Having fun with TryHackMe again. So, here is the write up and guideline to pass this Capture The Flag challenge. Basically this challenge by far the easiest and the fastest I solved in 15 minutes
Room: https://tryhackme.com/room/c4ptur3th3fl4g
Level: Easy
Task: 4 Stages. Decode Everything…..
Lets get started
Task 1: Translation & Shifting
Task 1.1 — Guess and Replace
Pretty straight forward cipher. You can guess and replace the letter
c4n y0u c4p7u23 7h3 f149?
=> Can You Capture ... ....
Task 1.2 — Binary
Using cyberchef, copy and paste to decode
01101100 01100101 01110100 01110011 00100000 01110100 01110010 01111001 00100000 01110011 01101111 01101101 01100101 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110101 01110100 00100001 => lets try XXXX binary XXXX
Task 1.3 — Base32
Using cyberchef, copy and paste to decode
MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM======
=> XXXXXX is XXXXX common in XXXXX
Task 1.4— Base64
Using cyberchef, copy and paste to decode
RWFjaCBCYXNlNjQgZGlnaXQgcmVwcmVzZW50cyBleGFjdGx5IDYgYml0cyBvZiBkYXRhLg==
=> Each XXXXXX digit represents exactly 6 XXXX of XXXX.
Task 1.5— Hex
Using cyberchef, copy and paste to decode
68 65 78 61 64 65 63 69 6d 61 6c 20 6f 72 20 62 61 73 65 31 36 3f
=> hexXXXXXXXXX or baseXX?
Task 1.6 — ROT13
Using cyberchef, copy and paste to decode
Ebgngr zr 13 cynprf!
=> XXXXXX me XX places!
Task 1.7— ROT47
Using cyberchef, copy and paste to decode
*@F DA:? >6 C:89E C@F?5 323J C:89E C@F?5 Wcf E:>6DX
=> You XXXX me XXXXX round XXXX right round XXX XXXXXX
Task 1.8 — Morse Code
Using online morse code decoder, https://morsedecoder.com/
- . .-.. . -.-. --- -- -- ..- -. .. -.-. .- - .. --- -.
. -. -.-. --- -.. .. -. --. => TELECOMMUNICATION XXXXXXX
Task 1.9— Ascii
Using cyberchef, copy and paste to decode
85 110 112 97 99 107 32 116 104 105 115 32 66 67 68
=> XXpack XXXX BCD
Task 1.10— Multiple decode
This is quite interesting, 5 encoder involved. Using cyberchef, you can stack the encoder
Base64 →Morse →Binary →ROT47 →Ascii
LS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0g..........................................
=> Let's XXXX this X XXX XXXXkier...
Task 2: Spectrograms
“A spectrogram is a visual representation of the spectrum of frequencies of a signal as it varies with time. When applied to an audio signal, spectrograms are sometimes called sonographs, voiceprints, or voicegrams. When the data is represented in a 3D plot they may be called waterfalls.”
All I need is download the task files and listen. The audio files is tampered but still clearly sound like morse code. Using online morse code decoder, upload the file and decode. https://morsecode.world/international/decoder/audio-decoder-adaptive.html
Easy peasy~~~
Task 3: Steganography
“Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video.”
All I need is download the task files and upload it to online stega decoder. I’m too lazy to open my terminal 😛
This form decodes the payload that was hidden in a JPEG image or a WAV or AU audio file using the encoder form. When…futureboy.us
The answer is SpaghettiXXXX
Task 4: Security through obscurity
“Security through obscurity is the reliance in security engineering on the secrecy of the design or implementation as the main method of providing security for a system or component of a system”
All I need is download the task files. First I upload it into stega decoder online, but failed. So I decide to open my terminal.. urghh!
# strings meme.jpg
...
....
...
J2!']
.8P/
'[SQP
S~j@6h
vA}=
*s&__
@9Xs
{@84
2$Es
i2Mc
IEND
"XXXXXXXXXXXXXXXXX"
XXXXXXXXXX.png
Tada! Two bird with one stone. LOLs….