Inferno CTF 2019 Write-ups

Inferno CTF is an Online Jeopardy-style Beginner-Intermediate level CTF. It’ll include challenges from various categories such as Android, Web Exploitation, Forensics, Reversing, Binary Exploitation, Cryptography, OSINT, etc. Same Game Different Levels, Same Hell Different Devils.

Color Blind

We were provided with below challenge’s description and a file.

colorblind.png

We tried a tools like exiftool and strings but found nothing interesting. Since it is a PNG file, we tried zsteg.

We got something. As we only ran zsteg with default option, it did not extract everything. Let’s try to extract all with -a option.

We got it this time, and based on the output above, the flag for this challenge is infernoCTF{h3y_100k_y0u_4r3_n07_h3x_bl1nD_:O}

Where did he GO?

We were provided with below challenge’s description and a file.

test.go

It is a script written in GO language. We reviewed the script and found what seemed to a flag. We then found an online tool to execute GO language.

It looked like that the flag was printed in reversed order. We then reversed it and found that the flag for this challenge is infernoCTF{g0_Pr0gRaMM1ng_1s_Gr3At!!}

Really Secure Algorithm Again

We were provided with below challenge’s description and a file.

RSA_Chall

This is a RSA encryption challenge where they gave us e, N and cipher text. We will use a tool named RsaCtfTool.

Based on the output above, the flag for this challenge is infernoCTF{RSA_k3yS_t00_SmAll}

Merry Christmas

We were provided with below challenge’s description, a file and a hint.

output.zip

The zip file is password protected, and the hint told us to find a last name of mrT4ntr4.

We then unzip the file with Malhotra as the password and found a file name flag.gif.

We couldn’t view it, and we found that the file signature was modified to 41 41 41 41 41 61.

We then change it back to gif signature with 47 49 46 38 37 61.

We checked the file type again, and it returned as GIF this time. We tried to open it again, and it surely works this time.

Based on the output above, the flag for this challenge is infernoCTF{M3RRy_ChR1stmAs}

We Will We Will Shock You

We were provided with below challenge’s description and url.

We followed the URL and landed on the page below.

Just a normal Apache test page. We then tried to show the HTML source code.

We found something interesting in comment about bashferno.cgi. We then went to that page.

After some googling, we found a vulnerability called Shellshock which plays well with challenge title. This vulnerability will let us to perform remote code execution (RCE). If you want to learn more about it, you can check out OWASP document here.

Based on the output above, the flag for this challenge is infernoCTF{F33l_Th3_Sh0ck}

You may also like...

Leave a Reply

%d bloggers like this: