OWASP-LPU CTF February 2022

Balalikhith
5 min readFeb 21, 2022

--

OWASP LPU Student Chapter came up with a Capture the Flag Challenge which varies in Different Categories like Web, Forensics, Crypto, Steganography, OSINT, and MISC.

Let me go through the walkthrough of my challenges from different categories. Starting with Cryptography.

Here comes with my first one Beep Beep Beep ……

Beep Beep Beep ……. Challenge

Here I have given a wav file which you can pass it in the by listening to that you can get to know that is a morse code. By using this audio decoder you can decrypt it easily. you can upload and here’s what you will get

By keeping it in the Flag Format here is the flag OWASPLPU{1TSM0RS3C0D3DUD3}

Moving to the Next one I am you and you are me

From the Description its saying A is D and B is E which is a Kind of Substitution cipher but we don't see alphabets over here there are some numbers Its not binary and its getting incremented. We know the Flag format by trying that we could get that its Alphabetical Ranks Added Cipher using this online tool you can crack easily

Decoder

You could see the meaningful text which can be wrapped in flag format got the flag wont worked so when we use the snake case it worked and the final flag is OWASPLPU{THIS_IS_JUST_A_SIMPLE_MAPPING}

We got a Flag image here which is

Repeated Numbers

By the description we can get the point it’s saying about keypad phone and by that we could say it's keypad cipher using this online tool you could get the flag

here comes the flag keeping in the format it becomes OWASPLPU{be_strong_just_like_the_nokia} here case doesn't matter

The name and description sounds like related to the train and the cipher name is related to train is Rail-Fence-Cipher though the tool by code you can get the flag

Flag is OWASPLPU{YOUDIDHARDWORKDIDYOU}

And… the flag image is

through the description, we could get some information that related to ships and navy and here are the flags and the cipher is

Writing in the snake case and keeping in format makes OWASPLPU{WE_ARE_STUCK_IN_CYCLONE} the flag

U+4A U+42 U+4C U+45 U+32 U+56 U+4A U+57 U+47 U+56 U+46 U+45 U+57 U+53 U+4B U+5A U+4B U+5A U+43 U+45 U+4B U+56 U+43 U+44 U+47 U+4A U+45 U+44 U+4B U+53 U+53 U+58 U+4C U+46 U+4E U+45 U+47 U+4D U+53 U+49 U+47 U+56 U+46 U+46 U+4F U+57 U+4A U+55 U+47 U+49 U+33 U+55 U+53 U+57 U+4B U+53 U+49 U+35 U+49 U+56 U+45 U+4D U+32 U+47 U+4A U+41 U+32 U+55 U+34 U+55 U+32 U+4A U+4A U+55 U+5A U+45 U+49 U+53 U+4B U+4B U+4A U+42 U+4B U+46 U+53 U+56 U+4A U+53 U+4A U+35 U+44 U+55 U+45 U+56 U+53 U+48 U+49 U+34 U+5A U+44 U+45 U+55 U+53 U+48 U+49 U+5A U+44 U+55 U+4B U+54 U+32 U+4E U+4C U+49 U+32 U+55 U+53 U+53 U+53 U+54 U+4B U+59 U+33 U+46 U+41 U+55 U+53 U+44

This is the content the file has this is having multiple encryptions. First decoding from Unicode notation then base 32 and again base 32 at last Ascii 85 gives us the Output

Flag is OWASPLPU{Y0u_sur3_4r3_4w3s0m3_wi7h_411_7h3_ski115}

Moving to Forensics Categeory

Uploading the Image in aperisolve online tool or by using Zsteg or Exif you can get the flag or even in Strings

Exif Tool
Through Zsteg
Through Strings

This is a Stego Challenge and Passkey for extracting file is OWASPLPU this can get from the Hints too using that and solving we will get the flag

Where is the Passkey Writeup Link: https://balalikhith.medium.com/owasp-lpu-ctf-where-is-the-passkey-20e0ed3f868a

What’s Hiding Writeup Link:

https://balalikhith.medium.com/owasp-lpu-ctf-whats-hidin-ff401d6a3380

Thanks For Reading,……..

Likhith Kanigolla

Security Researcher

#HappyHacking

--

--