UTPHAX'15 - (FINAL) Challenge 6 - Privacy is no good

Download : BukuNota2.0.zip

Description : Did I bought a fake sotware?!
Point : 300

ATTENTION! This write up is for noobies only since my way yo get the flag was so noob.

Since I dont know about reverse engineering, so i just extract the file with peazip. Lol!

Then search for the flag in each file that have been extracted. And luckily got the flag in ".rdata".



Flag : 1xxmakanaNsiHatiTupENTing

UTPHAX'15 - (FINAL) Challenge 1 - Weird but not weird enough

Description : Nothing
Point : 400

Open the link and we have been given login page. Try inject the login using sql injection method.

By input this in the login

User : admin'--
Password : admin'--

Then got the flag.


Flag : pipe_for_teh_winneh!

UTPHAX'15 - (FINAL) Challenge 8 - Tay Tay

Description : Taylor Swift love if you concat everything. Kyaaa
Point : 300

We receive an E01 file. So we google the file extension, it is E01 files that have been created by EnCase.

When EnCase is used to image a hard drive, CD, or USB drive it produces an image file(s), these files are known as “E01” files, as this is the extension of the primary EnCase image file. The file name is provided by the users, e.g Drive1, A001, but the extension is automatically named E01.Aug 10, 2008  
https://whereismydata.wordpress.com/2008/08/10/e01-files/ 

Use EnCase to open the file and got this information.



and then mount it. Using AccessData FTK Imager to search "important" things.



So after mount it, open the mounted disk, and search for everything. Found IMPORTANT.txt at E:\WINDOWS\Desktop


Open that text file and found sentence that make us curious, "AND LOOK AT DOOM".


At the Desktop we can see there is doom file. So open the doom file and search anything that can help us get the flag. Back to the description, there is a hint "concat" so it means the flag must be in seperate file or anything that we need to use concat to get the flag. 

Open and open the files, we found 6 files (DOOMSAV0.DSG, DOOMSAV1.DSG.....) that have "malay" words at every first sentence. So we combine all those words from  files and got the flag. 








Flag : SAYARASAMACAMHIDUPTAHUN1998


UTPHAX'15 - (FINAL) Challenge 5 - Yeah... management...

Description : CEO send this file. He cannot open it. Help him.
Point : 500 points

First of all open the xlsx file first. Then it is just bunch of rectangle and round shape. Nothing interesting.


Then close the file and open it with peazip.


Search and search the file that is obvious and then found sheet4.xml file that the date different from other file.

Open the file with notepad++ and got the flag!


Flag : myfileisbrokenmommy

UiTM CTF 2015 - Crypto200

UiTM Melaka has organized ctf event for their students. So here are write up for the challenge.

Title : Crypto200
Point : Dont know.
We have been given a text :

Cuidqonho zaxxwhuxzv xkzqvugghs ql mp brjwkfcgy uaiqem tz 1Utxcrxci. Mtg nxy wy Wgr Uyzyatffhkx Upwnwimatl (PJQl), ygmwckl mpw yuzzqvl rizx fainwiexa nxyl bz rknpimq dnxcvxeu, tsx Vtfkhsut Dqa Kjmcef Ckjua (GWTTx) ca mtwl subndceqs ig uoitlbtzv iflb hr vaj 1Giemalnu myrqky.Hicud lfsa, "Mtg ztpmkzoxsn ql oqfrcbmqf mt wikdabsa wnf c mwuvlrqkrubbap iwiokmofj ua bfu ffcv tsggiu jtegw th iibthfwpxe cgi jpbxqltjpr ah 1Fffirekt – uywixg ynlam, bgkkizfmpvj hwp."[3]

Uofjxqtfged unmqt txmcfupz ybm hrhbhy wy Btbry Ubzklyyz hr Otqugluc Wfnw Lqtb Surbn Vns Lismm bsnzhpwvjx i lqtbjm wy WRBx cv hdfxw nw fqclzlm tzf brjzhhg mmy myrkvnyvvk cgi kctxkmd in zaxxwhuxzv ljldbogl fm exxn tx lmtxklnho mtg 1Fffirekt hivvqrm. Surbn utnx bamv DUCa pqtx ngxeqoxsnmw fq xsmckq “vaj jmhbnx’x mimuuyfwbbap...pmybaqt mmyg tdg lfnqlrkxi qqmt qnw mmkhkvj, qpxfjxw qm amxx xitoqf mmyqk bthgfmfe.”[4]

Ptocj'l mpgtovvqoxsn wy fjx PJQ xrhhwn ete ixsyztxnr byte-dgvjcdxp. Fxuobr Btbry Ubzklyyz Mmp Lwc Untabixqg Kclxcv lmkw ybm DBK ytlunxc pfm i rmtwxnqvw czfcvlf yanwp mtg ijixeq ehzfl fqclzlm mtg ijlnhdotswm hr Ptocj tzf mmy ohhgksgmgf. Jx xuqw fjx PJQl iqnqx xkaxbiy uhfkofnqhz hhw ydxda fnhqlfgk yi xxdhhwg exxn.[5]

Mmy SIUu iwidbpg t rykampbxg nhd vaj ydtxwtycwg ah fnhqlftbjm igp qmmyz zaxxwhuxzv tlyvvugl nhkegfbsa xxdhhwgigog kjpqxiu vflzbqf hzn moqtr xcf fapmmm. Mtoj fnhqlftr mua uqgg wyynutxi nw xevtgfqlt uijwqyue DUCa bzeezxqgs vafn nhowl th xhxkvd icmoqfjm woqt mmy bkmfbycwgmn xrjptekl th qgbwmx ngiuetqfg yawgi cv zaxxwhuxzv ijlnhdotswm teuxxmuxzvl fhl ixcgscvz. WRBx cvvxwwj xmmmkejx rhn fxxwzbbvbtha tzf ztutl rqk rcvbevxwm, lxbwmd gqguumjla, tzf ltgm hfjxw mmguqk lidxdpfjhb hrhbhciee.[4]

Ptocj amu biyvmuhbjx abj otoiz ianbhs ikqcl nh eauea PJQl ikeq jttk cg jmxxoktqfg byrhwnigf thqy qg uoiwidbzi mmy myrgvycdxzglx in mtg Fffirekts awoqtgryvm. Fjxxy ikq mgtqv te Ptycwgmn Djs Zxewey Uzxmu (GPLIl). Fjx SEZTe kghfcwq ekngm idgojhbbap, kjxcvupz lidxdpfjhb vatkzjbbap, bswzxmuxi ukvqul yi ynmnbys mwgetycwg, uoiwidxyggym qg fjx xnigpcki in euxbsa nhd nhb cvvaox llwnbu, nuaztpgl yi zndce nhnkmumwokmgtx, fhl byrktpmfqpmx cv igdenw bkmpluizmmvbth.[6]

Vtvku ffah upmwilnogw f hmp ocunhmm bqlnnqhz vh xoxiatm ybm Nzkmd uvw Bgkkizfmpvj Gqguumjl qg uoiqyuxzvbsa baq MIN mglfgf. Nxzbe Ltqu, baq hhwgmk OGH tz Utxcrxci Tutenhml, icl fjxhupmjx Ubzklyyz Puvatob t Bqkyzweuq tsx KXA qy Uyzyatffhkx Ycgfamfqpm fhl Wqnbayzr Gpby (Jmfmpwz), nw patd bcba Pt. Dtb Blg Mhth qg fttnhqgs qojl 500 ohhgksgmgf qykckxdu mt cuixgfjhb mtg DUC arevxr. Ua VQQ hk Jmfmpwz Clkuu pnft lgritlb mtg ptls hr Mhm, qph uu mmy ubzklyyz bz eaflox ah Gfnqhzce Zhqmk cgi Jmkrqkruvvq Otsuoxyggy.[7]
From the above text, we know it is ciphered text. So we have tried many ways like decode it from caesarian shift, affine, atbash but still got no clue. So i have decided to use Cryptool to get the flag.

Paste the ciphered text in the text editor.



Then go Analysis -> Symmetric Encryption(classic) -> Ciphertext-only -> Vigenere



And then an alert popup just click continue and you got the derived key for the cipher text.



Only an article about 1Malaysia but nothing interested so we decide the derived key is our flag and it is true!



Flag : UITMCTF