Skip to content

Commit

Permalink
Quartz sync: Sep 25, 2024, 10:28 PM
Browse files Browse the repository at this point in the history
  • Loading branch information
Tan-JunWei committed Sep 25, 2024
1 parent b7a4599 commit 10b5862
Show file tree
Hide file tree
Showing 9 changed files with 32 additions and 19 deletions.
4 changes: 2 additions & 2 deletions content/Knowledge/Base64.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
modified: 2024-09-01T14:50:09+08:00
modified: 2024-09-25T22:27:30+08:00
---
### Introduction
**Base64 encoding** is a format designed to prevent communication “mishaps” during the transfer of binary information. It achieves this through the conversion of binary data and a “lookup table” — data is eventually made in a stream of _ASCII_ characters, which can then be transmitted and decoded. On base 64 encoded data, the resultant string is always larger than the original (i.e. this is _not_ a compression algorithm). Another important distinction is that base 64 _does not_ encrypt any information — it uses a “standard” table of characters to encode and decode information. In other words, any base-64 string can be decoded, as long as the string was encoded using a standard set of characters (which the decoder can also understand). (_What Is Base64 Encoding & Decoding?_, n.d.)
Expand All @@ -8,7 +8,7 @@ modified: 2024-09-01T14:50:09+08:00

![[base64 table.png]]

### Encoding Base64
### Base64 Encoding

>[!important] The encoding algorithm is simple:
>Take three character bytes from the input stream (24bits), divide them into four 6 bit parts and convert each 6 bit value according to the table above. Repeat this until no more input character bytes are left.
Expand Down
9 changes: 6 additions & 3 deletions content/PicoCTF/Cryptography/interencdec.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Creation Date:
Last Date:
References:
draft:
modified: 2024-08-23T10:13:37+08:00
modified: 2024-09-25T22:28:02+08:00
---
## Challenge Description

Expand All @@ -23,7 +23,10 @@ From the description and hint provided, we can infer that this challenge will li
After running `file enc_flag`, we realise that this file contains ASCII text. `cat enc_flag` displays a string of characters.

>[!tip]
>Since the string ends with 2 `=` characters, this string is likely [[Base64]] encoded.
>Since the string ends with 2 `=` characters, this string is likely [[Base64]] encoded, because the special character "`=`" is used in its encoding process.
>
>How does Base64 encoding work?
>Check this out: [[Base64#Base64 Encoding|Base64 Encoding]]
### The decoding process
![[PicoCTF interencdec 3.png]]
Expand All @@ -36,7 +39,7 @@ We now have an output that looks slightly off from the picoCTF flag format `pico

![[PicoCTF interencdec 5.png]]

I played around with the caesar cipher values, starting with `ROT13`. Changing the value to 19 reveals the flag.
I played around with the caesar cipher values, starting with `ROT13`. Changing the shift value to 19 reveals the flag.

> [!NOTE] Flag
>picoCTF{caesar_d3cr9pt3d_b204adc6}
6 changes: 4 additions & 2 deletions content/PicoCTF/Cryptography/rotation.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Creation Date:
Last Date:
References:
draft:
modified: 2024-08-23T14:05:37+08:00
modified: 2024-09-25T22:23:50+08:00
---
## Challenge Description

Expand All @@ -17,7 +17,9 @@ As the challenge name and hint suggest, the flag is probably encrypted using a c

![[PicoCTF rotation 2.png]]

Running `cat encrypted.txt` displays a string `xqkwKBN{z0bib1wv_l3kzgxb3l_555957n3}`. Observing this string allows us to conclude that we will need to use caesar cipher to decrypt it, due to the presence of the familiar curly braces `{}`. Further analysis tells us that the caesar cipher input value should be _18_. From here, we can use [[CyberChef]] to decrypt the message.
Running `cat encrypted.txt` displays a string `xqkwKBN{z0bib1wv_l3kzgxb3l_555957n3}`. Observing this string allows us to conclude that we will need to use caesar cipher to decrypt it, due to the presence of the familiar curly braces `{}`.

Further analysis (or trial and error) tells us that the caesar cipher input value should be _18_. From here, we can use [[CyberChef]] to decrypt the message.

![[PicoCTF rotation 3.png]]

Expand Down
6 changes: 4 additions & 2 deletions content/PicoCTF/Forensics/FindAndOpen.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Creation Date:
Last Date:
References:
draft:
modified: 2024-08-19T15:23:40+08:00
modified: 2024-09-25T22:17:26+08:00
---
## Challenge Description

Expand Down Expand Up @@ -36,7 +36,9 @@ Of the 5 strings, I zoomed into string 3 first. It seems like a [[Base64]] encod

All I got was gibberish. However, I noticed that this string has a length of 70.

>[!important] During encoding, the [[Base64]] algorithm replaces each three bytes with four bytes and, if necessary, adds padding characters, so the result will always be a multiple of four (_What Is Base64? | Learn | Base64_, n.d.).
>[!important] How the [[Base64]] encoding process works
>
>During encoding, the [[Base64]] algorithm replaces each three bytes with four bytes and, if necessary, adds padding characters, so the result will always be a multiple of four (_What Is Base64? | Learn | Base64_, n.d.).
This meant that I will have to delete 2 characters from the input string. I first tried to remove 2 characters from the front.

Expand Down
8 changes: 5 additions & 3 deletions content/PicoCTF/Forensics/PcapPoisoning.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ tags:
Creation Date:
Last Date:
draft:
modified: 2024-08-19T15:26:00
modified: 2024-09-25T22:21:14+08:00
---
### Challenge Description
![[PicoCTF PcapPoisoning.png]]
Expand All @@ -16,15 +16,17 @@ After downloading the file, we realise that it is a `pcap` file, as the challeng
### Using `strings`
![[PicoCTF Pcap Poisoning 2.png]]

>[!success] We can run `strings <file-name> | grep pico` to get the flag immediately.
>[!success] Acquiring the flag using `strings`
>
>We can run `strings <file-name> | grep pico` to get the flag immediately. Piping the output of the `strings` command through `grep` will allow us to filter out line(s) that contain the search term "pico".
Alternatively, we can use [[Wireshark]] for packet analysis.

### Using [[Wireshark]]

![[PicoCTF Pcap Poisoning 3.png]]

Using the display filter `tcp contains "pico"`, we narrow our search to 1 packet which contains our flag.
Using the display filter `tcp contains "pico"`, we narrow our search to 1 packet that contains our flag.

> [!NOTE] Flag
> picoCTF{P64P_4N4L7S1S_SU55355FUL_31010c46}
Expand Down
4 changes: 3 additions & 1 deletion content/PicoCTF/Forensics/St3g0.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,16 @@ Creation Date:
Last Date:
References:
draft:
modified: 2024-09-03T20:20:33+08:00
modified: 2024-09-25T22:19:15+08:00
---
## Challenge Description
![[PicoCTF St3g0.png]]

We shall start off by following the instructions. I ran `wget <link>` to download the file. I also opened the file in GUI, but as the challenge name suggests, this is a [[Steganography]] challenge, so there was no useful information there.

>[!question] PicoCTF Hint: We know the end sequence of the message will be `$t3g0`.
>
>Great! Let's look out for that.
### How pico.flag.png looks like

Expand Down
8 changes: 5 additions & 3 deletions content/PicoCTF/Forensics/hideme.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Creation Date:
Last Date:
References:
draft:
modified: 2024-09-03T20:18:42+08:00
modified: 2024-09-25T22:15:55+08:00
---
## Challenge Description

Expand All @@ -20,14 +20,16 @@ The `hideme` challenge name already suggests that the flag is hidden from plain

Running binwalk reveals that there are embedded files that we need to take note of. I then ran `binwalk -e` to extract the files which will be extracted into the `_file.png.extracted` directory.

>[!important] `binwalk -e <file-name>`: the `-e flag` automatically extracts known file types
>[!important] `binwalk` usage
>`binwalk -e <file-name>`: the `-e flag` automatically extracts known file types
### Contents of the `_file.png.extracted` directory
![[PicoCTF hideme3.png]]

There are a total of 4 files/directories in the `_file.png.extracted` directory. These are: `29`, `29.zlib`, `9B3B.zip`, and a `secret` directory. Running `file 29` shows that `29` is an empty file.

>[!important] The `secret` directory seems most suspicious. I `cd` into it to find that there is another `png` file called `flag.png`. Using the GUI, I open the image to find the familiar flag prefix of `picoCTF`. There's our flag in plaintext!
>[!important] Suspicions
>The `secret` directory seems most suspicious. I `cd` into it to find that there is another `png` file called `flag.png`. Using the GUI, I open the image to find the familiar flag prefix of `picoCTF`. There's our flag in plaintext!
### Flag found in `flag.png`
![[PicoCTF hideme 4.png]]
Expand Down
4 changes: 2 additions & 2 deletions content/Useful Tools/Steghide.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
modified: 2024-09-02T22:11:49+08:00
modified: 2024-09-25T22:18:01+08:00
---
>[!info] What is Steghide and why is it used?
>Steghide is a steganography program that helps in hiding data in various kinds of image and audio files. In this process, the color- respectivly sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.
Expand All @@ -13,7 +13,7 @@ modified: 2024-09-02T22:11:49+08:00
>```
>
>
>>[!tip] Extract data
>>[!example] Extract data
>>
>>Of course, it can also do the reverse and extract the data from these files. The most basic command is:
>>
Expand Down
2 changes: 1 addition & 1 deletion content/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ modified: 2024-09-21T22:11:13+08:00
Welcome to my Capture The Flag (CTF) writeups page! Here you'll find detailed explanations and solutions to various CTF challenges I've tackled.
## The Ongoing Journey 💡

As of **21 September 2024**, this CTF-writeups page has a total of **104** writeups across different topics. As I continue to explore and glean deeper insights, this project will remain a living document, constantly evolving and improving. Regular updates will be made to refine the content, introduce fresh perspectives, and integrate the latest knowledge. Stay tuned for ongoing enhancements!
As of **25 September 2024**, this CTF-writeups page has a total of **105** writeups across different topics. As I continue to explore and glean deeper insights, this project will remain a living document, constantly evolving and improving. Regular updates will be made to refine the content, introduce fresh perspectives, and integrate the latest knowledge. Stay tuned for ongoing enhancements!
## Navigation 🗺️

### PicoCTF
Expand Down

0 comments on commit 10b5862

Please sign in to comment.