[UofTCTF'24] Out of the Bucket
UofTCTF'24: Out of the Bucket This was a pretty easy and interesting misc challenge that utilises Google’s Cloud Storage. We are given a url to a bucket, and we have to find the flag within the bucket.
The Challenge Out of the Bucket 100 Check out my flag website! Author: windex https://storage.googleapis.com/out-of-the-bucket/src/index.html The Analysis Opening the link, we are greeted with a website that looks like this: Usually, when I get a website to look at, I would check the source code. However, this time, there was nothing in the source code.
[SpookyCTF'23] Treat interns nicely!
SpookyCTF'23: Treat interns nicely! Look, I know that they sometimes work for free. But you really gotta treat the interns nicely. They could run this whole thing, you know! Even if they're not actually human. Explanation This was a really fun(ny) misc challenge. In SpookyCTF, the ‘interns’ were the bots in the Discord channel. There are two main commands, /compliment and /complain.
Using /compliment to “treat” the interns nicely, we would get random sarcastic replies like:
[SpookyCTF'23] Don't stick me there!
SpookyCTF'23: Don’t stick me there! I woke up after a night out and I'm hurting uh... everywhere... I think I left my phone at one of the bars we were at last night. Thankfully, I was able to see the last photo I took through the cloud. Can you help me find my phone? I need to know the name of the bar and when the photo was taken. flagformat: NICC{Bar_Name-HH:MM:SS} This was a simple forensics challenge. We are given a photo and we have to find out the name of the bar and the time the photo was taken.
[SpookyCTF'23] If the Key Fits...
SpookyCTF'23: If the Key Fits… I am trying to escape this 64-story horror house and the only way to escape is by finding the flag in this text file! Can you help me crack into the file and get the flag? The only hint I get is this random phrase: MWwwdjM1eW1tM3RyMWNrM3Q1ISEh This was a simple AES decrypting challenge. We are given a flag.txt.aes file along with the random phrase.
The analysis As per the file extension, the flag.txt.aes file is encrypted using AES. Tools like AESCrypt, OpenSSL, etc. can be used to decrypt the file. However, we need the key to decrypt the file.
[SpookyCTF'23] Shapeshifter
SpookyCTF'23: Shapeshifter There's this figure in front of me, but I can't even figure out what it is! What is that thing?? Challenge File
This was an interesting misc challenge, mixed with a little bit of steganography in it.
The image The image was a corrupted png file. I tried to fix the header but it didn’t work :O
I went on to check the strings of the file: