[CDDC'23] Owner of the dog chew
CDDC'23: Owner of the dog chew This was a pretty interesting steganography challenge which required the analysis of strings and using binwalk.
The Challenge Found a piece of bone on the ground. Let's find the owner. The file given was the following image:
Looking into the image properties:
It was 655kB, which seemed a little too large for a file as small as this.
Solution The first thing I did was to look at the strings.
[CDDC'23] Audio Steganography
CDDC'23: Audio Steganography This was a slightly more complex(more than usual for me) audio steganography challenge which required the use of least significant bits.
The Challenge Found a suspicious audio file. Seems like... something is hidden inside... Identify the character strings. Along with this was a file, problem.wav.
Analysis Usually, when tackling audio steganography challenges, I would use Audacity to view the spectrogram of the audio file. However, when taking a look at this (literally a) problem.
[CDDC'23] The Key
CDDC'23: The Key This was a JS reverse engineering challenge which required some sort of brute forcing/iterating.
The Challenge Discovered the files and character strings that Skynetwork was using! Find out what lies in it... The challenge included 3 files: encode.js, img.png, and index.html. Opening up index.html gave us this:
So we have an encoded flag
Encoded flag is 017d212b5b720b561301726e3a04060c5e3a0c5826660c5f3636780e5b14 and the source code:
/** * Convert charCode array to hex string * @param {array} target - A target text(charCode array) * @returns {string} - A hex string */ function CharCodeArrToHexString(target) { let result = ""; target.
[CDDC'23] Gallery
CDDC'23: Gallery This was a pretty simple web challenge which
The Challenge Humans are dumb and horrible, but cats are terribly CUTE!! - said an AI. Access Info: http://cddc2023-gallery.s3-website-ap-southeast-1.amazonaws.com/ Upon accessing the website, we are greeted by this landing page:
Clicking on the Go to next page button brings us to this page:
This is pretty odd, since it should be going to second.html before third.html, but there is a redirect straight to third.
[CTF.SG'22] Don't Touch My Flag
Don’t Touch my Flag (CTF.SG 2022) Understanding how the website works Get Function Firstly, from the index function, we see that it calls /get. Looking at the get function, we see that it sends a request to the url, with the secret as a cookie. Keep this in mind as we’ll need to make use of the secret to get the flag. Lastly, it censors the response by converting everything into *.