NahamCon CTF 2024 Writeup
Hello Friend,
I solved few challenges in the NahamCon CTF 2024 which went down from May 24-26. I managed to 10+ challenges.
Hope you find it interesting!
Warmup
Read The Rules
curl -s https://ctf.nahamcon.com/rules | grep -o ctf{.*}
Flag: flag{90bc54705794a62015369fd8e86e557b}
That’s Not My Base
Everyone knows about Base64, but do you know about this one?
(Remember, the flag format starts with flag{!)
F#S<YRXdP0Fd=,%J4c$Ph7XV(gF/*]%C4B<qlH+%3xGHo)\
We are given with a base92 encoded code. By using cyberchef we can get the flag.
Flag: flag{784454a9509196a33dba242c423c057a}
EICAR
What is the MD5 hash of this file?
Wrap the hexadecimal value in the flag{ prefix and { suffix to match the standard flag format.
md5_hash=$(md5sum eicar | awk '{print $1}')
echo 'flag{'$md5_hash'}'
Flag: flag{44d88612fea8a8f36de82e1278abb02f}
Twine
Google tells me that twine means: “strong thread or string consisting of two or more strands of hemp, cotton, or nylon twisted together.”
strings twine.jpg | grep -o flag{.*}
Flag: flag{4ac54e3ba5f8f09049f3ad62403abb25}
Copypasta
You know those funny Internet messages that everybody likes to copy and paste? Yeah….
Turns out they make a good Warmups CTF challenge, too!
copy - CTRL + SHIFT + c
paste - CTRL + SHIFT + v
Flag: flag{1f68e019b29650f6e8ea15a7808f76fd}
Uriel
Uriel was browsing the web and he saw this big long blob of text in his address bar! He was telling me about it but I don’t remember everything he said… I think he mentioned something like “it happened twice?”
%25%36%36%25%36%63%25%36%31%25%36%37%25%37%62%25%33%38%25%36%35%25%36%36%25%36%35%25%36%32%25%33%36%25%33%36%25%36%31%25%33%37%25%33%31%25%33%39%25%36%32%25%33%37%25%33%35%25%36%31%25%33%34%25%36%32%25%33%37%25%36%33%25%33%36%25%33%33%25%33%34%25%36%34%25%33%38%25%33%38%25%33%35%25%33%37%25%33%38%25%33%38%25%36%34%25%36%36%25%36%33%25%37%64
from urllib.parse import unquote
uriel = "%25%36%36%25%36%63%25%36%31%25%36%37%25%37%62%25%33%38%25%36%35%25%36%36%25%36%35%25%36%32%25%33%36%25%33%36%25%36%31%25%33%37%25%33%31%25%33%39%25%36%32%25%33%37%25%33%35%25%36%31%25%33%34%25%36%32%25%33%37%25%36%33%25%33%36%25%33%33%25%33%34%25%36%34%25%33%38%25%33%38%25%33%35%25%33%37%25%33%38%25%33%38%25%36%34%25%36%36%25%36%33%25%37%64"
# double url decoding
flag = unquote(unquote(uriel))
print(flag)
Flag: flag{8efeb66a719b75a4b7c634d885788dfc}
Technical Support
Want to join the party of GIFs, memes and emoji shenanigans? Or just want to ask a question for technical support regarding any challenges in the CTF?
This CTF uses support tickets to help handle requests. If you need assistance, please create a ticket with the #ctf-open-ticket channel. You do not need to direct message any CTF organizers or facilitators, they will just tell you to open a ticket. You might find a flag in the ticket channel, though!
Flag: flag{a98373a74abb8c5ebb8f5192e034a91c}
Web
All About Robots
Oh wow! Now you can learn all about robots, with our latest web service, All About Robots!!
curl -s http://challenge.nahamcon.com:30998/robots.txt
echo
curl -s http://challenge.nahamcon.com:30998/open_the_pod_bay_doors_hal_and_give_me_the_flag.html | grep -o flag{.*}
Flag: flag{3f19b983c1de42bd49af1a237d7e57b9}
iDoor
It’s Apple’s latest innovation, the “iDoor!” … well, it is basically the Ring Doorbell camera, but the iDoor offers a web-based browser to monitor your camera, and super secure using ultimate cryptography with even SHA256 hashing algorithms to protect customers! Don’t even think about snooping on other people’s cameras!!
Code to generate wordlist to exploit IDOR Vulnerability
from hashlib import sha256
for i in range(101):
print(sha256(str(i).encode()).hexdigest())
using the wordlist, i bruteforced the user endpoint and got the flag.
Flag: flag{770a058a80a9bca0a87c3e2ebe1ee9b2}
Misc
Not Quite the Same
Everyone knows MD5 hashes. Everyone knows .png files! I believe you’ll collide with greatness.
By uploading two different .png files with same md5 hashes from this github repository get the flag.
Flag: flag{0800fc577294c34e0b28ad2839435945}
Scripting
Base3200
Extracted given theflag.xz a xz archive file.
xz -d theflag.xz
from base64 import b64decode
f = open('theflag', 'r')
flag = f.read()
for _ in range(50):
flag = b64decode(flag)
print(flag.decode())
Flag: flag{340ff1bee05244546c91dea53fba7642}
Thanks for reading!