Capture The Flag
  • 🏠 Home
  • CTF 2024
    • 🖥INTIGRITI 2024
      • Warmup - Babyflow
      • OSINT - Bob L'éponge
  • CTF 2022
    • 🖥 ROOTCON 16 Pre-Qualifier
      • 1️⃣ Easy 300: Illusive Mind with Illusive Thoughts
      • 2️⃣ Easy 300: Hack and Take a Break
    • 🖥 HTB Cyber Apocalypse 2022 Intergalactic Chase
      • 1️⃣ Web 300: Kryptos Support
      • 2️⃣ Web 300: BlinkerFluids
  • CTF 2021
    • 🖥 ROOTCON 15 CTF
      • Exploitation 4
      • Exploitation 6
      • Web 200
    • 🖥 HTB Business CTF 2021
      • Time
      • NoteQL
  • CTF 2020
    • 🖥 ROOTCON RECOVERY MODE
      • Forensics (Warm Up)
      • Web (Wizardry)
Powered by GitBook
On this page
  1. CTF 2022
  2. 🖥 ROOTCON 16 Pre-Qualifier

2️⃣ Easy 300: Hack and Take a Break

Previous1️⃣ Easy 300: Illusive Mind with Illusive ThoughtsNext🖥 HTB Cyber Apocalypse 2022 Intergalactic Chase

Last updated 2 years ago

The challenge pointed to CSP Bank, a Firebase Appspot Storage and BeVigil for indexing and research. Following the same process from the other challenge, wherein a constant.java file has list of strings, there I got the clues connected to the firabase storage. As shown in the image below, there is another link we have to check.

Upon visiting the link, what I got are scrambled texts which at first glance don't make any sense. Then I noticed in the URL wherein the file title is "rotated.json" which reminds me of rot13 cipher. This is a simple letter substitution cipher that replaces a letter with the 13th letter after it in the alphabet.

Using rot13.com, I got the result below

"Name": "Unlimited Free",
"Developer": "[email protected]"

The results return one readable name and developer's email, Unlimited Free / [email protected]. Back to BeVigil, using the found credentials, and this time with the Advanced Search, I got the following results.

I click at Strings -> Unknown High Entropy String -> sources/com/intl/unlimitedfree/internal.java

Then, I got a hex value below:

I decode it and got the following flag:

Conclusion: I learn how to use BeVigil, sometimes I'm lazy in doing deep checking/investigation of links and encoded strings but I just realize that those fundamentals in CTF are very important. Being familiar with encoding is very important too when it comes to CTF.