Information#
Version#
| By | Version | Comment |
|---|---|---|
| noraj | 1.0 | Creation |
CTF#
- Name : angstromCTF 2017
- Website : angstromctf.com
- Type : Online
- Format : Jeopardy
- CTF Time : link
10 - The Beginning - Crypto#
Pxevhfx mh tgzlmkhfvmy. Px ahix rhn xgchr hnk vmy. tvmy{utvd_mh_max_ynmnkx}.
ROT 7:
Welcome to angstromctf. We hope you enjoy our ctf. actf{back_to_the_future}.
50 - Image Trickery - Forensics#
What do Twitch emotes have to do with a CTF? No idea, but there's a flag in here somewhere. kappa
With Stegsolve we can see a QR code un blue plane 0 or grey bit plane:
Using WebQR to solve the QR code we found a pastebin link: https://pastebin.com/S9De6WYA (I made a backup link).
The content is a base64 string but I'm not pasting it here as it is very long.
So let's decode it:
1 | $ cat base64.txt| base64 -di > test |
Now it looks like a SVG image in base64. So I kept only the base64 image and removed data:image/svg+xml;base64,. Then I extracted the image:
1 | $ cat test | base64 -di > image.svg |
Display it and read: actf{fa1L_F15H}, we got the flag.
Note: again and ever, this is not Forensics but Steganography.
60 - Document - Forensics#
Defund wrecked his essay in a text editor to pretend that his file got corrupted.
Word's DOCX (Office Open XML) is just a zip containing some XML files.
Let's try to (partially) fix the archive:
1 | $ zip -FF ./essay.docx --out fixed.zip |
Now unzip it and look at word/document2.xml:
1 | cat word/document2.xml| grep -i actf |
We can see actf{too_bad_for_zip_recovery, just add the ending curly brace and you have the flag: actf{too_bad_for_zip_recovery}.