Crypto Hole
Here's a lot of crypto challenges all packed into one. To start, unzip the starting zip file and enter
NeverLANCTFas the password. Each correct decryption, besides two, will be prefixed with password:
Recon
The zipfiles contain another zip file and a file chal.txt. The idea is to get the password from chal.txt and then use it to decrypt the zip file. This probably will go on for a couple of rounds.
Round 0
- File: A_ffine_Cipher_here_3.zip
- Password: NeverLANCTF
Round 1
- Directory name:
A ffine Cipher here 3 - chal.txt contains:
whzzdvyk: HmcxWGD0iKTI&OAmgv - Solution: (Caesar cipher, shifted by 7):
password: AfvqPZW0bDMB&HTfzo - ZIP file to open:
Two is better than one.zip
Round 2
- Directory name:
Two is better than one - chal.txt contains:
PASTNRQXX78DRDVI6KBD3SDFXXXXXXSWO - Solution:
V78DTNRI6KBD3SDFQ - ZIP file to open:
I'm on the fence with this one.zip
We see that we can divide this string in small strings of each 3 chars:
PAS TNR QXX 78D RDV I6K BD3 SDF XXX XXX SWO
We then can conclude that some words connect to each other, it starts with password and the xxx seems to be a sort of padding.
PAS SWO RDV ... QXX XXX XXX
With this we can bruteforce the other positions and try every possibility as password. We try both with the XXX ending as without, since we don't know if it is part of the password.
from itertools import permutations
from subprocess import check_output
zipfile = "I'm on the fence with this one.zip"
arr = ["TNR", "78D", "I6K", "BD3", "SDF"]
def extract_file(p):
try:
check_output(['unzip', '-P', p, zipfile])
print p
except:
pass
for i in permutations(arr):
p1 = "V" + "".join(i) + "QXXXXXXXX"
p2 = "V" + "".join(i) + "Q"
extract_file(p1)
extract_file(p2)
Round 3
- Directory name:
I'm on the fence with this one - chal.txt contains:
pw:Ea8oasod SA5egBlvsrVSvwr - Solution:
VSEAS5aevg8Bwlovr - ZIP file to open:
Salad Time.zip
Seems to be rail fence cipher with 3 lines:
p w : E a 8
a s o d · S A 5 e g
s r V S v
password: VSEAS5aevg8Bwlovr
Round 4
- Directory name:
Salad Time - chal.txt contains:
knppwjor: cQGuVCd$TyOUPppXUnPX - Solution:
gTLvCGk$HyRVSssXVaSX - ZIP file to open:
ROTten.zip
Substitution with key NEVERLANCTF:
nevrlactfbdghijkmopqsuwxyz
abcdefghijklmnopqrstuvwxyz
Round 5
- Directory name:
ROTten - chal.txt contains:
cnffjbeq: r1Lqe*mkBBloS6EE%u5s - Solution (ROT-13):
password: e1Ydr*zxOOybF6RR%h5f - ZIP file to open:
Viginere Equivent E.zip
Round 6
- Directory name:
Viginere Equivent E - chal.txt contains:
tewwasvh: jM7FTDP#DR5TM!&tfXBg - Solution (Ceasar cipher - shifted by 4):
password: fI7BPZL#ZN5PI!&pbTXc - ZIP file to open:
Easy One.zip
Round 7
- Directory name:
Easy One - chal.txt contains:
cGFzc3dvcmQ6IHZ4d0BadGV0I1pmQm5ZVnhKMUlN - Solution (Base64):
password: vxw@Ztet#ZfBnYVxJ1IM - ZIP file to open:
Message indigestion.zip
Round 8
- Directory name:
Message indigestion - chal.txt contains:
1f82cdf9195b31244721c6026587fb78 - Solution:
password23(search on hash on https://crackstation.net/) - ZIP file to open:
for SHA dude.zip
Round 9
- Directory name:
for SHA dude - chal.txt contains:
57fc022fb8dbf1640e732c40e835f74e637526d8 - Solution:
applez14(search on hash on https://crackstation.net/) - ZIP file to open:
ONE more TIME.zip
Round 10
- Directory name:
ONE more TIME - chal.txt contains:
This is our world now... Vvvyzshm fj tzylfvegn ehz ksh qwrwxs nlcecsagrv ubmdp qgvv momt sny lsdjk osmy grhc xoxk zgprjr... Ks pzij, lecv'w yrsv ctsz nbx w rhi kyea dmvr lqox{yyyiv0gLakvr}One time pad metThis is our world now. Full text is fromThe Conscience of a Hackerby+++The Mentor+++http://phrack.org/issues/7/3.html - Solution:
Congrats on finishing all the crypto challenges built into this one super holy moly long folder... So yeah, here's your flag for a job well done flag{crypt0sRphun}
Note: It looks like the challenge author used this site for all is encryptions (because of the level names): http://rumkin.com/tools/cipher/
Flag
flag{crypt0sRphun}