A CTF built by me and a few others in August 2020
NB. The OSINT Twitter investigation element of the CTF is broken as the Twitter account used has been removed.
Install Node.JS or spin up a docker container to run the Node server. This functions as a starting point for the CTF, as well as a flag-checker. If hosting on a VM, the machine should be set to run the server at startup. Make sure to use npm install
to install the required dependancies.
Set up the SSH credentials as required (enigma:batman), and add the required files to the target machine (/etc/motd, and ~/.bash_history)
Add the steganography/zipped files in a sensible location (~/ reccomended)
- Run an Nmap scan on the host’s network
- Find an open http port and web services running on port 25341
- Open [victim machine IP]:25341 in a browser
- Get flag Flag{SSBhbSBub3QgYS4uLiBQRVJNSVNTSU9OIERFTklFRA==}
- Solve from base 64 to get - I am not a... PERMISSION DENIED
- Go to /robots.txt
- Get flag - Flag{R3JhbmRtYSdzIGJlZW4gYmFraW5n}
- Solve from base64 to get - Grandma’s been baking
- View cookies in the webpage (dev tools -> storage -> cookieflag)
- Decode ‘CookieFlag’ from Hex to text
- Get flag - flag{QHIxZGRsM19tM190aDFz}
- Solve from base64 to get - @r1ddl3_m3_th1s
- Go to the @ from last flag on twitter
- Avoid two false leads for decoding rot3 and hex
- Riddle on Twitter’s answer is ‘jellyfish’
- Go to /jellyfish on the webserver
- Get flag - Flag{U2VuZCBTb21lIEhlcm9lcw==}
- Solve from base 64 to get - Send Some Heroes
- Establish SSH connection with credentials enigma;batman
- enigma – for Edward Nigma/Nygma (name of The Riddler)
- batman – Riddler's enemy, and in rockyou.txt
- Message of the day on connection to SSH has another flag
- Get flag - Flag{VGhvc2Ugd2hvIGNhbm5vdCBsZWFybiBmcm9tIGhpc3RvcnkgYXJlIGRvb21lZCB0byByZXBlYXQgaXQ=}
- Solve from base 64 to get - Those who cannot learn from history are doomed to repeat it
- Access the bash history (.bash_history file or up arrow)
- Get flag - Flag{Q2hlY2sgb3V0IG15IG5ldyBjYW5lIQ==}
- Solve from base64 to get – Check out my new cane!
- Open image of cane (lean_on_me.jpg) in hex editor
- Correct magic bytes of .jpeg file (should be ÿØÿà)
- Open file as image
- Get flag - Flag{YSBmaWxlcyBiZWVuIGRlZmlsZWQgYW5kIGhhcyBhIHZlaWwgZG9udCB0YWtlIGEgd2hpbGUgb3IgeW91bGwgZmFpbA==}
- Solve from base 64 to get - a files been defiled and has a veil dont take a while or youll fail
- Rename pdf file (2020_expense_report.pdf) extension to jpg
- Open jpg in HxD and search for ‘flag’
- Get flag - Flag{SSBob3BlIHlvdSBhcmVu4oCZdCBnb2luZyB0byBkbyB0aGlzIGJ5IGhhbmQuLi4=}
- Solve from base64 to get - I hope you aren’t going to do this by hand...
- Unzip file 10,000 times, using a .py or .sh script is recommended
- Get flag - Flag{WW91IGNoZWF0ZWQgaG1waC4uLg==}
- Solve from base64 to get - You cheated hmph...