Y2k CTF 1.0 Walk-through| Part-2

hey guys, hope you all are good.
here is the part 2 of Y2k CTF 1.0 walk-through Crypto and Misc. To read the first part click.
So in this Part, we gonna cover Cryptography and Miscellaneous challenges.

Let’s start with Crypto first

1. Crypto

i). Mad or What?

We just gave a hypothetical scenario of a random guy just as to make the challenge fun.There were 2 files one is a zip file and the second one is a text file.

So after downloading the files, the text file contains some gibberish value that looks like a hash, second file which was a zip file contains another password protected text file.

So take that hash use any hash detection method to find the type of hash. It was MD5( https://www.tunnelsup.com/hash-analyzer/ ).

Break it and you will get “ils”. use this password to extract the file from the zip.

You will get a string of data that makes no sense, nothing sort of encryption.
Think hard!! or should I say think smart?
Yup, read the description again, it says “his methods spins my mind”. Here spins make a reference to rotation cipher.

so let’s try the standard rotation algorithm i.e ROT 13. ROT13 the string gives
Many participants tried to submit the string as it is but we tweaked it a bit.

You just need to put “_” between every word as it was standard flag format.

flag: F_IBM{i_Am_iRritatinG}

ii). Freaky friend

It is the hardest challenge nobody was able to crack it. The challenge had a description and a zip file to download.
After extracting the zip you got 2 files one was having a hash and the second file was just a .dat file having no other information and not even password protected.

Again repeat the same process and detect the hash. Again it was MD5 but many online MD5 crackers failed.

So you cracked the hash, so what next. what you will with that cracked hashed.

You can’t use that as flag because it is not flag.

No password on another file so what is the use of that cracked hash and what do to with .dat file.
So a quick google search will tell you that .dat files are generic files that they store data to the specific application. So let’s try to understand how to get the solution. First thing first we are dealing with some sort of cryptography so some sort of encryption.
The description says that the “He sent you some files” that means the whole encryption is done on the file.

Let’s try to use the first encryption for a file we use the first one which was ECB cipher.

there you go!!

flag: F_IBM{w0rld_15_n07_r34l}


i). Thunder

So you got a brief description and a link. On the landing page, you got an image and “a line form Thor movie”.

Download image and working to get info from the image is not possible, so let’s try to do the basics all over again.

Check the source code.

There is something weird, dashes and dots.

It is weird to have these symbols without any purpose.
These dashes and dots are nothing but Morse code.

So head towards the online conversion of Morse code to text. convert the Morse code to text and you got a string. Put it in the standard format and you will get your flag.

Bit easy!! right.

flag: F_IBM{GITHUBy2k1337}

ii) jss fckkkk offff

Bit weird name, OK so this challenge has just normal description and a link. After getting to the page you see some data and a picture.
So let’s start with the basics source code inspection nothing there, we have an image let’s download it and analyze it.

Let’s try to find if any file is embedded into the image, for that we use “binwalk” but nothing was there. So there must be other things,
using “head -n 15 filename” command and getting the header of the image we got to know something is hidden there so use steghide command
but steghide require a password and we didn’t have any password so we gave it blank, it raised an error and we got nothing.

Next thing was to find the password. Let’s analyze the code of image using “tail -n 5 filename” command. Ok, we got something in base64.
we copied everything and decrypted it. The next result was something, we can’t understand . Just some symbols which are repeating themselves.

Here comes the weird thing to help, jss fckkkk offff, the string was encoded in js fuck which converts everything to symbols.

Now copy that code, right click on the browser page, paste the code in the console and hit enter.

As you hit enter you got an alert, having a string.

Now, this string is different. focus on the string. Actually, the string is hex encoded but we just put X in both sides of the string as to make it confusing.

So removing the X and decrypt the hex encoded string you will get a password.
now use that password in the steghide extract, you will get a text file. there you go, that is your flag.

flag: F_IBM{1_h4t3_JS}

This was about the crypto and misc part, feel free to ask your queries. Suggestions are welcome.