CTF Collection Vol.1 Tryhackme Writeup

By Shamsher khan This is a Writeup of Tryhackme room “CTF Collection Vol.1”

https://tryhackme.com/room/ctfcollectionvol1

Room link: https://tryhackme.com/room/ctfcollectionvol1
Note: This room is Free

Difficulty: Easy

Task 2: What does the base said?

Can you decode the following?

VEhNe2p1NTdfZDNjMGQzXzdoM19iNDUzfQ==

Task 3: Meta meta

Task 4: Mon, are we going to be okay?

Task 5: Erm……Magick

Task 6: QRrrrr

https://zxing.org/
https://zxing.org/

Task 7 :Reverse it or read it?

You are required to download an ELF executable (a linux version of a windows .exe executable). This file is a binary file so I tried strings command once again to extract the printable characters and I found the flag

Task 8 :Another decoding stuff

Can you decode it?

3agrSy1CewF9v8ukcSkPSYm3oKUoByUpKG4L

I was a bit confused at first. I took a look at the hints its has being stated “base58”. I found out that base58 is used to represent large integers as normal text. I used a online base58 decoder and retrived the flag

apt install base58

Task 9 :Left or right

Left, right, left, right… Rot 13 is too mainstream. Solve this

MAF{atbe_max_vtxltk}

Rot 13 is a encryption scheme used to encrypt infomation. How it works ? . It takes a single character and shift 13 places in the alphabet. Rot 13 is also a subset of Caesar cipher. I tried Rot13 it didn’t work and then I started bruteforcing charcter shifts and on the 19th shift I got it.

https://cryptii.com/pipes/rot13-decoder

Task 10 :Make a comment

The hint is given the in the title of the question itself. If you inspect the page with the dev tools you can veiw it between the tags.

Task 11 :Can you fix it?

There is a courpted png file that you need to download. I got the hex dump of the courpted png image with the xxd command

Image is corrupted because it is missing the PNG header (89 50 4E 47):

A magic number is a number embedded at or near the beginning of a file that indicates its file format. So let’s replace the magic number with the correct magic number of an png image. I googled it and found out that

You can fix it as follows:

printf '\x89\x50\x4E\x47' | dd of=spoil.png bs=4 conv=notrunc

[ Task 12 ] Read it

Some hidden flag inside Tryhackme social account.

If you take a look at the hints it says

I did a google search and found a post thats interesting

Task 13 :Spin my head

What is this?

++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>++++++++++++++. — — — — — — .+++++.>+++++++++++++++++++++++.<<++++++++++++++++++.>> — — — — — — — — — -. — — — — -.++++++++++++++.++++++++++++.<++++++++++++++++++.+++++++++.<+++.+.> — — .>++++.

This code is a programming language called “brainfuck” that’s not so popular or used. You can find an online decoder/interpreter online

https://sange.fi/esoteric/brainfuck/impl/interp/i.html

Task 14 :An exclusive!

Exclusive strings for everyone!

S1: 44585d6b2368737c65252166234f20626d
S2: 1010101010101010101010101010101010

In this challenge you have to do a XOR operation against the tow values (S1 XOR S2). I found a site online which helps me to do this easily.

Task 15: Binary walk

In this challenge you must download a jpg file. There is a tool called “binwalk” that helps you to see if there are any hidden files inside the specified file. (-e = extract)

Binwalk creates a directory to store all the extracted files that it has found. You can find your flag in this directory.

Task 16 :Darkness

Accorging to the hints you can use stegsolve to filter/isolate different colors in an image. But in our case we can also view the image file and find the flag but you should have a sharp vision to see it. Anyways you can download stegsolve with these terminal commands

wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
chmod +x stegsolve.jar

Now let’s veiw the image with stegsolve by opening the file and changing the color filters

Task 17 :A sounding QR

How good is your listening skill?

P/S: The flag formatted as THM{Listened Flag}, the flag should be in All CAPS

In this challenge you should download a QR code. Decode the QR code will give you a URL to a soundcloud audio clip.

Upload the QR code to https://zxing.org/w/decode.jspx. It decodes as:

https://zxing.org/w/decode.jspx
https://zxing.org/w/decode

If you hear the audio clip real slow you might get it a bit more clear or you can capture the recoding and play it in slow motion

Task 18 :Dig up the past

Sometimes we need a ‘machine’ to dig the past

Targetted website: https://www.embeddedhacker.com/
Targetted time: 2 January 2020

[Q] Sometimes we need a ‘machine’ to dig the past.
I noticed the 2 words that gives a clue “machine” and “past”. It’s the WayBack Machine. The wayback machine is simply a website that stores snapshots of other websites, noting the date and time of each snapshot that it captures.
I searched for the target website (https://www.embeddedhacker.com/) on wayback machine

https://web.archive.org/web/20200102131252/https://www.embeddedhacker.com/

Note that there is a snap taken on 02 Jan 2020 at 13:12 pm

https://web.archive.org/web/20200102131252/https://www.embeddedhacker.com/

While scrolling down I found a post named THM Flag posted on Jan 02 2020

https://web.archive.org/web/20200102131252/https://www.embeddedhacker.com/

Task 19 :Uncrackable!

Can you solve the following? By the way, I lost the key. Sorry >.<

MYKAHODTQ{RVG_YVGGK_FAL_WXF}

Flag format: TRYHACKME{FLAG IN ALL CAP}

In this challenge there is a cipher to decrypt. At first I taught it was a caesar cipher but in the end I realized that this a vigenere cipher decryption challenge after seeing this.

TRYHACKME is acting as a constant string so we can use TRYHACKME as the key.

It looks like we found another constant THMTHMTHM. Lets try it again with this key.

Task 20 :Small bases

Decode the following text.

581695969015253365094191591547859387620042736036246486373595515576333693

You take a look at the hints

You should convert the decimal number to hex and then hex to ascii encoding. So let’s do it

Task 21 :Read the packet

In this challenge you have to download a network capture file. I Opened the capture file with wireshark. There were a whole lot of network traffic captured so I had to use a filter. I used GET Method http filter ( http.request.method == “GET” ) to see if there were any files transfered. For my surprise there was one file called flag.txt.

I Followed the HTTP stream of this file and got the flag

You can find me on:
LinkedIn:- https://www.linkedin.com/in/shamsher-khan-651a35162/
Twitter:- https://twitter.com/shamsherkhannn
Tryhackme:- https://tryhackme.com/p/Shamsher

For more walkthroughs stay tuned…
Before you go…

Visit my other walkthrough’s:-

and thank you for taking the time to read my walkthrough.
If you found it helpful, please hit the 👏 button 👏 (up to 40x) and share
it to help others with similar interests! + Feedback is always welcome!

Web Application Pen-tester || CTF Player || Security Analyst || Freelance Cyber Security Trainer