This blog post includes the writeup for the following questions:



Vulnerable RTOS

Deadly Malware

Check Digit



Redacted News

Security Headers



Leak Audit



Firstly a big thanks to my teammate Ziphendal for solving the majority of these.



Vulnerable RTOS


The first google search reveals the answer for this one.


So the flag for this is syskronCTF{URGENT/11}




Deadly Malware


Googling the question leads me to an article by stormshield which contains the answer.


So the flag for it is syskronCTF{Triton}






Check Digit


Google directed me to this article on codeproject which explains about how check digit which is used for the verification of several types of numbers. So the hint was already there in the question. Then I searched about its ISO number of the official site of International Organization for Standardization and found it here.


The flag is syskronCTF{ISO/IEC 7812}




Redacted News


You can solve this one with the help of stegsolve.jar. The link for it is given here.


The flag for this one is syskronCTF{d0-Y0u-UNdEr5TaND-C2eCh?}




Security Headers


The question points towards the header for the given website. So I used curl to take a look at them and found the flag there.


The flag is syskronCTF{y0u-f0und-a-header-flag}



Leak Audit

The first step was obviously to extract the required content which can be done with the unzip command. Then I used sqlite3 to query the given database. So I opened the given database with sqlite3 and proceeded on. First I checked the no. of tables inside the file with the .tables command. There was only one named personal. With that out of the way I took a look at the table and also its schema with the following commands: Select * from personal

.schema personal


Then I solved the questions as follows:

Q – How many employee records are in the file?

A – select count(number) from personal;



Q – Are there any employees that use the same password?

A – select password, count(password) from personal group by password having count(password) > 1;



Q – How many passwords are protected with bcrypt?

A – For this one I printed the whole table and counted them manually. I didn’t expected it to work and was already finding the proper steps for this but miraculously it did worked.



Finally the flag for this one is syskronCTF{376_mah6geiVoo_21}