Skip to main content

Fall 2024 Intro CTF

Challenges

All answers are case sensitive.

Open Source Intelligence

We need to find more information about this image, can you answer the following questions?

Download Photo

What's the make of this car? (Company & Model)

What city is this picture taken in?

What phone was used to take this picture? (Just the company)

Cryptography

Cipher 1: Kz za, Hxazk?

Cipher 2 (all caps, space between words): -.. --- - ... / .- -. -.. / -.. .- ... .... . ...

Web App Exploitation

Access the challenge website here.

Flag 1:

Flag 2:

Solution

Solution Guide

OSINT

  1. The model of the car is on the back. A quick Google search will give the company's name
  2. The car's license plate tells us we are probably in Georgia. There is also a street sign visible. Simply look up the street name along with the state on Google or Google Maps to find the city's name.
  3. This one is a bit trickier. You will have to use an image metadata analyzer (aka Image Exif Viewer) to find the answer. There are plenty online and almost any will work. Simply upload the picture and scroll through the shown metadata until you find the company's name.

Cryptography

  1. Use a cipher identifier tool to figure out what method is being used, like DCode's Cipher Identifier. From there, it's trial and error with the different cipher tools shown.
Reveal Cipher

It is a simple Caesar Cipher (aka Shift Cipher) with a shift of 6.

  1. Again, use a cipher identifier tool like DCode's Cipher Identifier. It will tell you that the cipher is Morse Code. Simply go to the Morse Code tool and decode.

Web App Exploitation

  1. Right click the hint image for Flag 1 and click Inspect Element. The image's alt text is the flag.
  2. The hint image shows the Cookie Monster, referencing the website's Cookies. These can be viewed by (assuming MS Edge or Google Chrome):
    1. Inspect Element the page anywhere (or enter Developer Tools with F12)
    2. At the top of the Developer Tools window, navigate to the Application window. You may have to click the + to find it.
    3. Expand the dropdown for Cookies and click the only item underneath. This will show you a cookie called flag_2 with a value of VEhQe2Nvb2tpZV9tb25zdGVyfQ==. This is the flag but it's encoded. You will need to decode this which can be done using a cipher identifier tool like DCode's Cipher Identifier. It will tell you that it is Base64. Click the given tool and decode it to find the flag!
tip

To make decoding Base64 easier in the future, look out for = signs at the end of the cipher. If there is one or two = sign present at the end, it is most likely encoded in Base64.

Credits

  • Author(s): Divesh Gupta (legendile7)