Start Time: 14th December 2023, 5:30 PM IST

End Time: 15th December 2023, 5:30 PM IST


WARMUP

Socialize

Flag is in iwcon-ctf channel

image

Flag: IWCON{y0u_w3r3_h3r3_f!rst}

runme

  • code me!
  • Flag format: IWCON{}
  • runme.class

using online decompiler we get java code


import java.util.Arrays;
import java.util.Base64;

public class iwcon {
   public static String get_flag() {
      byte[] var0 = "YPSiRhFjpXbIfgVc]NnHoeWlJ_mOEUQT[L`^kKGMda\\Z".getBytes();
      byte[] var1 = "c54h1dW2z1yVNTdfzRITS9MJMnj53ByM3Xz0D7azN9Xe".getBytes();
      byte[] var2 = new byte[var1.length];

      for(int var3 = 0; var3 < var1.length; ++var3) {
         var2[var3] = var1[var0[var3] - 69];
      }

      System.out.println(Arrays.toString(Base64.getDecoder().decode(var2)));
      return new String(Base64.getDecoder().decode(var2));
   }

   public static void main(String[] var0) {
      System.out.println();
   }
}

in this code we modify main function to add call to get_flag()

public static void main(String[] var0) {
      System.out.println(get_flag());
   }
image

Flag: IWCON{y0u_4r3_a_r3v3rs3_3ngin33r}

Crypto

Rota23r

📣Nggragvba unpxref!
VJPBA 2023 PGS fgnegf ba 🗓14gu Qrprzore 2023, ⌚5:30 CZ VFG.
Rkpvgvat cevmrf gb or jba🎁🏆
Vs lbh unira'g lrg ertvfgrerq, ertvfgre Abj: uggcf://pgs.vjpba.yvir
ernq gur ehyrf

Flag format: IWCON{}

this is rot13 and it decodes to

Attention hackers!
IWCON 2023 CTF starts on 🗓14th December 2023, ⌚5:30 PM IST.
Exciting prizes to be won🎁🏆
If you haven't yet registered, register Now: https://ctf.iwcon.live
read the rules

in the source code of rules page we can see this comment

image

this is rot13 of M0V_M3_T0_G3T_TH3_FL4G

Flag: IWCON{M0V_M3_T0_G3T_TH3_FL4G}

c0l0rcrypt

  • Dive into the world of ChromaCrypt, a mysterious box that conceals messages within encoded color sequences. Unraveling the mapping between colors and characters to unveil the hidden message.
  • Flag format: IWCON{}
c0l0r

This is Hexahue cipher https://www.dcode.fr/hexahue-cipher
decoded value: HU3H3XACRYPT

Flag: IWCON{HU3H3XACRYPT}

MISC

D3CODE2

  • What is it trying to convey? Can you help me understand it? 💻
  • Flag format: IWCON{}
EUZGKJJSMUSTEZJFGJSSKMTFEUZDAJJSMUSTEZJFGJSSKMTEEUZGIJJSGASTEZRFGIYCKMTFEUZGKJJSMUSTEZJFGJSSKMRQEUZGIJJSMUSTEZJFGJSSKMTFEUZDAJJSMYSTEMBFGJSCKMTFEUZGKJJSMUSTEZJFGIYCKMTFEUZGKJJSMUSTEZJFGJSCKMRQEUZGMJJSGASTEZJFGJSSKMTFEUZGKJJSMQSTEMBFGJSSKMTFEUZGKJJSMUSTEZBFGIYCKMTGEUZDAJJSMUSTEZJFGJSSKMTFEUZGKJJSGASTEZJFGJSSKMTFEUZGKJJSMQSTEMBFGJTCKMRQEUZGKJJSMUSTEZJFGJSCKMTEEUZDAJJSMQSTEZBFGJSCKMTEEUZGIJJSGASTEZRFGIYCKMTFEUZGKJJSMUSTEZBFGJSCKMRQEUZGKJJSMUSTEZJFGJSSKMTFEUZDAJJSMYSTEMBFGJSSKMTFEUZGKJJSMQSTEZBFGIYCKMTEEUZGIJJSMUSTEZJFGJSSKMRQEUZGMJJSGASTEZBFGJSSKMTFEUZGKJJSMUSTEMBFGJSSKMTFEUZGKJJSMUSTEZJFGIYCKMTGEUZDAJJSMUSTEZJFGJSSKMTFEUZGKJJSGASTEZJFGJSSKMTFEUZGKJJSMQSTEMBFGJTCKMRQEUZGKJJSMUSTEZJFGJSSKMTEEUZDAJJSMUSTEZJFGJSCKMTEEUZGIJJSGASTEZRFGIYCKMTFEUZGKJJSMUSTEZBFGJSCKMRQEUZGKJJSMQSTEZBFGJSCKMTEEUZDAJJSMYSTEMBFGJSSKMTFEUZGKJJSMUSTEZJFGIYCKMTEEUZGIJJSMQSTEZJFGJSSKMRQEUZGMJJSGASTEZJFGJSSKMTFEUZGIJJSMQSTEMBFGJSSKMTFEUZGIJJSMQSTEZBFGIYCKMTGEUZDAJJSMQSTEZJFGJSSKMTFEUZGKJJSGASTEZJFGJSSKMTFEUZGIJJSMQSTEMBFGJTCKMRQEUZGIJJSMQSTEZJFGJSSKMTFEUZDAJJSMQSTEZBFGJSSKMTFEUZGKJJSGASTEZRFGIYCKMTEEUZGKJJSMUSTEZJFGJSSKMRQEUZGKJJSMUSTEZJFGJSSKMTEEUZDAJJSMYSTEMBFGJSSKMTFEUZGKJJSMUSTEZBFGIYCKMTEEUZGKJJSMUSTEZJFGJSSKMRQEUZGMJJSGASTEZJFGJSSKMTFEUZGIJJSMQSTEMBFGJSCKMTEEUZGIJJSMQSTEZJFGIYCKMTGEUZDAJJSMUSTEZJFGJSSKMTEEUZGIJJSGASTEZBFGJSCKMTEEUZGIJJSMQSTEMBFGJTCKMRQEUZGIJJSMUSTEZJFGJSSKMTFEUZDAJJSMUSTEZBFGJSCKMTEEUZGIJJSGASTEZRFGIYCKMTFEUZGKJJSMUSTEZJFGJSCKMRQEUZGKJJSMUSTEZJFGJSSKMTEEUZDAJJSMYSTEMBFGJSSKMTFEUZGKJJSMUSTEZJFGIYCKMTFEUZGKJJSMQSTEZBFGJSCKMRQEUZGMJJSGASTEZJFGJSSKMTFEUZGIJJSMQSTEMBFGJSCKMTEEUZGIJJSMQSTEZBFGIYCKMTGEUZDAJJSMUSTEZJFGJSSKMTFEUZGKJJSGASTEZBFGJSCKMTEEUZGKJJSMUSTEMBFGJTCKMRQEUZGKJJSMUSTEZJFGJSCKMTEEUZDAJJSMUSTEZJFGJSSKMTEEUZGIJJSGASTEZRFGIYCKMTFEUZGKJJSMUSTEZJFGJSCKMRQEUZGIJJSMQSTEZBFGJSCKMTFEUZDAJJSMYSTEMBFGJSCKMTEEUZGKJJSMUSTEZJFGIYCKMTEEUZGIJJSMQSTEZJFGJSSKMRQEUZGMJJSGASTEZJFGJSSKMTFEUZGKJJSMQSTEMBFGJSSKMRQEUZGMJJSGASTEZBFGJSSKMTFEUZGKJJSMUSTEMBFGJSCKMTFEUZGKJJSGASTEZRFGIYCKMTEEUZGKJJSMUSTEZJFGJSSKMRQEUZGIJJSMQSTEZJFGJSSKMTFEUZDAJJSMYSTEMBFGJSSKMTFEUZGKJJSMQSTEZBFGIYCKMTFEUZGKJJSMUSTEZBFGJSCKMRQEUZGMJJSGASTEZJFGJSSKMTFEUZGKJJSMQSTEMBFGJSCKMTEEUZGIJJSMQSTEZJFGIYCKMTGEUZDAJJSMUSTEZJFGJSSKMTFEUZGKJJSGASTEZBFGJSCKMTEEUZGKJJSMUSTEMBFGJTCKMRQEUZGKJJSMUSTEZJFGJSCKMTEEUZDAJJSMQSTEZBFGJSCKMTEEUZGIJJSGASTEZRFGIYCKMTFEUZGKJJSMUSTEZBFGJSCKMRQEUZGIJJSMUSTEZI

This is recursive encoding Base32 > URL Encoding > Morse Code > Hex > Base64

After decoding all these encodings we get the flag

Flag: IWCON{y0u_g0t_th4t_r16h7!}

Decrypt the Hidden Message

  • 🔍Howdy, Cyber Sleuths! Gather ‘round for the “Crypto Starter Challenge” in the world of Codeburg. Two mysterious figures, Cipher Steve and Enigma Emily, have shared an image.Rumor has it there’s more to it than meets the eye – a hidden treasure waiting to be discovered.
  • Your Mission: If you choose to accept, is to break through the cryptographic cloak and unveil the concealed message. It’s time to play “crypto detective” and decode the secrets these mysterious figures have tucked away.
  • Flag Format: iwconctf{}
  • Author: Priyatham
  • File: hidden.jpeg

open this file with text editor flag is in text format

Flag: iwconctf{tr3asur3_9n_7h3_95land}

QueueAre

  • Follow the ‘R’abbit in a ‘Q’
  • Flag format: IWCON{}
  • File: QueueAre.zip

This zip file have 9 images of partial qr code, i used GIMP to organize qr code

image

This qr code decode to https://pastebin.com/3UpH81pz
It have this following code at line 161 <iframe src='SVdDT057WTBVXzRSM180X0czTjFVU30='> It is Base64 encoded flag.

Flag: IWCON{Y0U_4R3_4_G3N1US}

Into The Shadows

  • Am I FUNCTIONing right?
  • File: javascript.zip

In this zip we have tons of js files, so based on my CTF experience i guessed that it would have Base64 of flag so i did recursive grep for SVdDT05 which is Base64 of IWCON (from flag format) 😅

grep -ira "SVdDT05" *
image

Here we can see the Base64 encoded flag.

Flag: IWCON{hi33d3n_in_th3_shad0ws}

Survival

  • Survival of the fittest!
  • Password hash: 5E536069E1B0D86997C06889B734BD8FAAFEECEC9083AAFECA79F787C875F787B740418D57E5B352
  • Hint: CVE-2022-25012

This CVE is about Argus Surveillance DVR 4.0 - Weak Password Encryption using this PoC we get the flag

Flag: IWCON{y0u_survived?}

Happy Hacking