balalikhith.medium.com/owasp-lpu-ctf-whats-hidin-ff401d6a3380
Thanks For Reading,……..
Likhith Kanigolla
Security Researcher
#HappyHacking