# CTF collection Vol.1

## 1. What does the base said?

![image](https://user-images.githubusercontent.com/44063862/82412111-9c40df80-9aa5-11ea-9caa-ab82757c9a1f.png)

BY the given encoded, we know that this is **BASE 64** VEhNe2p1NTdfZDNjMGQzXzdoM19iNDUzfQ==

So, heat up our "oven" [CyberChef](https://gchq.github.io/CyberChef/)

![image](https://user-images.githubusercontent.com/44063862/82412119-9f3bd000-9aa5-11ea-9878-0922af9b6776.png)

**Flag: THM{ju57\_d3c0d3\_7h3\_b453}**

## 2. Meta Meta

![image](https://user-images.githubusercontent.com/44063862/82412186-c85c6080-9aa5-11ea-84a0-214378df02e0.png)

This is the given picture. (Find Me.jpg)

![Findme](https://user-images.githubusercontent.com/44063862/82414061-0ad36c80-9aa9-11ea-836f-156f10b58d3d.jpg)

Hint is in the title itself. Meta = Metadata. Usually I will use exiftool in linux. But, today i want to share new online tools for exiftool.

[metapicz](http://metapicz.com/#landing)

![image](https://user-images.githubusercontent.com/44063862/82414075-13c43e00-9aa9-11ea-9bff-1f1f1a6a7391.png)

**Flag: THM{3x1f\_0r\_3x17}**

## 3. Mon, are we going to be okay

![image](https://user-images.githubusercontent.com/44063862/82414329-7289b780-9aa9-11ea-8c0c-b9064f4d47f6.png)

This is the picture that they give.

![Extinction](https://user-images.githubusercontent.com/44063862/82418208-496c2580-9aaf-11ea-984e-af1bbc042558.jpg)

Well, just try online stega tools.

[Steganographic Decoder](https://futureboy.us/stegano/decinput.html)

![image](https://user-images.githubusercontent.com/44063862/82414339-787f9880-9aa9-11ea-97f3-296e63aff8a0.png)

**Flag: THM{500n3r\_0r\_l473r\_17\_15\_0ur\_7urn}**

## 4. Erm......Magick

![image](https://user-images.githubusercontent.com/44063862/82414452-a95fcd80-9aa9-11ea-8ab9-76aa0a42913d.png)

This was like free flag. i didn't mean to get this one. Lucky I found it.

![image](https://user-images.githubusercontent.com/44063862/82414458-abc22780-9aa9-11ea-92aa-bce4ae5447c8.png)

**Flag: THM{wh173\_fl46}**

## 5. QRrrrr

![image](https://user-images.githubusercontent.com/44063862/82414539-c6949c00-9aa9-11ea-8a70-177e3d867973.png)

They give QR Code. So, just find QR Code Decode

[ZXing Decoder Online](https://zxing.org/w/decode.jspx)

![image](https://user-images.githubusercontent.com/44063862/82414549-c8f6f600-9aa9-11ea-991b-c7085cea7fa3.png)

**Flag: THM{qr\_m4k3\_l1f3\_345y}**

## 6. Reverse it or read it?

![image](https://user-images.githubusercontent.com/44063862/82414623-ecba3c00-9aa9-11ea-8e63-76acef077728.png)

I try to run this file.

```
./hello.hello
```

![image](https://user-images.githubusercontent.com/44063862/82414628-ef1c9600-9aa9-11ea-920d-8631b2f7605b.png)

But I didn't get anything. Just a simple hello. So. I try to read this file by run this command

```
strings hello.hello
```

![image](https://user-images.githubusercontent.com/44063862/82414632-f17ef000-9aa9-11ea-89b8-f109e176ad3d.png)

**Flag: THM{345y\_f1nd\_345y\_60}**

## 7. Another decoding stuff

![image](https://user-images.githubusercontent.com/44063862/82416559-cfd33800-9aac-11ea-9429-85ae3973486b.png)

I try **Magic** in CyberChef 3agrSy1CewF9v8ukcSkPSYm3oKUoByUpKG4L

It's Base 58.

[CyberChef](https://gchq.github.io/CyberChef/)

![image](https://user-images.githubusercontent.com/44063862/82417203-c7c7c800-9aad-11ea-9292-a8f12e3198f9.png)

**Flag: THM{17\_h45\_l3553r\_l3773r5}**

## 8. Left or right

![image](https://user-images.githubusercontent.com/44063862/82416658-fa24f580-9aac-11ea-8e56-a7617b902669.png)

MAF{atbe\_max\_vtxltk}

"Rot 13 is too mainstream" but we sure that this is Rot something. So, using cyberchef, rot until found the flag. It is Rot 33.

[CyberChef](https://gchq.github.io/CyberChef/)

![image](https://user-images.githubusercontent.com/44063862/82416665-fd1fe600-9aac-11ea-85f7-92523308ea81.png)

**Flag: THM{hail\_the\_caesar}**

## 9. Make a comment

![image](https://user-images.githubusercontent.com/44063862/82416718-1aed4b00-9aad-11ea-8b06-6d5a25ac9adf.png)

We have no source for this challenge. Why don't we check "Inspect".

![image](https://user-images.githubusercontent.com/44063862/82416721-1cb70e80-9aad-11ea-8457-7e9d41dcd2ec.png)

**Flag: THM{4lw4y5\_ch3ck\_7h3\_c0m3mn7}**

## 10. Can you fix it?

![image](https://user-images.githubusercontent.com/44063862/82416803-3fe1be00-9aad-11ea-9b3a-0e5459e20f20.png)

He said he messed up with this PNG file. So, we open up HxD/hexeditor to check the header/footer of this file.

![image](https://user-images.githubusercontent.com/44063862/82416809-42dcae80-9aad-11ea-8410-95f99f3ea083.png)

Yaa, he messed it up. As we can see, wrong header.

Search [List of signatures](https://en.wikipedia.org/wiki/List_of_file_signatures)

This is a signature header for PNG file.

![image](https://user-images.githubusercontent.com/44063862/82416824-45d79f00-9aad-11ea-8243-deeaca08d3d0.png)

Change and save it.

![image](https://user-images.githubusercontent.com/44063862/82416829-47a16280-9aad-11ea-9396-33e0eaf9fdb0.png)

![repair](https://user-images.githubusercontent.com/44063862/82419985-b7195100-9ab1-11ea-96ab-0523b58b1261.png)

**Flag: THM{y35\_w3\_c4n}**

## 11. Read it

![image](https://user-images.githubusercontent.com/44063862/82420288-1d9e6f00-9ab2-11ea-9441-ad124761daa2.png)

Find all possible tryhackme account until it lead too tryhackme reddit account where the flag is.

[tryhackme - reddit](https://www.reddit.com/r/tryhackme/)

![image](https://user-images.githubusercontent.com/44063862/82420309-22fbb980-9ab2-11ea-8d83-1852b9d31e41.png)

**Flag: THM{50c14l\_4cc0un7\_15\_p4r7\_0f\_051n7}**

## 12. Spin my head

![image](https://user-images.githubusercontent.com/44063862/82420592-80900600-9ab2-11ea-95b2-8ef28c4ecb95.png)

> ++++++++++\[>+>+++>+++++++>++++++++++<<<<-]>>>++++++++++++++.------------.+++++.>+++++++++++++++++++++++.<<++++++++++++++++++.>>-------------------.---------.++++++++++++++.++++++++++++.<++++++++++++++++++.+++++++++.<+++.+.>----.>++++.

This is [Brain Fuck](https://en.wikipedia.org/wiki/Brainfuck)

Find Online tools.

[Brainfuck](https://www.dcode.fr/brainfuck-language)

![image](https://user-images.githubusercontent.com/44063862/82420782-c77dfb80-9ab2-11ea-8824-2f7a73b18c7e.png)

**Flag: THM{0h\_my\_h34d}**

## 13. An exclusive!

![image](https://user-images.githubusercontent.com/44063862/82421047-1166e180-9ab3-11ea-818d-abb51d573ed6.png)

> S1: 44585d6b2368737c65252166234f20626d S2: 1010101010101010101010101010101010

By using [CyberChef](https://gchq.github.io/CyberChef/), we try Hex then XOR.

![image](https://user-images.githubusercontent.com/44063862/82421088-1fb4fd80-9ab3-11ea-9f69-57f8e8114e48.png)

**Flag: THM{3xclu51v3\_0r}**

## 14. Binary Walk

![image](https://user-images.githubusercontent.com/44063862/82421157-378c8180-9ab3-11ea-858f-e128cd95b9bd.png)

So, fire up our kali to **Binwalk** this file

![image](https://user-images.githubusercontent.com/44063862/82421168-39eedb80-9ab3-11ea-9d50-1b3d1ce5126a.png)

```
binwalk -e hell.jpg
```

![image](https://user-images.githubusercontent.com/44063862/82421180-3ce9cc00-9ab3-11ea-9e1f-d4b4c4383d81.png)

**Flag: THM{y0u\_w4lk\_m3\_0u7}**

## 15. Darkness

![image](https://user-images.githubusercontent.com/44063862/82421596-cef1d480-9ab3-11ea-88a9-29100a356f79.png)

"Lurking in the dark" it sounds like a hint. I try using **Stegsolve**

![image](https://user-images.githubusercontent.com/44063862/82421603-d1ecc500-9ab3-11ea-8a4b-911b5d073e19.png)

**Flag: THM{7h3r3\_15\_h0p3\_1n\_7h3\_d4rkn355}**

## 16. A sounding QR

![image](https://user-images.githubusercontent.com/44063862/82421784-255f1300-9ab4-11ea-8da6-7488edb83ba8.png)

Well, just try QR Decode online tools. [ZXing Decoder Online](https://zxing.org/w/decode.jspx)

![image](https://user-images.githubusercontent.com/44063862/82421789-28f29a00-9ab4-11ea-925c-33e5f770a6a1.png)

We get link after decode. <https://soundcloud.com/user-86667759/thm-ctf-vol1>

![image](https://user-images.githubusercontent.com/44063862/82421802-2c862100-9ab4-11ea-85d4-e4a5cbe50f69.png)

**Flag: THM{SOUNDINGQR}**

## 17. Dig up the past

![image](https://user-images.githubusercontent.com/44063862/82421998-7838ca80-9ab4-11ea-849c-dfa2e7a4636c.png)

I go to the link. <https://www.embeddedhacker.com/>

But, unfortunately! We don’t get anything for the given date. <https://www.embeddedhacker.com/2020/01/hacking-walkthrough-ctflearn-crypto-medium/>

Well, I need hint.

![image](https://user-images.githubusercontent.com/44063862/82422151-aa4a2c80-9ab4-11ea-89e8-b61e024efa37.png)

Erm, Wayback Machine. Okay, Mr Google. I need your help.

[Wayback Machine](https://archive.org/web/)

Put in our link that was given from the challenge.

![image](https://user-images.githubusercontent.com/44063862/82422164-ad451d00-9ab4-11ea-84d5-a8a67a4ebd09.png)

Find January 2, 2020 from the calendar.

![image](https://user-images.githubusercontent.com/44063862/82422170-afa77700-9ab4-11ea-9989-f6cec395cd83.png)

Click on [13:12:52](https://web.archive.org/web/20200102131252/https://www.embeddedhacker.com/). Scroll until found our flag.

![image](https://user-images.githubusercontent.com/44063862/82422176-b2a26780-9ab4-11ea-9a14-dd60f06b1d69.png)

**Flag: THM{ch3ck\_th3\_h4ckb4ck}**

## 18. Uncrackable!

![image](https://user-images.githubusercontent.com/44063862/82422603-3bb99e80-9ab5-11ea-9875-c2173f9397c7.png)

MYKAHODTQ{RVG\_YVGGK\_FAL\_WXF} . Well, seems like vigenere without a key to me.

[Vigenere Solver](https://www.guballa.de/vigenere-solver)

![image](https://user-images.githubusercontent.com/44063862/82422610-3e1bf880-9ab5-11ea-96b5-385199a5df12.png)

**Flag: TRYHACKME{YOU\_FOUND\_THE\_KEY}**

## 19. Small Bases

![image](https://user-images.githubusercontent.com/44063862/82422857-9521cd80-9ab5-11ea-9278-3d56ce34f5c0.png)

> 581695969015253365094191591547859387620042736036246486373595515576333693

First, I decode [Decimal-Hex](https://www.rapidtables.com/convert/number/decimal-to-hex.html)

![image](https://user-images.githubusercontent.com/44063862/82422864-981cbe00-9ab5-11ea-9167-5686084103ab.png)

Then, [Hex-Ascii](https://www.rapidtables.com/convert/number/hex-to-ascii.html)

![image](https://user-images.githubusercontent.com/44063862/82422873-9a7f1800-9ab5-11ea-8f12-583a90c9ebf9.png)

**Flag: THM{17\_ju57\_4n\_0rd1n4ry\_b4535}**

## 20. Read the packet

![image](https://user-images.githubusercontent.com/44063862/82423262-2133f500-9ab6-11ea-9325-d6df5eeb7d6e.png)

Open up pcap file using Wireshark

Then, File - Export object - HTTP

![image](https://user-images.githubusercontent.com/44063862/82423275-24c77c00-9ab6-11ea-9e51-dd3175ae775e.png)

Click on flag.txt – Save

![image](https://user-images.githubusercontent.com/44063862/82423286-26913f80-9ab6-11ea-9abb-64b61405fb7f.png)

**Flag: THM{d0\_n07\_574lk\_m3}**

DONE!!

Thank you for reading my writeup.

*<mark style="color:orange;">By AdaniKamal</mark>*


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://adanikamal.gitbook.io/adanikamal/walkthrough/tryhackme/ctf-collection-vol.1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.