TryHackMe Walkthrough - CTF Collection Vol.1
I can't think of a good subtitle for this :/
17/01/2021
Time for some classic CTF challenges! We're still keeping things easy so lets see how it goes! You can check the room out here created by DesKel.
Task 1
Just click the button... I really hope you didn't come here for this challenge.
Task 2 - What does the base say?
The title gives this one away! If we copy the string into CyberChef it will automatically detect it as base64! We can decode it and get the flag!
Task 3 - Meta meta
I have a feeling this one has something to do with meta data! We can download the file and run "exiftool" against it to view the metadata. We'll find the flag in the "Owner Name" section!
Task 4 - Mon, are we going to be okay?
The description tells us something is hiding - sounds like a job for steghide! We can download the file and run steghide against it! We simply run:
steghide --extract -sf Extinction.jpg
It will prompt us for a password, but if we hit enter it'll work just fine. Open up "Final_message.txt" and get the flag!
Task 5 - Erm... Magick
The hint should be enough to get you through this one!
Task 6 - QRrrrr
Download the image and you'll see its a QR code! We can use a website like Web QR to scan it online. It should be obvious what the flag is after its been scanned.
Task 7 - Reverse it or read it?
Downloading the file and trying to read it makes it very obvious it isn't plain text. If we run "chmod +x" on it and run it, we are greeted with a nice message but no flag. However, running "strings" against it will get us the flag! You might have to scroll up a bit to see it but it is there!
Task 8 - Another decoding stuff
Time to open up CyberChef again! If we throw the string in, it will automatically detect it as Base58. Decoding it will get us the flag!
Task 9 - Left or Right?
Another job for CyberChef! We can throw our string in and start playing around. It looks like it could be some sort of shift cipher so lets try ROT13. After rotating it a bit, 7 is our magic number and gives us the flag!
Task 10 - Make a comment
We can check the page for comments by right clicking on the description and clicking "Inspect Element". There’s the flag!
Task 11 - Can you fix it? (Yes we can!)
There's a couple approaches we could take here but I used good ol' CyberChef (can you tell I really like it?). We can open the image file in CyberChef and use the "To Hex" function to turn it into... you guessed it. We can see the file header isn't the correct png header. A png file has the header:
89 50 4E 47
So lets fix this! We can click the "Replace Input with Output" button on the output section of cyberchef to move our output into our input. Make sure to remove the "To Hex" function. Then we replace the first 8 characters with 89 50 4E 47 and add the functions "From Hex" and then "Render Image". Just like that - we have our flag!
Task 12 - Read it
This flag is on some social media account. The title "Read it" sounds a lot like "reddit" so lets start there. I searched the tryhackme subreddit for "task 12" but didn't find the flag. I did however find someone who said we should search for "tryhackme rooms reddit" and the first link had the flag! The post was titled "New room Coming soon".
Task 13 - Spin my head
Well this looks gross! The hint tells us it's encoded with "binaryfuck" but I had more luck using this Brainfuck Decoder. Put the string in the interpreter and execute. There's the flag!
Task 14 - An exclusive
Time for some XOR! I went over to xor.pw and put in both strings! I switched the output to ascii and there was the flag! Simple!
Task 15 - Binary Walk
The title makes me think "binwalk" so lets use that! Download the file and run:
binwalk -e hell.jpg
THis will extract the hidden files from "hell.jpg" and put them in a new directory called "_hell.jpg.extracted". We head in there and find a nice .txt file with our flag in it!
Task 16 - Darkness
For this we'll need the stegsolve tool! Once you've installed it, open it up with "./stegsolve.jar" and open the file we downloaded from TryHackMe. It's then as simple as clicking the right arrow to go through all the different filters until we find the flag!
Task 17 - A sounding QR
This one is very straight forward - scan the QR code and listen to the flag! Make sure to put it in the format of THM{FLAG}.
Task 18 - Dig up the Past
Another straightforward flag! Head over to The Wayback Machine and put the provided URL in. Then make sure to visit 2nd of January 2020 and you'll see the flag on the page! (HINT: You might need to scroll down a bit!)
Task 19 - Uncrackable!
This one might be a little hard to explain! The text is in a vigenere cipher. We can put the string into CyberChef and use their "vigenere decode" module. It asks us for a key. We don't know the key but we do know that when correctly decoded it should have "TRYHACKME" in it, so lets put that as the key. When we do that, we still have some gibberish but if we take the start of the gibber, "THMTHMTHM" and use THAT as the key, then we get our flag!
Task 20 - Small bases
We have a long string of decimals. If we turn that into HEX and then ASCII we get our flag!
Task 21 - Read the packet
We're gonna need WireShark for this one! Download the file and open it in WireShark! I always like to start easy so lets first filter for HTTP traffic! Wow, what do you know? There's some HTTP traffic right there! If we right click the packet that includes "GET /flag.txt" and go "Follow->HTTP Stream" we can see our flag!
Conclusion
What a great introduction to CTFs! A real wide range of challenges - some were even new to me! If you want to get into CTFs or are preparing to attend your first one I would highly suggest this room! Awesome for beginners!