0x70sec

0x70sec

Cyber Security Enthusiast, Researcher, H4cker

CyberCube 2020 Georgia

1 minute read

Yesterday CERT.GOV.GE hosted CyberCube 2020 in Georgia.

The Olympiad was hosted online for the first time,Due to COVID19.Exercises were kinda CTFish, but it was a lot of fun. I decided to share some of them with you.

Final.txt

We are given txt file,we should investigate it and get the flag. Running file against it prints that it’s an ASCII text.After looking at cat output it looks like base64 encoded data.

So i decoded it and redirected output to final2.txt

cat final.txt | base64 -d > final2.txt

It looks like hex, we can reverse it to binary with xxd:

Running It prints a flag

м®.яøß()7

We are given a link to youtube video, that we can download as an avi file via github from description.

So i downloaded file and ran file, binwalk and 7z against it

Output shows that there’s hidden file important.txt that can be extracted, although it’s password protected.

Going back and rewatching the video we see password Dylan_2791

Extract files with 7z and we get the flag

Magic-Zip

We are given zip file that seems to be corrupted

First of all i ran zip -F and -FF against it, but it didn’t work

After that i opened it in hexeditor and saw that first 2 bytes were 00 00 after that 03 04

After some research i found magic bytes of ZIP

Fixed it and tried extracting the content but it was password protected

So i brute forced it with rockyou.txt and found the password

And the flag

Twitter Facebook LinkedIn

You May Also Enjoy

picoCTF Writeup

July 03, 2021 1 minute read

Some challenges from picoCTF for beginners.

Certified Red Team Professional Review

June 25, 2021 2 minute read

Attacking and Defending Active directory

0x70sec’s Journey to Try Harder - Guide for PWK/OSCP

May 27, 2020 1 minute read

Hi! I’m 0x70sec