Arab Regional Cybersecurity CTF 2022

My write-ups to many challenges in Arab Regional Cybersecurity CTF 2022

link of competition: https://cybertalents.com/competitions/arab-regional-cybersecurity-ctf-2022

In this CTF competition, we got 8th place after great work and speed in solving challenges
  • Name : Art
  • Category: Open Source Cyber Intelligence
  • Level: Medium
  • Flag : flag{D0_y0u_R3sp3t_Art_98124af}

we have received news that there are some criminals planning to steal something valuable and our friends were able to get us some emails between the criminals but we didn't figure out their plan yet. can you help us?

SOLUTION
  • at the first I opened the challenge file :
  • I realized that there are some capital letters and a strange letter in the beginning of each paragraph :
  • so i collected them and get FILE FM and r2q6f3n8k
  • i used google to search about "FILE FM" and i found this website for Store and share photos, videos and docs , so i upload file for test to get the url example , then i changed the url to https://files.fm/u/r2q6f3n8k
  • So I downloaded the files and started searching for anything that might help me but I couldn't find anything
  • so i come back to the website and started searching for anything that might help me , and i get this https://github.com/rashiid81293a6f90 :
  • so i opened it and download his repository :
  • In this project I found that there is an image that is not used in the project, so I use the Strings command and get the flag :
  • Name : Invisible
  • Category: Digital Forensics
  • Level: Medium
  • Flag : flag{the_1nvisble_C0de_of_Cha0s}

Can you see what I can see?

SOLUTION
  • i used Volatility2 , and i started to use some plugins :
  • then I started to use some plugins but i get nothing , but when i used pslist plugin , i found sumatrapdf.exe and this file is so weird , so i dumped it:
  • i tried to search about anything that might help me , and when i used foremost tool i get some picture and one pdf
  • i tried to get anything that might help me from this files , and when i use pdfimage tool i get the flag
  • Name : Conjuring
  • Category: Cryptography
  • Level: Medium
  • Flag : GHOSTSAREINTHESHELL

symbols can be more than a drawing.

SOLUTION
  • i used google and this website help me https://www.dcode.fr/pigpen-cipher :
  • Name : 1ntr0v3rt
  • Category: Open Source Cyber Intelligence
  • Level: Hard
  • Flag : flag{Th1nks_f0r_your_3fforts_947328456}

Our introvert co-worker left the company a while ago , she is really missed and we want to contact her. However, all we knew about her is her old twitter handle which was "bye_Agatha". can you help us reach her ?

SOLUTION
  • When I read the description, I knew I should use https://archive.org/ and search for https://twitter.com/bye_Agatha and I actually found something that might help me.
  • after i see here her old profile i thought that she may change the username or make new account , so i decide to search more , and when i look at soure code i saw "account id" and i know if i change the username the id will not changed
  • so i searched for website help my to get the username from account id , and i found this website https://tweeterid.com/
  • and i was right and i get the new username itssakinahh8971
  • and i used "sherlock" tool to search for any account has username itssakinahh8971 , and i found this
  • then i open all of them , and when i opened github account , i get that :
  • and when i opened trello account , i get that , so i go to https://pastebin.com/raw/gyGYz78U and get the pass 50a88fc51a84e09f914a2d017fe0bfam:
  • and when i opened trello account , i take her friend username and i used "sherlock" tool to search for any account has his username
  • and when i opened instagram account , i saw 3 pictures in his story
  • and from his story i know the bot name "sakinah-auto-replier"
  • so i comeback to the code in github but nothing help me , so i see the History for First-project/server.py , and i saw the new piece of code so i now know how the bot work
  • and finally i get the flag