Blogs and Writeups
Subscribe
CTF Writeups

RESTCON 2020 CTF

RESTCON 2020 CTF

Basic Challenges:

Simple and easy, Cat the file use grep to find the flag

We have random characters in file, as challenges mentions its weirdo.

But it a malbolge programming language, by using online complier you can get the flag.

Malbolge - interpreter online
Malbolge ryje beret i raczej nikt bez odrobiny szaleństwa nie będzie się brał za pisanie w tym cudzie. Gdyby jednak to…
malbolge.doleczek.pl

Just Reverse “}GALF_NOCTSER{NOCTSER” and flag is RESTCON{RESTCON_FLAG}

Simple and easy base64 decode.

Simple Base85 ";FOM`6VgI(;FOM`6VgHa5u(3T84?E`6:”OA6XN;V5t?>" will give you the flag “RESTCON{RESTCON_ANOTHER_BASIC_FLAG}

Nice challenge, the dot near tam has hyperlink with file in it. Once you download you have to write script to get each line captial letter and convert to string you will get “YOUGOTTHEFLAGFROMBUMTAMTAM” and convert to 1337 lang and submit as flag

Flag was in given as image src. Too easy one.

OSINT

On reverse image search, you will get which Hotel is Venetian macau. Get the CEO name from google again and paste in flag format. RESTCON{Sheldon Adelson}

Crypto

We were given with argon2id encoded $argon2id$v=19$m=64,t=16,p=8$Q3liZXJLbmlnaHQwMA$3ZodOqWeWZ0a41c3HQrLY4nawron7LNWajWIyztZkds

Found a cool tool for bruteforcing this : https://github.com/CyberKnight00/Argon2_Cracker

RESTCON{godlovesme}

We were given with two files of encoded string and key.

As soon as this key file is seen, i taught this look similar to binary code and Converted . — — to 0 and — — to 1. and then inverted the bits

Converting binary to ascii we get hex value, then converting hex to ascii we get decimal which was a sms code language

Decoding the Sms codes we get the key for decryption.

But encoded string is in base32 decode it we will get brainfu*k language. decrypt it and get the clear text

as challenge its vigenere Cipher, decrypt with key.

RESTCON{G00D_G01NG}

After thinking for hours, found that these symbols links to number row in our keyboard and figure out into hexstring and convert to ascii, you will get flag.

52455354434f4e117b115930555f4431445f544831537d

RESTCON{Y0U_D1D_TH1S}

Forensic

File contains a QR code with text as RESTCON{29a9df89e2858e5a25c83b6a00352d19} but flag is in plaintext decrypt the md5 and replace it and submit the flag RESTCON{mirr0r}

The challenge had description as “we recently came to know that a malware has spread across our network ever since Binod helped one of our Desk support team by giving an employee some malicious file.Your task is to check out this program and find out the flag , remember don’t believe what you see.”. The pcap was damaged but it was working, found a request to binod.exe and then Followed TCP it was PDF file, it had a hex code then decrypt it and get the flag.

Download the gif image and check the metadata we have comment with base32 string. decode and get the flag.

RESTCON{SMIL3_L!K3_4_M0NK3Y}

The file was mp3 with song and mixed morse code and website domain. Once you decode the morse code then you have bruteforce the path with python and get the correct path. Then you will get a image will be corrected with Header one you fix it, it contains mirrored text called flag.

import requests
def permute(inp): 
    n = len(inp) 
   
    # Number of permutations is 2^n 
    mx = 1 << n 
   
    # Converting string to lower case 
    inp = inp.lower() 
      
    # Using all subsequences and permuting them 
    for i in range(mx): 
        # If j-th bit is set, we convert it to upper case 
        combination = [k for k in inp] 
        for j in range(n): 
            if (((i >> j) & 1) == 1): 
                combination[j] = inp[j].upper() 
   
        temp = "" 
        # Printing current combination 
        for i in combination: 
            temp += i 
        print("TRYING : ",temp)
        if requests.get("https://pastebin.com/"+temp).status_code == 200:
         print(temp)
         break
permute("ZAWEW7Y7")

Simple and easy one : just download the image use zsteg, common tool for png steghide and get the flag

Reverse

Easy reversing having the cleartext flag in strings of the file

WEB

This was the landing page of the challenge, As usual it had robots.txt but this time it had 10 md5 files hashes I taught it was merkle tree challenge and tried with script which did not work. Then tried each and every directory in robots.txt of disallow, then this worked “/9ae0ea9e3c9c6e1b9b6252c8395efdc1/”, scroll down to bottom there is the flag.

the landing page did not have other than his portfolio of the author linked and checking out his repo’s we get the source and while checking his commit message. we can see copyright has been added and removed that’s where flag is hidden.

They gave us entire source code with all files and tried to trick us by keeping admin privilege which did not even work there. When you open index.html inside template/core you will get the flag there.

RESTCON{intr0_t0_djang0}

Miscellaneous

We were given with 5000 QR code filed zipped together under one and out of which 4999 where fakeflag and only 1 has the correct flag.

LAMOOOO

This is kind of OSINT challenge but with some encryption tricking. On searching we found at babyhacker refers to smilehacker and he have base64 encrypted text in his source code of portfolio.

On Decrypting it you will get brainfuck and then base32 followed by base64 again then brainfuck then at last you will get QDRSBNM{j33O^^G4bj!mF_jDDDDDo_rlHKdddmF} on decryption with ROT1 you will get the flag.

Debugging

You have alphabet.pyc and main.py, just decompyle the alphabet.pyc with uncompyle6 and run main.py you will get the flag RESTCON{TURTLE_IS_COOL}

Read next