By Archit VatsOn

TryHackMe


c4ptur3-th3-fl4g Walkthrough

 

 
 

Task – 1 Translation and Shifting

Question 1 – c4n y0u c4p7u23 7h3 f149?

Solution – This one’s quite simple. This is called leet in which the text is written with modified spellings with the help of numbers in place of some characters. The answer for this one is – can you capture the flag?
 

Question 2 – 01101100 01100101 01110100 01110011 00100000 01110100 01110010 01111001 00100000 01110011 01101111 01101101 01100101 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01101111 01110101 01110100 00100001

Solution – This is written in binary as you can see that every set of 1’s and 0’s (separated by space) is a string of 8 numbers. So you can use any online resource such as rapidtables to convert binary to ascii. The answer for this is – lets try some binary out!

 

Question 3 – MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM======

HINT : Having an equal sign at the end of the string is the distinguishing feature of a particular category of encoding technique. Remember it from now on if you didn’t knew it.

Solution – The equal sign at the end signifies that this is a base encrypted string and I started with base32. So I used online tools to decrypt base32 such as boxentriq or cyberchef. This gave me the answer as – base32 is super common in CTF’s


Question 4 – RWFjaCBCYXNlNjQgZGlnaXQgcmVwcmVzZW50cyBleGFjdGx5IDYgYml0cyBvZiBkYXRhLg==
HINT : Same as above
Solution – Similar to the previous question this is a base string and thus I tried with base32 but it wasn’t the solution so I went to the next base which is base64. And this indeed was the encryption technique used upon it. This returned the answer – Each Base64 digit represents exactly 6 bits of data.

 

Question 5 – 68 65 78 61 64 65 63 69 6d 61 6c 20 6f 72 20 62 61 73 65 31 36 3f

HINT : There are majorly 3 different number systems which are used to represent ASCII. This is one of them. Try to identify it
Solution – The existence of numbers and characters with each other points into the direction of hexadecimal. This is further confirmed by analysing the strings where the characters haven’t exceeded letter f. So I used rapidtables to convert hexadecimal to ascii and found the answer to be – hexadecimal or base16?
 
Question 6 – Ebgngr zr 13 cynprf!
HINT : In the answer text field you can see that the number of charaters required in the answer is same as that in the question along with same spacing. This ensures that this is a monoalphabetic cipher. This rules out many other options and leaves you with a smaller set of ciphers to try from.
HINT : If all else fails, then rotate.
Solution – This is a very cool encryption technique called rotate13 or rot13. In this technique every character is changed by adding 13 to it considering a or A = 0, b or B = 1 upto z or Z = 25. If the value goes above 25 then it is started again with 0. You must be thinking that how did I decided that this is rot13. To tell you the truth I didn’t knew it. This comes from experience however in my case I fiddled with it for quite some time and then just started randomly using the decryption techniques upon it until I stumbled upon rot13 and saw the answer flashing in my face. Then I looked upon google and learned some things about it. So the answer for this one is – Rotate me 13 places!
 
Question 7 – *@F DA:? >6 C:89E C@F?5 323J C:89E C@F?5 Wcf E:>6DX
HINT : Same as above
HINT : The other version of the above solution
Solution – This is somewhat similar to the previous one. This string is encrypted with the help of rot47. In this technique the ascii value of characters having decimal value between 33 and 126 except space are formed a group. This includes 94 characters which when divided by 2 becomes 47. Then the decimal value of characters are added with 47 to encrypt and again added with 47 to decrypt. Now how did I knew that I had to apply this technique. In the previous question I read about rot13 and its wikipedia page had info about rot47. Now I used cyberchef to decrypt this string by rot47 and the answer is – You spin me right round baby right round (47 times)
 
Question 8 – – . .-.. . -.-. — — — ..- -. .. -.-. .- – .. — -.
. -. -.-. — -.. .. -. –.
HINT : Having only two types of characters in a string generally leaves you with two options to try from among which one is the answer. Name them.
HINT : They are binary and morse. So which one is it.
Solution – Dots and dashes are used in morse code. Thus I converted it into its ascii form using dCode and the answer is – telecommunication encoding
 
Question 9 – 85 110 112 97 99 107 32 116 104 105 115 32 66 67 68
HINT : There are majorly 3 different number systems which are used to represent ASCII. This is one of them. Try to identify it
Solution – This sequence of numbers could’ve been decimal or octal. So I used rapidtables to check both of the options and it turned out to be decimal as it gave a readable ascii value. Thus the answer for this one is – Unpack this BCD


Question 10 – LS0tLS0gLi0tLS0g…………………………..0tLS0gLi0tLS0=
HINT : What does an equal sign at the end mean.
HINT : Check above if you’re unsure.
Solution : Already having the knowledge that this is base. I tried to convert it via base64 and the output was something like this
—– .—- .—- —– —– .—- .—- —–
Then I converted it using morse code and the output that I got was like
01100110 01100101 00100000 01100000 01011111 01100000
Knowing that it is binary code I converted it and the output was somewhat like
fe `_` “e bh “d ba `_h hf `_f `_` ba “e `_c `_d “d ba hf ba hg `_d “e ba “e “c `_d hh `_f `_d `_` “c ce ce ce
Frankly speaking the next step took some time as I had no idea about what it is. But then I realised that every conversion that I did upto now were already done in previous questions. So maybe the next step was also in one of the questions. And yes it was, rot47. The output was 
76 101 116 39 115 32 109 97 107 101 32 116 104 105 115 32 97 32 98 105 116 32 116 114 105 99 107 105 101 114 46 46 46
Then I converted this decimal value to ascii and the final answer was revealed – Let’s make this a bit trickier…



TASK 2 – Spectograms


Question – Download the file. You can go here to download it.
HINT : The title of the task is spectogram. But are you viewing it as a spectogram. Maybe not.
Solution – I download the file and like any other audio file it had to be opened with Audacity although you can try someother software too. Two things were certain, one, the answer lies somewhere in the software and two, this software is Hebrew to me. So I fiddled with the software a lot and I mean a lot. After a very long time I stumbled upon the right place. This whole time I was viewing it as a waveform while the question was screaming at me from the first second to convert it into a spectogram. The option to do so is the black downward pointing arrow beside the name of the file.


 


Task – 3 Steganography


Question – Decode the image to reveal the answer.
Solution – The first thing that I do with such a question is to use the file command in terminal to check that the given extension of the file is its true extension or not. It was correct in this case. Then I always use the string command and check the last few lines to see if some string is appended to it. In this case it was all gibberish. Then I used binwalk to see if some other file is hidden inside it. Nope. Finally I used steghide without password (because I didn’t had one) to extract any content in it. For this I used the following terminal command
$ steghide –extract -sf stegosteg.jpg 
It resulted in a message saying that some data has been written to steganopayload2248.txt. Then I extracted the data and our output was – SpaghettiSteg


Task – 4 Security Through Obscurity


Question 1 – Download and get ‘inside’ the file. What is the first filename & extension?


Solution – So I downloaded the file and as I’ve told you I checked its extension first. It was perfect. Next I used the strings command and I found two interesting things after IEND.
“AHH_YOU_FOUND_ME!” 
hackerchat.png
The question asks about the filename and its extension so I tried with hackerchat.png and it worked.
 
Question 2 – Get inside the archive and inspect the file carefully. Find the hidden text.
Solution – I still haven’t checked the first string that I got with the strings command and it was hidden too. So it was worth a shot and guess what. It actually worked. Although I’m super sure that this was actually not the right way to do it so below this paragraph I’ve also done it in the right way. But damm man it really worked.
 
Solution in the right way – Suppose I don’t use the strings command. So my next step would be to use binwalk. And the result was very promising
 
DECIMAL       HEXADECIMAL     DESCRIPTION
————————————————–
0             0x0             JPEG image data
30            0x1E            TIFF image data
74407         0x122A7         RAR archive data
74478         0x122EE         PNG image
74629         0x12385         Zlib compressed data
 
So I extracted all of it using binwalk again
%%EDITORCONTENT%%nbsp;binwalk –extract meme.jpg
 
I entered the new directory and the last file is the answer to our first question – hackerchat.png.
And the answer to the second question is nothing but a strings command.