CTF writeup
Challenge 1:
-
Url is given
"http://10.90.137.137" Let's see what is there.
-
In Source we can find commented script tag.
-
Part of which is base64 of "password". So let's look at
/js/password.js file.
-
So we have a password but of what? After some time I got a directory listing in images. Observe the length of joker.jpg.
-
Lets download the file. And do an exif read.
-
This might be telling that the password we got earlier is the password to extract this file !!??!?!?!.. Let's try.
No luck there.. Plus the password does not look like a password. So I tried too many encodings but no luck. Then a hint was given that the "Timing " matters, and this looks like morse code because it has only two characters "+" and ">".
-
Decode it online by changing the timing config
"=" with "+" and "." with ">".
-
Got "busker" looks like a password. Let's try on joker.jpg
-
The data looks like rot13. Let's decode it online.
-
The last part of the data gives it all how to decode the flag. After decoding...
-
We got base64 if let's decode it too. And finally we have the
FLAG...
Challenge 2:
-
Let's do an dirsearch...
-
robots.txt gives us many files..
-
Open them one by one and we have some susceptible stuff in
"batman.php"
-
Put it all together and we have one big base64 string.
-
This might suggest th0r directory. "T" in the string is capital but I got a match with "t".
-
As we can see file.zip let's download...
-
Unzip...
-
The file "file" contains string at the end.
-
Ascii Hex decode it and get the Flag.
