I participated in the TechStarters CTF competition which took place on the 3rd of February 2023. This was a beginner level ctf actually (very beginner level lool)

This is a writeup of the challenges I solved during the event. Lets jump right into it

Challenges Solved

• We are Anonymous
• Discord
• Empty Folder
• Logic Test
• Safenet
• Who are we
• Hide Data
• Finding Me
• Who Am I
• Ascii Player_101

We are Anonymous

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/01 - _we are anonymous_]
└─$ cat we\ are\ anonymous...\ we\ keep\ our\ word.txt                     
we are anonymous

















we keep our word.

































find me if you can






































on X













































my code is anon28148356789

At first I thought it was a steganography chall that requires using stegsnow, but nahh I was definitely overthinking it😂. Well, we were given the username to be anon28148356789, lets go over to x to get this user’s profle

We got a base64 text, lets decode this

command:echo "dHNjQ1RGe3lvdV9jYW5fY29weSZwYXN0ZX0=" | base64 -d

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/01 - _we are anonymous_]
└─$ echo "dHNjQ1RGe3lvdV9jYW5fY29weSZwYXN0ZX0=" | base64 -d                
tscCTF{you_can_copy&paste}

We got our flag hehe

FLAG:-tscCTF{you_can_copy&paste}

---

Discord

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/02 - disco... disco... discord]
└─$ cat disco...\ disco...\ discord.txt               
https://discord.gg/NTyTCmJr 

You can see we got a link to their discord server, so all you have to do is navigate to that link and complete the required processes

Well, once you’ve joined the discord server you should see this

We have another base64 text, lets decode this

command:echo "dHNjQ1RGe2lfYW1fd2hhdF95b3VfYXJlX2xvb2tpbmdfZm9yfQ==" | base64 -d

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/02 - disco... disco... discord]
└─$ echo "dHNjQ1RGe2lfYW1fd2hhdF95b3VfYXJlX2xvb2tpbmdfZm9yfQ==" | base64 -d
tscCTF{i_am_what_you_are_looking_for}

We got our flag

FLAG:-tscCTF{i_am_what_you_are_looking_for}

---

Empty Folder

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/03 - empty.folder]
└─$ ls -la
total 12
drwxr-xr-x  3 bl4ck4non bl4ck4non 4096 Feb  3 13:09 .
drwxr-xr-x 12 bl4ck4non bl4ck4non 4096 Feb  3 13:31 ..
drwxr-xr-x  2 bl4ck4non bl4ck4non 4096 Feb  3 12:53 empty.folder.eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6InRzY0NURntpX2FtX2hlcmV9IiwiaWF0IjoxNTE2MjM5MDIyfQ.5aW29xJgAVDxEfpPeERVqxJVKnJByJYN3tEXC2meIus

Well this folder has a long name😂. It has no file in it actually.

If you take a good look at the folder name you’ll see something similar to a jwt token, yup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6InRzY0NURntpX2FtX2hlcmV9IiwiaWF0IjoxNTE2MjM5MDIyfQ.5aW29xJgAVDxEfpPeERVqxJVKnJByJYN3tEXC2meIus this looks like a jwt token. Lets decode this using an online tool. You can crack it here

There’s our flag

FLAG:-tscCTF{i_am_here}

---

Logic Test

---

We get this long boring text when we view the content of the file in the folder. Well, this didn’t make sense to me actually🥲

Checked online for R@1n I got this

ALso looked up those texts online and found this

Same wordings, well it still didn’t make sense to me tho. But then I made an assumption

Yup, that’s our flag hehe

FLAG:-tscCTF{3xampl3F14g}

---

Safenet

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/05 - safenet]
└─$ cat follow\ safenet\ society.txt 
follow safenet society on instagram https://www.instagram.com/wesafenetwork?igsh=MzRlODBiNWFlZA==

We are asked to follow safenet on instagram page. Lets locate their instagram page

But there’s no flag here. Well look closely hehe

Navigating to that webpage should get you the flag

Yup, that’s the flag

FLAG:-tscCTF{XyZ_987_CTF}

---

Who are we

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/06 - Who are we _]
└─$ ls    
'06 - who are we.mp3'

We get this mp3 file.

Lets analyze with sonic visualiser. To install on kali you can use the command sudo apt-get -y install sonic-visualiser

Good, now Pane > Add Spectogram > 06-who are we.mp3: Channel 1

cool, we got our flag😎

FLAG:-tscCTF{W3_Ar3_Saf3N3t}

---

Hide Data

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/07 - Hide Data]
└─$ cat 07\ -\ Hide\ Data.txt       
gur synt vf gfpPGS:{gur_znfgre_vf_urer} Vg vf cerggl rnfl gb frr gur synt ohg pna lbh frr vg v gbbx arneyl ab zvahgr gb rapbqr guvf jvgu {EBG13:} tbbq yhpx va fbyivat gung

We were given this cipher.

First, lets identify the type of cipher this is, you can do that using this webpage

It’s a ROT13 cipher, cool. Now lets decode with this

Got our flag hehe

FLAG:-tscCTF{the_master_is_here}

---

Finding Me

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/08 - Finding Me _]
└─$ ls -la                     
total 64
drwxr-xr-x  2 bl4ck4non bl4ck4non  4096 Feb  3 13:01  .
drwxr-xr-x 12 bl4ck4non bl4ck4non  4096 Feb  4 09:33  ..
-rw-r--r--  1 bl4ck4non bl4ck4non 54954 Feb  3 10:31 'Tech Starters.html'
                                                                                                                                                                                                                                             
┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/08 - Finding Me _]
└─$ file Tech\ Starters.html    
Tech Starters.html: HTML document, Unicode text, UTF-8 text, with very long lines (52711)

We can see that this is a html file with a very long line. Well, one way to open this file is by using your browser and then checking the page source for your flag, well that’s boring. Lets just grep it out hehe since we already know the flag format

command:grep "tscCTF:{" Tech\ Starters.html

After running that, just scroll up you should see this

There’s our flag😎

FLAG:-tscCTF:{1_AM_here}

---

Who Am I

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/09  - Who am i]
└─$ ls -la                     
total 12
drwxr-xr-x  2 bl4ck4non bl4ck4non 4096 Feb  4 09:33  .
drwxr-xr-x 12 bl4ck4non bl4ck4non 4096 Feb  4 09:33  ..
-rw-r--r--  1 bl4ck4non bl4ck4non   81 Feb  3 11:12 '09  - Who am i.bat'
                                                                                                                                                                                                                                             
┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/09  - Who am i]
└─$ file 09\ \ -\ Who\ am\ i.bat 
09  - Who am i.bat: ASCII text, with CRLF line terminators

Well the file contains some ascii text so we can just cat it then

command: cat 09\ \ -\ Who\ am\ i.bat

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/09  - Who am i]
└─$ cat 09\ \ -\ Who\ am\ i.bat                       
Rundll32.exe User32.dll,LockWorkStation

REM "dHNjQ1RGOntpX2FtX3RoZV9tYXN0ZXJ9" 

We get a base64 string, well lets decode this

command:echo "dHNjQ1RGOntpX2FtX3RoZV9tYXN0ZXJ9" | base64 -d

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/09  - Who am i]
└─$ echo "dHNjQ1RGOntpX2FtX3RoZV9tYXN0ZXJ9" | base64 -d                            
tscCTF:{i_am_the_master}

We got our flag hehe

FLAG:-tscCTF{i_am_the_master}

---

Ascii Player_101

---

┌──(bl4ck4non👽bl4ck4non-sec)-[~/Downloads/CTF/techstacon/10 -ASCII Player_101]
└─$ cat 10\ -\ ASCII.txt     
[116, 115, 99, 67, 84, 70, 58, 123, 87, 104, 97, 116, 95, 105, 102, 95, 97, 108, 108, 95, 116, 104, 105, 115, 95, 119, 97, 115, 95, 97, 95, 106, 111, 107, 101, 125]


#I might be the biggest snake_find me if you can

This is another cipher.

The name of the challenge already gave us a hint though

Now lets decode using an online decoder. You can use this to decode

We got our flag

FLAG:-tscCTF{What_if_all_this_was_a_joke}

---

Till Next Time :xD

Back To Home