NepHack 3.0 Walkthrough

Ashok Chapagai
4 min readJan 29, 2020

--

NepHack is an annual Jeopardy-style Capture the Flag (CTF) competition with a set of tasks/challenges that reveal clues that guide the participant in solving various kind of technical challenges.

I decided to join NepHack 3.0 as I was very new to the cyber-security community and wanted to make some friends.
The competition started in 25th January 2020 at 10 am GMT+545 and ended on 26th January at 5.
Here is the brief walkthrough to the challenges and their solutions that were presented in NepHack 3.0.

P.s I am a complete beginner thus my methodologies might differ completely from the experts, feel free to correct me if I am wrong and feedbacks.

We will be starting from fairly easy ones and do others in no particular order.

FORENSICS ->Crockford

Challenge overview

It seems like the text is encrypted in Crockford Base 32 encoding.

CDWPWTB3C5P5YSKCC5KQPRVJDXHPPSKFE9J76BB2C5SPACSJBXYG

If we Google Crockford decipher and navigate to the website, Crockford Base32 Decoder

Crockford Base 32 Decoding

RECON > SOCIAL

Challenge: Social

So what comes in our mind when we hear the word social?
Facebook, right.
So the organizer of the event were Cynical Technology.
So we need to check their facebook page.
Cynical’s Facebook Page
And if we head to About Us section,
We get something like this,

About Us Section

The text looks like encoded in base64, so we decode it using following bash script.

echo ‘Y3luaWNhbF9mbGFne1dlX0xvdmUtU29jaWFsX01lZGlhfQ’ | base64 -d

we get the flag,
cynical_flag{We_Love-Social_Media}

CRYPTO -> ROOT

Challenge: Root

So inside the root.txt file, we get the following text.

Pvcure grkg vf grpuavdhr bar bs gur rneyvrfg naq fvzcyrfg zrgubq bs rapelcgvba grpuavdhr. Vg’f fvzcyl n glcr bs fhofgvghgvba pvcure{plavpny_synt}>>plavpny_synt{Pvcure_grkg_jr_ner_ureb}.Erghea gur arj fgevat trarengrq.

So the text looks like encoded with ROT13 algorithm. and if we decode that using website ROT13 Decoder .

ROT13 Decoder

We get the flag, cynical_flag{Cipher_text_we_are_hero}

RECON -> Do you know?

Challenge : Do you know?

So we see in another challenge named Sub-ject, we can see something like this,

Challenge: Sub-ject

So we get the flag as, cynical_flag{bugv.io}

MISC -> Look

Challenge : Look

So we get the file look.zip

Inside Look.zip

Inside the look.zip , it looks as if there are 200+ folders and each with a flag.txt inside them.

We need to look into all sub-folders and all the flag.txt files,

We can do this using following bash script,

cat -A look.zip | grep cynical_flag

and we get the flag as,
cynical_flag{you_made_it_through_maze}

MISC -> Math Genius

Challenge: Math Genius

So from the description, the first number looks like a DMS link. We can open website using DMS link as, http://<DMS-Number>

Challenge : Math Genius

It is quite impossible for us to enter the value manually .
We use following script written in JavaScript and spam the script in console 10 or more times .

num1 = parseInt(document.querySelectorAll(“form span”)[1].innerHTML);
num2 = parseInt(document.querySelectorAll(“form span”)[3].innerHTML);
sign = document.querySelectorAll(“form span”)[2].innerHTML; sign = sign.trim(); result =””;
if(sign==’+’){
result = num1+num2; }
else if(sign==’-’){
result = num1-num2; }
else if(sign==’*’){
result = num1*num2; }
else if(sign==’/’){
result = num1/num2; }
else if(sign==’%’){
result = num1%num2; }
document.querySelectorAll(“form input”)[1].value=result;
document.querySelector(“button”).click();

and Voila!!! The flag is there

Flag: Math Genius

TBC

--

--