CyberMaterial HackHavoc CTF

Solution

Flag can be found in “#ctf-support” channel description in the discord server.

Solution

Flag can be found in final feedback Google Form.

Solution

Provided a file with no extension. Adding “.txt” , we can see its contents. Flag can be found in it.

Solution

Provided Cipher text, convert it with Base92. Then again with ROT47. We get a JS code and tracing it flag is found.

Solution

Given with a file with no extension, when we convert it to “.txt” we can see its content. Inside it we can see “PyInstaller” letting us know it is a file complied by PyInstaller.

1

We can decompile the file with https://github.com/extremecoders-re/pyinstxtractor .

We get a “.pyc” file, we can convert that file to get the original Python code.

2

Solution

Provided a file with no extension. Adding “.txt”, we can see its contents. The flag is found when we remove the null values.

3

Solution

The given flags in the picture represent the flag, the flags are from International maritime signal flags.

Solution

Provided a file with “.PNG”, converting it to “.txt” , we can see its contents. It consists of binary numbers, converting it to ASCII and to numbers we again get binary. Repeating the process we get a ciphered text. We convert it with Base62 to retrieve the flag

Solution

Provided a LoveLetter and a Go code, there is a encrypted message in the love letter. By writing a python code to reverse the Go code we can retrieve the flag.

Solution

We convert the given Braille text to retrieve the flag

Solution

Provided Cipher Text, we can convert it with XOR Cipher to retrieve the flag

Solution

Flag can be found in robots.txt https://ctf.cybermaterial.com/robots.txt

Solution

Provided a URL and told there were hidden doors. Used DIRB to find active links and found.

4

There was a hidden cipher text, we can convert it with Base58 to retrieve flag.

Solution

Provided a URL and found the script.js in it. In it, it had a API url with POST requests for commands.

5

Solution

Provided with a URL, it had a button redirecting to the homepage. When we inspect the page we can find a hidden URL. When we Inspect the that page we can locate the flag

6

Solution

Provided a URL, using the SSTImap tool I did Server-Side Template Injection. I was able to find the flag in app.py

Solution

It mentions about a newsletter and it mentions about “A Hacker leaked unreleased Netflix content”. The flag can be found in a CyberMaterial Linkedin post.

7

Solution

It mentions about “Andariel” and “Lazarus”. There is an article about this topic.

https://cybermaterial.com/andariel-lazarus-group-threat-actor/ In between of all the hyperlinks there is a link to a pastebin https://pastebin.com/QUwg950y

In between of all the text there are random letters & numbers, grouping all of them we get a ciphertext. We can convert it from HEX to ASCII to normal.

Solution

8

In the background we can see a subway and it looks like a petrol station. His TShirt says “Cover6 Solutions” so it must be near it. Cover6 Solutions is located in “Arlington, Virginia” as per their Linkedin so we if overlap them and cross verify with the subway we can find the road it is located in.

9

Solution

10

By looking at this we can an Icon. By checking Google Maps Icons we can determine that it is a Museum. On the left we can slightly read the road name “Stewart ave”. By checking the museums on Stewart ave we can find the museums in the picture

11

Solution

The flag is in the description of video - https://youtu.be/iM4vtqkhmIo