How I solved challenges in NahamCon CTF 2024 by John Hammond
Hello Hackers,
Today I’m going to share, how me and my team solved some challenges in the global CTF challenge named NahamCon CTF, created by John Hammond.
Let’s get started …
Read The Rules
“ Please follow the rules for this CTF! “
Connect here:
Read Rules Link
In this challenge, there was a link to the rules endpoints was given, so just by seeing the javascript code I got the flag.
That’s Not My Base
Everyone knows about Base64, but do you know about this one?
(Remember, the flag format starts with
flag{!)
F#S<YRXdP0Fd=,%J4c$Ph7XV(gF/*]%C4B<qlH+%3xGHo)\
With the given strings anyone can think that it is related to base encoding, so I copied this and paste it in CyberChef and tried to decode it with every base encodings and found that it was encoded in base92
Twine
Google tells me that twine means: “strong thread or string consisting of two or more strands of hemp, cotton, or nylon twisted together.”
In this challenge there was a image given, so using the strings twine.jpg -n 9 I got the flag.
Uriel
Uriel was browsing the web and he saw this big long blob of text in his address bar! He was telling me about it but I don’t remember everything he said… I think he mentioned something like “it happened twice?”
%25%36%36%25%36%63%25%36%31%25%36%37%25%37%62%25%33%38%25%36%35%25%36%36%25%36%35%25%36%32%25%33%36%25%33%36%25%36%31%25%33%37%25%33%31%25%33%39%25%36%32%25%33%37%25%33%35%25%36%31%25%33%34%25%36%32%25%33%37%25%36%33%25%33%36%25%33%33%25%33%34%25%36%34%25%33%38%25%33%38%25%33%35%25%33%37%25%33%38%25%33%38%25%36%34%25%36%36%25%36%33%25%37%64
Anyone with the little knowlege of encoding can know that the above string is URL encoded. So I tried decoding it two times and got the flag. You can also try it using URL Decoder
EICAR
What is the MD5 hash of this file?
Wrap the hexadecimal value in the
flag{prefix and{suffix to match the standard flag format.Note, your antivirus engine might flag this file -- don't worry, I promise it's not malware :)
Download the file(s) below.
Attachments: eicar
According to the given string, it is clear that flag is the md5 hash of the file. So everyone know that we can use md5sum to get the md5 hash of the file.
It will be md5sum eicar. By just adding flag{hash} . We got the flag.
Copypasta
You know those funny Internet messages that everybody likes to copy and paste? Yeah….
Turns out they make a good Warmups CTF challenge, too!
Press the
Startbutton on the top-right to begin this challenge.Connect with: nc challenge.nahamcon.com 31476
Using the given netcat connect, I tried to get the message and got.
If you don’t know, copypasta is a block of text copied and pasted to the internet and social media. So firstly I copied the text and pasted on google, and after some research I found that there are some incorrect version of this text was all over the internet and then I found it on GNU Org Officials Page.
I copied both the text from server and from the GNU Org page and saved it in a file named pasta1.txt and pasta2.txt and then I used diff command to see the difference between them and got the flag.
IDoor
It’s Apple’s latest innovation, the “iDoor!” … well, it is basically the Ring Doorbell camera, but the iDoor offers a web-based browser to monitor your camera, and super secure using ultimate cryptography with even SHA256 hashing algorithms to protect customers! Don’t even think about snooping on other people’s cameras!!
Press the
Startbutton on the top-right to begin this challenge.Connect with:
Using SHA-256 Tool with the value of 11, I compared both are the same strings so I was clear that it is nothing just sha-256 hash. Then I tried it with 12, 13 but I was not getting anything but after some time I tried it with 0 and got the flag.
All About Robots
Oh wow! Now you can learn all about robots, with our latest web service, All About Robots!!
Press the
Startbutton on the top-right to begin this challenge.Connect with:
With the name of the challenge it is clear that it has something to do with robots.txt. So first I searched for that file and got an endpoint that contains our flag.
Then after going to the endpoint that was listed, I got the flag.
IPromise
Instead of making the next IPhone, I made this challenge. I do make a truthful promise though…
Download the file(s) below.
Special thank you to Zoom for sponsoring the NahamCon 2024 CTF! This category is dedicated to them as a token of gratitude.
Attachments: IPromise
There was a file given, So firstly I runned file IPromise to see which file is that and found that It was
IPromise: ELF 64-bit LSB executable, x86–64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86–64.so.2, BuildID[sha1]=89878e2c4353d02a9ae4a40d8c831124197d2e30, for GNU/Linux 3.2.0, not stripped
For those who don’t know reverse engineering tool, let me tell you there is a tool named radare2, mostly used for reversing and patching.
I used it and saw all the functions that was present in there.
To learn Radare, do see this great blog , Radare2 — An Introduction . If you want detailed blog about radare2 let me know in the comment section.
First I used radare2 IPromise Then after going to the interface, I ran the command aaa to analyze the files and flags present.
First I tried to see all the strings present in the file using iz in radare2.
But I haven’t found anything interesting, so I tried to list the functions using afl command.
At first sight, I found a function named sym.decryptIPromise then I tried to see what was inside that funciton using s sym.decryptIPromise
GOT The Flag!!!!
Thanks for reading. I haven’t shared all the flags I founded, because of the lack of POCs and Server Challenges.
I do faced some challenges while exploiting binary, malware files but I will also be solving those challenges and share you in the upcoming blogs.
Till then keep hacking!.
Advice:
One piece of advice that I want to give you and myself is that, to become good at solving challenges you must have your notes.
“A notes for a hacker is like a sword for a samurai. “
Never Ever forget to create your notes.
