CTF Collection Vol.1 Tryhackme Writeup
By Shamsher khan This is a Writeup of Tryhackme room “CTF Collection Vol.1”
Room link: https://tryhackme.com/room/ctfcollectionvol1
Note: This room is Free
Difficulty: Easy
Task 2: What does the base said?
Can you decode the following?
VEhNe2p1NTdfZDNjMGQzXzdoM19iNDUzfQ==
Task 3: Meta meta
Task 4: Mon, are we going to be okay?
Task 5: Erm……Magick
Task 6: QRrrrr
Task 7 :Reverse it or read it?
You are required to download an ELF executable (a linux version of a windows .exe executable). This file is a binary file so I tried strings command once again to extract the printable characters and I found the flag
Task 8 :Another decoding stuff
Can you decode it?
3agrSy1CewF9v8ukcSkPSYm3oKUoByUpKG4L
I was a bit confused at first. I took a look at the hints its has being stated “base58”. I found out that base58 is used to represent large integers as normal text. I used a online base58 decoder and retrived the flag
apt install base58
Task 9 :Left or right
Left, right, left, right… Rot 13 is too mainstream. Solve this
MAF{atbe_max_vtxltk}
Rot 13 is a encryption scheme used to encrypt infomation. How it works ? . It takes a single character and shift 13 places in the alphabet. Rot 13 is also a subset of Caesar cipher. I tried Rot13 it didn’t work and then I started bruteforcing charcter shifts and on the 19th shift I got it.
Task 10 :Make a comment
The hint is given the in the title of the question itself. If you inspect the page with the dev tools you can veiw it between the tags.
Task 11 :Can you fix it?
There is a courpted png file that you need to download. I got the hex dump of the courpted png image with the xxd command
Image is corrupted because it is missing the PNG header (89 50 4E 47):
A magic number is a number embedded at or near the beginning of a file that indicates its file format. So let’s replace the magic number with the correct magic number of an png image. I googled it and found out that
You can fix it as follows:
printf '\x89\x50\x4E\x47' | dd of=spoil.png bs=4 conv=notrunc
[ Task 12 ] Read it
Some hidden flag inside Tryhackme social account.
If you take a look at the hints it says
I did a google search and found a post thats interesting
Task 13 :Spin my head
What is this?
++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>++++++++++++++. — — — — — — .+++++.>+++++++++++++++++++++++.<<++++++++++++++++++.>> — — — — — — — — — -. — — — — -.++++++++++++++.++++++++++++.<++++++++++++++++++.+++++++++.<+++.+.> — — .>++++.This code is a programming language called “brainfuck” that’s not so popular or used. You can find an online decoder/interpreter online
Task 14 :An exclusive!
Exclusive strings for everyone!
S1: 44585d6b2368737c65252166234f20626d
S2: 1010101010101010101010101010101010
In this challenge you have to do a XOR operation against the tow values (S1 XOR S2). I found a site online which helps me to do this easily.
Task 15: Binary walk
In this challenge you must download a jpg file. There is a tool called “binwalk” that helps you to see if there are any hidden files inside the specified file. (-e = extract)
Binwalk creates a directory to store all the extracted files that it has found. You can find your flag in this directory.
Task 16 :Darkness
Accorging to the hints you can use stegsolve to filter/isolate different colors in an image. But in our case we can also view the image file and find the flag but you should have a sharp vision to see it. Anyways you can download stegsolve with these terminal commands
wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
chmod +x stegsolve.jar
Now let’s veiw the image with stegsolve by opening the file and changing the color filters
Task 17 :A sounding QR
How good is your listening skill?
P/S: The flag formatted as THM{Listened Flag}, the flag should be in All CAPS
In this challenge you should download a QR code. Decode the QR code will give you a URL to a soundcloud audio clip.
Upload the QR code to https://zxing.org/w/decode.jspx. It decodes as:
If you hear the audio clip real slow you might get it a bit more clear or you can capture the recoding and play it in slow motion
Task 18 :Dig up the past
Sometimes we need a ‘machine’ to dig the past
Targetted website: https://www.embeddedhacker.com/
Targetted time: 2 January 2020
[Q] Sometimes we need a ‘machine’ to dig the past.
I noticed the 2 words that gives a clue “machine” and “past”. It’s the WayBack Machine. The wayback machine is simply a website that stores snapshots of other websites, noting the date and time of each snapshot that it captures.
I searched for the target website (https://www.embeddedhacker.com/) on wayback machine
Note that there is a snap taken on 02 Jan 2020 at 13:12 pm
While scrolling down I found a post named THM Flag posted on Jan 02 2020
Task 19 :Uncrackable!
Can you solve the following? By the way, I lost the key. Sorry >.<
MYKAHODTQ{RVG_YVGGK_FAL_WXF}
Flag format: TRYHACKME{FLAG IN ALL CAP}
In this challenge there is a cipher to decrypt. At first I taught it was a caesar cipher but in the end I realized that this a vigenere cipher decryption challenge after seeing this.
TRYHACKME is acting as a constant string so we can use TRYHACKME as the key.
It looks like we found another constant THMTHMTHM. Lets try it again with this key.
Task 20 :Small bases
Decode the following text.
581695969015253365094191591547859387620042736036246486373595515576333693
You take a look at the hints
You should convert the decimal number to hex and then hex to ascii encoding. So let’s do it
Task 21 :Read the packet
In this challenge you have to download a network capture file. I Opened the capture file with wireshark. There were a whole lot of network traffic captured so I had to use a filter. I used GET Method http filter ( http.request.method == “GET” ) to see if there were any files transfered. For my surprise there was one file called flag.txt.
I Followed the HTTP stream of this file and got the flag
You can find me on:
LinkedIn:- https://www.linkedin.com/in/shamsher-khan-651a35162/
Twitter:- https://twitter.com/shamsherkhannn
Tryhackme:- https://tryhackme.com/p/Shamsher
For more walkthroughs stay tuned…
Before you go…
Visit my other walkthrough’s:-
and thank you for taking the time to read my walkthrough.
If you found it helpful, please hit the 👏 button 👏 (up to 40x) and share
it to help others with similar interests! + Feedback is always welcome!
