CTF Agrihack: Early Challenge

Cyber Security IPB (CSI) held CTF Agrihack 0x07. Agrihack0x07 is the 7th Agrihack and is open to all IPB University students and is a requirement to join the CSI community. Before the selection started, CSI gave an Early Challenge which consisted of 3 types of categories including: Forensics, Cryptography and Web Exploitation.

Tools

• nc (Netcat)
• binwalk
• exiftool
• base64
• hash identifier

Cryptography

Connect ke nc 8.215.28.14 18001

Let’s netcat and see what happens:

Encode text “cybersecurityipb” to base64.

Enter that base64 and be given a ciphertext which maybe hex.

Let’s decode it first, and we get the result “early_chall_csi”.

I tried to input the result and finally I got the flag.

Flag: flag{ini_flagnya_yaaa}

Forensics

Hint: Sebuah file lain tersembunyi di dalam file gambar ini. Temukanlah file tersebut dan dapatkan flagnya!

I tried to extract the files in .PNG with Binwalk.

There is one zip file which has password, I use exiftool to find the password.

and successfully extracted flag/flag.pdf

The flag is blank :D

I tried to copy with nano terminal.

Flag: flag{congratsz_para_calon_dukun_xixixi}

Web Exploitation + Osint

Masuk ke http://8.215.28.14:2601/

There are 3 comment tags, including index.html, main.js, and main.css.

• index.html - <! — https:// →
• main.css - /* pastebin.com */
• main.js - /* /Ym85vSez */

I made the full url => https://pastebin.com/Ym85vSez

seseorang bernama Sukma Dika baru saja mempelajari BEBERAPA TERMINOLOGI DASAR HTTP. Sepertinya dia meninggalkan jejak disana.

So far, it can be concluded that Sukma Dika has learned “Beberapa terminologi dasar HTTP” on the Cyber Security IPB YouTube channel.

I finally found a flag in the comments column with a user whose name matches the hint.

Flag: flag{semangatbelajarnyagan}