Warmup

Encoding

Description

I have no idea what this message means, can you help me decipher it? 👨‍💻

Author: CryptoCat

enc.txt

Solution

Given encryption:

EUZEKJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERJFGJCSKMSEEUZEIJJSGASTERJFGJCSKMSFEUZEKJJSIUSTEMBFGJCSKMSFEUZEKJJSIUSTERJFGIYCKMSFEUZEKJJSIUSTERBFGJCCKMRQEUZEKJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERJFGJCSKMSFEUZEKJJSGASTERJFGJCSKMSFEUZEKJJSIUSTEMBFGJCSKMSFEUZEKJJSIUSTERJFGIYCKMSFEUZEKJJSIUSTERBFGJCCKMRQEUZEKJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERJFGJCSKMSFEUZEKJJSGASTERBFGJCSKMSFEUZEKJJSIUSTEMBFGJCSKMSFEUZEKJJSIUSTERBFGIYCKMSFEUZEKJJSIUSTERJFGJCSKMRQEUZEKJJSIUSTERJFGJCCKMSEEUZDAJJSIUSTERJFGJCSKMSFEUZEKJJSGASTERJFGJCSKMSFEUZEIJJSIQSTEMBFGJCSKMSFEUZEKJJSIUSTERJFGIYCKMSEEUZEKJJSIUSTERJFGJCSKMRQEUZEKJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERJFGJCCKMSEEUZEIJJSGASTERJFGJCSKMSFEUZEKJJSIQSTEMBFGJCSKMSEEUZDAJJSIQSTERJFGJCSKMSFEUZEKJJSGASTERJFGJCSKMSFEUZEKJJSIUSTEMBFGJCCKMSEEUZEKJJSIUSTERJFGIYCKMSFEUZEIJJSGASTERBFGJCSKMSFEUZEKJJSIUSTEMBFGJCSKMSFEUZEKJJSIUSTERBFGIYCKMSEEUZEKJJSIUSTERJFGJCSKMRQEUZEKJJSIUSTERBFGJCSKMRQEUZEKJJSIUSTERJFGJCSKMSEEUZDAJJSIUSTEMBFGJCSKMSFEUZEKJJSIUSTERBFGIYCKMSFEUZEKJJSIUSTERJFGJCCKMRQEUZEIJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERJFGJCSKMSFEUZEIJJSGASTERBFGJCSKMSFEUZEKJJSIUSTEMBFGJCCKMSFEUZEKJJSIUSTERJFGIYCKMSEEUZEKJJSIUSTERJFGJCSKMRQEUZEKJJSIUSTERJFGJCSKMSEEUZDAJJSIQSTERBFGJCSKMSFEUZEKJJSGASTERJFGJCCKMRQEUZEKJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERBFGJCCKMSEEUZEIJJSGASTERJFGJCSKMSFEUZEIJJSIQSTEMBFGJCSKMSEEUZEIJJSIQSTERBFGIYCKMSFEUZEKJJSIUSTERJFGJCSKMRQEUZEIJJSIQSTERBFGJCSKMSFEUZDAJJSIQSTERBFGJCSKMSFEUZEKJJSGASTERJFGJCCKMRQEUZEKJJSIUSTERJFGJCSKMSEEUZDAJJSIQSTERJFGJCSKMRQEUZEKJJSIUSTERJFGJCCKMSEEUZDAJJSIQSTERBFGJCCKMSEEUZEIJJSGASTERJFGJCSKMSFEUZEKJJSIQSTEMBFGJCSKMRQEUZEKJJSIUSTERJFGJCSKMSFEUZDAJJSIQSTERBFGJCCKMSFEUZEKJJSGASTERBFGJCSKMSFEUZEKJJSIUSTEMBFGJCCKMSFEUZEIJJSIUSTEMBFGJCCKMSFEUZEKJJSIUSTERJFGIYCKMSEEUZEKJJSIUSTERJFGJCSKMRQEUZEIJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERJFGJCSKMSEEUZEIJJSGASTERBFGJCSKMSFEUZEKJJSIUSTEMBFGJCSKMSEEUZDAJJSIUSTERJFGJCSKMSFEUZEIJJSGASTERJFGJCSKMSFEUZEKJJSIUSTEMBFGJCSKMSFEUZEKJJSIQSTERBFGIYCKMSFEUZEKJJSIQSTERBFGJCCKMRQEUZEIJJSIUSTERJFGJCSKMSFEUZDAJJSIUSTERBFGJCCKMSEEUZEIJJSGASTERJFGJCSKMSFEUZEKJJSIQSTEMBFGJCSKMSFEUZEKJJSIUSTERBFGIYCKMSEEUZEKJJSIUSTERJFGJCSKMRQEUZEKJJSIUSTERJFGJCCKMSEEUZDAJJSIUSTERJFGJCCKMSEEUZEIJJSGASTERJFGJCSKMSEEUZEKJJSGASTERBFGJCSKMSFEUZEKJJSIUSTEMBFGJCCKMSFEUZEKJJSIUSTERJFGIYCKMSFEUZEKJJSIUSTERJFGJCSKMRQEUZEKJJSIQSTERBFGJCCKMSEEUZDAJJSIUSTERJFGJCSKMSEEUZEIJJSGASTERBFGJCSKMSFEUZDAJJSIUSTERJFGJCSKMSEEUZEIJJSGASTERBFGJCSKMSF

Cyberchef Magic recipe shows that its most likely Base32 -> URLDecode -> Morse Decode

encoding-1

Decode Hex -> Base64 -> Flag. Final Recipe

encoding-2

Flag: INTIGRITI{7h47_w45_345y_r16h7?}

Flag Extraction

Description

They told me I just need to extract flag but I don't know what that means?!

Author: CryptoCat

flag.rar

Solution

Given rar contains different types of zip files which you should extract, I used 7zip to easily dig the zip.

Path to last file:

Flag Extraction
|_flag.rar
|___flag.tar.xz
|_____flag.tar
|_______flag.tar.bz2
|_________flag.tar
|___________flag.tar.gz
|_____________flag.tar
|_______________flag.zip
|_________________flag.gif
$ strings .\flag.gif | grep INTIGRITI

INTIGRITI{fl46_3x7r4c710n_c0mpl373}

Flag: INTIGRITI{fl46_3x7r4c710n_c0mpl373}

Over the Wire (part 1)

Description

I'm not sure how secure this protocol is but as long as we update the password, I'm sure everything will be fine 😊

Author: CryptoCat

otw_pt1.pcapng

Solution

First of all review the protocol hierarchy:

overthewire-1-1

FTP traffic looks interesting. Filter for ftp -> Follow TCP Stream (first ftp packet) ->

220 pyftpdlib 1.5.9 ready.
USER cat
331 Username ok, send password.
PASS 5up3r_53cur3_p455w0rd_2022
230 Login successful.
SYST
215 UNIX Type: L8
PORT 192,168,16,131,179,47
200 Active data connection established.
LIST
125 Data connection already open. Transfer starting.
226 Transfer complete.
TYPE I
200 Type set to: Binary.
PORT 192,168,16,131,203,181
200 Active data connection established.
RETR flag.zip
125 Data connection already open. Transfer starting.
226 Transfer complete.
PORT 192,168,16,131,132,11
200 Active data connection established.
RETR reminder.txt
125 Data connection already open. Transfer starting.
226 Transfer complete.
PORT 192,168,16,131,162,139
200 Active data connection established.
RETR README.md
125 Data connection already open. Transfer starting.
226 Transfer complete.
QUIT
221 Goodbye.

Wireshark didnt have the zip file in Export Objects, so we have to manually find it.

Filter for packets after flag.zip was requested via ftp.

frame.number >= 1927

overthewire-1-2

File starts with PK meaning its a zip file.

Magic Bytes (or File Signatures)

I viewed it as yaml which gives binary as Base64.

overthewire-1-3
└─$ cat flag.zip.base64 | base64 -d -i > flag.zip

└─$ unzip -P 5up3r_53cur3_p455w0rd_2022 flag.zip
Archive:  flag.zip
   skipping: flag.txt                incorrect password

Using FTP password didnt work.

FTP had a remainded.txt, let's take a look:

Hi cat,

This flag is really important so I had to encrypt it in case it falls into the wrong hands.

You already know the FTP password.. Just use the same here, but update it accordingly ;)
└─$ unzip -P 5up3r_53cur3_p455w0rd_2023 flag.zip
Archive:  flag.zip
 extracting: flag.txt   

└─$ cat flag.txt 
INTIGRITI{1f_0nly_7h3r3_w45_4_53cur3_FTP}

Flag: INTIGRITI{1f_0nly_7h3r3_w45_4_53cur3_FTP}

Over the Wire (part 2)

Description

Learning the lessons from the previous failed secure file transfer attempts, CryptoCat and 0xM4hm0ud found a new [definitely secure] way to share information 😊

Author: 0xM4hm0ud

otw_pt2.pcapng

Solution

Protocol hierarchy:

overthewire-2-1

Viewing smtp packets we see some convesation in plaintext. We can export all objects using File -> Export Objects -> IMF

overthewire-2-2

In the last conversation CryptoCat sends says:

Hey 0xM4hm0ud,

I love all kind of cats, but I prefer this cat. 

CryptoCat

Decode the image:

└─$ cat cat.png.base64 | base64 -d -i > cat.png
overthewire-2-cat
└─$ strings cat.png | grep INTI -i
                                                                                                            
└─$ zsteg cat.png 
imagedata           .. file: Tower/XP rel 2 object not stripped - version 258
b1,r,msb,xy         .. file: OpenPGP Public Key
b1,rgb,lsb,xy       .. text: "INTIGRITI{H1dd3n_Crypt0Cat_Purr}\n"
b1,rgba,lsb,xy      .. text: "YUY{UU[S3}"
b4,r,lsb,xy         .. text: "34TBEDVF"
b4,g,lsb,xy         .. text: "hwwhwfwVfVFwh"
b4,b,lsb,xy         .. text: "#\"3#!#2#EUDEeDvgdR\r"
b4,rgb,msb,xy       .. text: "O|\"(Bj(\n"
b4,bgr,msb,xy       .. text: "|L(B\"h\n*"
b4,rgba,lsb,xy      .. text: "?y/i?h?yOx?x?x?F"
b4,abgr,msb,xy      .. text: "o</<o|oz/z"

Flag: INTIGRITI{H1dd3n_Crypt0Cat_Purr}

PreviousIntigritiNextMetaRed CTF

Last updated