Documentation

Challenge 1:- Old Heritage

Step 1:- Download and the image and do Google search you will get this image and name

Step 2:- then search more details that are asked such as year when the construction of the church
was started who's body does that church contain and then you will get the flag 

Step 3 :- TechCTF{Basilica_of_Bom_Jesus_1594_St._Francis_Xavier}

Challenge 2 :- JS leak
1. Refer ASCII table and understood from code snippet that shift 5 of ceaser cipher is used and
created a flag. PS:- did ascii table conversion not used and code to decrypt so took more then 5
chances you can check.

Step 1. Run the code and see the output and comapre it with input
Step 2. Run cesear cipher tool and with shift of 5 you get output
Step 3. https://www.dcode.fr/caesar-cipher
Step 4. compare step 1 & 2 by referencing ascii chart shared and you will understand key is right
input it to get the flag inside TechCTF{}
Step 5. Got the flag -> TechCTF{mycodeleakedthesecret}
Challenge 3 :- Base Baba
Step 1. Base Encoded 58 was used decoded using cyberchef
Step 2. Flag - TechCTF{bab7_k0_ba53_pa5an6_ha1}
Challenge 4:- beep beep click click click
Step 1. Downloaded the audio file and use online audio morse decrypter tool and got the flag as
shared in ss with the flag format TechCTF{}. Removed the space and added between the format.

Challenge 5:- Sleuth

Step 1. Use strings tool simply and kali and got the flag as  TechCTF{bab7_s7r1s6s_4r3_4m4Zin9}
Challenge 6:- Sanity Check
Step 1. Go to Sanity check discord link -> login -> then rules of engagement and flag as hardcoded
title is given in the top as shown in symbol
Step 2. Flag – TechCTF{h3r3_15_a_fr33_fla9}

Challenge 7 - // Flag you need

Step 1. As gone thorugh the flag then as per the ask. We gone through the linkedln post & ACE 3.0
website to gather info of all the connected partner.
Step 2. Then we check the linkedln post and gone through each & Every post along with comments
section.
Step 3. We tried for few attempts and after that we got the flag.
Step 4. https://www.linkedin.com/in/ykk0x/recent-activity/comments/
Step 5. TechCTF{ f7a9_0f_th3_da7}
Challenge 8 - Anti Cheating
Step 1. By analysing the cipher code from online we found two possibilities. We check for both &
after the key we reveived we assume to be the PlayFair method.
Step 2. We put the key to cyberchef and tried to decode the Key to apply in Playfair.
Step 3. https://gchq.github.io/CyberChef/#recipe=From_Base58('123456789ABCDEFGHJKLMNPQRST
UVWXYZabcdefghijkmnopqrstuvwxyz',false)&input=Z3p5aUNraXR2RE04QmZDbnlLZFdFZFE5M2ZC
VXg2MVpLNw

Step 4. key = cheating chodni hogi bas

Step 5. https://www.dcode.fr/playfair-cipher
Step 6. EVERYTHINGISFAIRINLOVEANDWARANDCTFSBUTNOTINLIFEX
Step 7. Generated Ticket on discord to get assistance for flag format.
Step 8. Received assistance & submitted the Flag. ( Discord Chat is not available to post the Snapshot.

Challenge 9: University Marks

Step 1. Url - http://134.209.144.124:5553/login.html

Step 2. Login page – open the login page
 Step 3. Sensitive information disclosure (cntrl + u) login : Page-source

Step 4 -Try with login page the credential mentioned in highlighted state

Step 5 -

Step 6: - DashBoard - access

Step 7 – added the “Robots.txt”

/flag.php

Step 8 - while accessing flag.php

Step 9 - Its a empty page

Step 10 – Get from hint (Logout.php)

We have only logout functionality.Intercept

the logout request

Step 11 - redirect to login.html using burpsuit

Step 12 - Let's read the flag.php file using logout.php request by modify the referer header
inthe request

Step 12 - Right click on the response side -> show response over the browser -> copy the link -
>and access
 Flag - TechCTF{s0m3t1m3s_l0g0ut_m1gh1_h3lp_18eb77d9559}

Challenge 10 – Forensics
Step 1 – open the pcap file. Applied the filter for http

Step 2 – Gone through the packets. And found that at row no 112 the site got the response.

Step 3 – Gone through the HTTP stream. And found the first part of the flag.

Step 4 – export the http packets and received the ELF file.

Step 5 - open that in any decompiler

Step 6 - void glory(void)

{ puts("Use this to achieve glory(part_1_half): CnlqLCO{O0a3w51l_ ");
fflush(stdout);
return;}
void glory_part_2(void)
{ puts("W3Cf0at_7a4oo1l_F1cq_");
 fflush(stdout);
return;
}
void glory_part_1_full(void)
{
puts("Jw4uh51b_0o_");
fflush(stdout);
return;
}
void glory_final(void)
{
putchar(0x7d);
fflush(stdout);
return;
}
void glory_part_3(void)
{
printf("F!a3bq4at_5l21m804");
fflush(stdout);
return;
}

Step 7 - joining this things

Step 8 -
https://gchq.github.io/CyberChef/#recipe=ROT13(true,true,false,17)&input=Q25scUxDT3tPMGEzdz
UxbF9KdzR1aDUxYl8wb19XM0NmMGF0XzdhNG9vMWxfRjFjcV9GIWEzYnE0YXRfNWwyMW04MDR9

Step 9 - https://dogbolt.org/?id=1e7c54d9-b599-45d4-89f3-0e215fdb1495

Step 10 - TechCTF{F0r3n51c_An4ly51s_0f_N3Tw0rk_7r4ff1c_W1th_W!r3sh4rk_5c21d804

Challenge 11 – CyberJargon
Step 1 -
https://gchq.github.io/CyberChef/#recipe=From_Binary('None',8)&input=MDEwMTAxMDAwMTEw
MDEwMTAxMTAwMDExMDExMDEwMDAwMTAwMDAxMTAxMDEwMTAwMDEwMDAxMTAwMTEx
MTAxMTAwMTEwMTAxMDExMTAxMDEwMTAxMDAwMDAwMTEwMDExMDExMTAwMTAwMTAxM
TExMTAxMTEwMTExMDAxMTAwMTEwMDExMDAwMTAxMTEwMDEwMDExMDAxMDAwMTAxMTE
xMTAxMDEwMTAwMDAxMTAxMDAwMTEwMDAxMDAxMTEwMDExMDEwMTExMTEwMDExMDEw
MDAxMTAxMTEwMDExMDAxMDAwMTAxMTExMTAwMTEwMTAxMDExMTAwMDAwMDExMDEwM
DAxMTAwMDExMDAxMTAwMTEwMTExMDAxMTAxMDExMTExMDAxMTAwMDEwMTEwMTExMDA
xMDExMTExMDExMTAxMDAwMTEwMTAwMDAwMTEwMDAxMDAxMTAxMDEwMTAxMTExMTAxM
DAwMDExMDExMTEwMDEwMTEwMDAxMDAwMTEwMDExMDEwMTAwMTAwMTAxMTExMTAxMD
AwMTAwMDAxMTAwMDEwMTEwMDAxMTAwMTEwMTExMDAxMTAwMDEwMDExMDAwMDAxMT
AxMTEwMDAxMTAxMDAwMTExMDAxMDAxMDExMDAxMDEwMTExMTEwMDExMDEwMDAxMTAw
MTAwMDAxMTEwMDAwMTEwMDEwMTAxMTAwMDAxMDAxMTAwMTAwMTEwMDExMDAwMTE
wMDAwMDAxMTAxMTEwMTEwMDAxMTAxMTExMTAx

Step 2 - c='''

cybersecurity pentesting

hacking
honeypot

trojan
rootkit

cryptography
backdoor

malware exploit

'''

for i in c:
a=ord(i)
if a==9:
print(0,end="")
 elif a==32:
print(1,end="")

applied the code on the text file to get the details.

Step 4 - TechCTF{5uP3r_w31rd_T4bs_4nd_5p4c3s_1n_th15_Cyb3R_D1c710n4rY_4d8ea2f07c}

Challenge 12 – Decrypto

Step 1 – created the code with the help of AI tool

import base64

def set_value(a, b):

return b % a

def set_key(a, b, c):

return pow(b, a, c)

def decrypt_level2(ciphertext, key):

plaintext = ""
for num in ciphertext:
decrypted_num = int(((num - (631355 - 163) * 43) / key) ** (1/4))
plaintext += chr(decrypted_num)
return plaintext

def decrypt_level1(ciphertext, text_key):

plaintext = ""
key_length = len(text_key)
for i, char in enumerate(ciphertext):
key_char = text_key[i % key_length]
decrypted_char = chr(ord(char) ^ ord(key_char))
plaintext += decrypted_char
return plaintext[::-1] # Reverse the plaintext

if __name__ == "__main__":
ciphertext = [27371752, 27201256, 386958472, 27771112, 355346152, 155429512, 325864072,
27155662, 179611342, 49629832, 27155662, 456977032, 179611342, 298414312, 27141352,
29883112, 27923182, 28820302, 31384942, 420801256, 67732462, 27771112, 355346152,
27165832, 298414312, 27265672, 155429512, 27155662, 456977032, 29485006, 74484142,
95040232, 134245006, 27229102, 355346152, 47654062, 28820302, 420801256, 41021902,
28308142, 285421582, 27141256, 33432712, 115799272, 27141262, 148047982, 58991752,
67732462, 370879822, 42501256, 140989672, 311891182, 36145006, 27445006, 74484142,
110216302, 56419342, 32001256, 27149032, 28820302, 82045006]

secret_key = base64.b64decode(b'c2lsdmVyY2F0').decode('utf-8')
 a = set_value(45, 563)
b = set_value(131, 4929)
c = set_value(9713732, 6129364909)
key = set_key(a, b, c)

decrypted_level2 = decrypt_level2(ciphertext, key)

plaintext = decrypt_level1(decrypted_level2, secret_key)
print("Decrypted plaintext:", plaintext)

Step 2 – Submitted the flag in the flag format

Challenge 13 - fsociety!

Step 1 – Open the link

Step 2 – added robot.txt to the url

Step 3 – add it to the URL path

Step 4 – Added to URL & run the URL
Step 5 – Cntrl + U to verify the code & get the flag.

TechCTF{Mr_R0b0ts-
El1i0t_w1ll_H3lp_y0u_6et_Th3_h!dd3n_fl4g!!_79ad0e3eb42b
f}

Challenge 14- Transmission 01

Step 1: Open Java Compiler

Launch your Java compiler or integrated development environment (IDE) such as Eclipse, IntelliJ
IDEA, or NetBeans.
Step 2: Check all the class files and go through the codes

Navigate to the directory containing the Java class files you want to examine.
Open each class file using your Java compiler or a decompiler tool like JD-GUI or jadx.
Analyze the Java source code to understand its functionality and identify any potential clues or hints.
Step 3: Apply the key to the code to run

Identify the section of code where you need to apply the key. This could be a method or a variable
that requires a specific value.
Locate the variable or method that requires the key for proper execution.
Assign the key value to the appropriate variable or use it as an argument to the method as needed.
Save your changes to the Java source code file.
Step 4: Key = 78

Use the key value "78" wherever required in the Java source code. Ensure that you apply the key
correctly according to the code logic.
Step 5: Compile and Run the Code

After applying the key, compile the modified Java source code using your Java compiler or IDE.
Run the compiled Java program and observe the output.
If the program requires user input, provide the necessary input, including the key value if prompted.
Step 6: Verify the Output

Check the program's output to see if it reveals any clues, hints, or the flag itself.
Analyze the output carefully to extract any relevant information that may help you progress in the
CTF.
Step 7: Repeat as Necessary

If the provided key does not yield the desired result or if there are multiple steps or levels in the CTF,
repeat the process for each step or level.
Adjust the key value or modify the code as needed based on the requirements of each step.

Challenge 15 - Messy APK

Step 1. The main Launcher activity has the user credentials. But the password was not
there. IN the main activity. But the password was incomplete.
Step 2. User id – Admin, Pasword – Password was half written & the next was passed
through the “Pass” Variable.
Step 3. The pass variable is passed through another class known as Data.
Step 4. The string the class was encoded with bytes. And it was generated dynamically.
Step 5. Copy & Run the java function to another internal.
Step 6. After generating the strings by the dynamic process the both strings were
concatenated.
Step 7. By the above way the password was created.
Step 8. By the above credentials user can logged in & a message was printed as “you have
been successfully logged in”.
Step 9. Flag was the password it self.
Step 10. Submitted in the form of Flag.
Challenge 16 - Expulsion

Step 1. From the robots.txt , we got creds.txt path

Step 2. In creds.txt there is a encrypted password for user techie123,

Step 3. Original Request: Owner is techie123
Step 4. So change the owner with “admin”
 Ch

Challenge 17 - Horror sk..

Step 1. Scan the pic through the google Lenx
Step 2. Got the link of you tube
Step 3. https://youtu.be/ct4sKrg86eM?si=7rlhuwH4K89jFnxD
Step 4. The number was mentioned on the number plate of the car at 0:56 sec.
Step 5. From there took the number & added on the flag format.

Challenge 18 – TrailSeek
Step 1. Added the details to the chatgpt.
Step 2. Used tools: ChatGPT – Cyberchef
Step 3. Conversation - Sam Altman – ChatGPT
Step 4. Here you will get Encoded string
Step 5. Uploaded the data to cyber chef.
Step 6. Added the magic and baked the data.
Step 7. Received the flag and added in the flag format.