Here i list the solution of all Hacktoria CTF i completed.
Greetings, Special Agent K. One of our clients, a wealthy art collector from Monaco, is requesting we help her find a recorded dialogue between Critias, Hermocrates, Timaeus and Soscrates.
In her quest to unravel the mysteries regarding the ancient city of Atlantis, our client wishes to gather all evidence possible as to where the location of the lost city truly is. Getting stuck a fair bit into her endeavors, she has reached out to the Tiberian Order to decipher a piece of text.
Our client believes this text to be of vital importance to prove the existence of Atlantis as a city. Whether it will lead directly to the discovery of the city is doubtful. Nonetheless, itโs of great importance to unravel itโs meaning.
I trust your ability to deal with ciphers and ancient dialogues in this matter. You find the text below. In the end, this will lead to another Contract Card if you manage to complete this assignment.
As always. Special Agent K, the contract is yours, if you choose to accept.
27 76 3d 45 2a 28 27 60 34 4a 63 38 24 76 68 62 78 77 23 40 2a 28 64 43 2b 3f 27 44 78 74 3c 38 2a 28 5f 44 78 75 7d 47 2a 62 79 39
[...]
As we have a HEX Code, the first thing you would think is to decode it to ASCII, so let's do it using CyberChef.
And we ain't got nothing really readable ๐
But let's not give up right away, we can begin trying out with the most basic Cryptography algorithms, like ROT.
Using ROT 47 you will notice a == in the end of the decoded string QgdGhpbmdzLg==.
If you have already encoded anything with Base64 you know that it's a standard for encoded strings to have == at the end, so let's decode it.
Now we have a readable text
But we ain't having any Flag in our hands yet, we need to find the flag hidden in the text.
If you copy the text and paste in any text editor, you will notice that its all in one line, let's organize to each phrase be in one line, to do that we will use Notepad++ substitute feature to overwrite \. with \n.
Now the text should be correct.
Observing the first Words of each phrase you can see that some don't make sense, identifying the word bit with ly right after it, could be this a bitly link?
Assuming that this is a bitly link, let's search for a ID to build a valid URL.
Now we can build a valid Bitly URL
https://bit.ly/3pB2oiW
And Voilร here is the flag
Greetings Special Agent K. Perhaps you remember our old friend Maksim Kotova? After his capture in Panama he was more than willing to cooporate for reduced sentences.
Following up on the leads heโs given us until this point has resulted in the arrest of several high ranking officials and members of various underground organizations. One of his more promising leads, is a military parts smuggling operation organized by one of Maksimโs former Cold War friends, Vasili Semenov.
Semenov is quietly making a fortune selling Russian military spare parts for scraps to the highest bidder. A lot of these parts arenโt even spares in the literal sense of the word. These parts are all brought together through various air bases around Russia and the world, then routed to a central air base. Where theyโre exchanged for cash.
Given the current sticky situation around Russian activity. Not to mention the limited jurisdiction of our client. You are tasked with finding the air base where these sales take place.
The old man wasnโt very much into modern technology, so all we have for you is a sattilite image of the air base. Other items found, are sent to a forensics lab by our client.
Finding the Air Base will lead you to the password for unlocking your link-file.
Password format sample, no caps:
country-governate-district-airbasename-air-base
We have a image of the airbase we need to locate, but nothing really recognizable, except for the blue Fighter Jets that looks like Russian aircrafts.
So let's start with the most basic proccess to identify a image, reverse search it.
Using TinEye we can locate a couple of Russian and Vietnamise websites that have a similar image.
Accessing the first TinEye result we can learn that the Airbase in the picture is called Khmeimim airport base
Searching for Khmeimim airport base in Google Maps we can find the real location of the Airbase.
It's located at Jableh, Latakia, Syria
With that information we can discover the password.
The password format is:
country-governate-district-airbasename-air-base
Completing it, it becomes:
syria-latakia-jableh-khmeimim-air-base
And with that we can unlock the ZIP file, open the TXT file in it and obtain the URL to the FLAG:
https://bit.ly/3DAZZNB
Greetings Special Agent K. Yesterday evening around 2100 hours, two officers of the New York Police Department entered the premise of an abandoned building in Brownsville New York. Neighbors had complained about strange sightings. Supposedly a woman had been squatting inside the building.
Reports also state that over the course of the two years the building has been abandoned, several residents of the surrounding houses had complained about junkies occupying the building. Often making terrible screeching like noises during the night.
Normally, this would not get the attention of the NYPD, however, a neighborsโ security camera had caught several people entering the building, but never seen them emerge. Upon closer inspection, a neighbor reported that all windows were closed and intact. Her security camera had also been on the whole time, surveying the only entrance to the building.
This eventually got the NYPD to investigate the building. While clearing rooms, the officers noticed someone moving around at the end of a hallway. Upon repeated calls and commands, the individual retreated behind a door. Both officers approached the door and told the person to come out. After a few seconds, we could see a woman move past the door frame.
Unresponsive to any commands given by the officers, they continued their search. Never to find the woman again. The officers called for backup and had a team of twelve officers and a K-9 unit sweep the building.
Nobody was ever found. Even the dog didnโt find a trail. Which is odd, given all the smells clearly lingering around an old building like that. Strangely enough, upon inspecting the body cam footage, the audio appeared to be missing entirely.
We need you to take a look at the video and see what you can find.
As always, Special Agent K, the contract is yours. If your choose to accept.
Find the password to open the Linkfile, wherever or whatever that might be.
We have a chilling video ๐ฌ, a girl in a white dress crossing the hall in the dark
The video don't have any audio and upon watching it, we can't see any readable text, but we can see its metadata
Using Metadata2go we can upload it and view all metadata.
Scrolling down the results, we can see that there is a comment in the metadata, which looks like a pretty strong password, doesn't it?
fh453n3fk45b384gm$&%#fjksdfmo94853ff
And with that we can unlock the ZIP file, open the TXT file in it and obtain the URL to the FLAG:
https://bit.ly/3fYWbvM
Greetings, Special Agent K. As you might have heard in the news over the past few months. The city of Berlin in Germany is being plagued by a serial killer, nicknamed โThe Butcherโ.
As the name implies, this individual butchers his victims and disposes their body parts all over the city. Autopsy reports conclude that the weapon for disposal is most likely a meat cleaver.
The total body count currently sits at 18 people, mostly women and younger men. All victims were traveling alone at night, mostly through quiet areas, when they were last seen.
Fortunately, yesterday the German police raided an apartment in the city center of Berlin. Neighbors had complained about a stale, metal like smell coming from the apartment. Upon closer inspection, the police found large quantities of plastic sheets, blood traces of several victims and an assortment of meat cleavers.
Since the apartment was rented out to an individual who had used a fake ID, the police has hit a dead end in trying to find the killer. They did however retrieve several files from a personal laptop, including a large, encrypted archive.
In the same location as the archive was stored, a file named โpasswordโ was found. However, this just contained a bunch of HEX values. We need you to make sense of this file, perhaps it leads to the password for the archive.
As always, Special Agent K. The contract is yours, if you choose to accept.
Find the password, for this contract, there is no password sample.
The Password File has HEX code in it, so let's use CyberChef, our ally when dealing with decode and encoding.
And we get something that looks like a file raw content.
Using the CyberChef magicwand, we can identify that it's a MP3 file.
Now last download the result file.
Listening to the audio, we can identify the password letters, these are:
fgjkaergnadrmgkhngadrgle
And with that we can unlock the ZIP file, open the TXT file in it and obtain the URL to the FLAG:
https://bit.ly/3EyudkI