[CTF-AMAZON x WICYS]
Password Storage 101 (100 points)
The binary for super secure password locker has been leaked. Can you get the flag?
In this challenge we need to read the code and decrypt the value:
char flag [25] = “\\prmb}{[{&`Ri@RG.i_.ch4h”; //24
char key [25] = “uhtrbg{nkrgb!gbfjv]jbnSf”;
We have our flag and key.
We need to decrypt the flag using the respective key. I used the following code to decrypt the ciphertext.
Code:
Flag: Amazon{Th1s_iS_R3v_3ng4}
Hidden Message (100 points)
Steganography is the practice of concealing messages or information within other nonsecret data and images. Can you find the hidden encoded flag in this jpg image? Submit the decoded flag.
For this exercise, I have the image logo.jpg.
I used the following command to get information about the file:
File logo.jpg
In comments we can see the word: QW1hem9ue1N0M24wZ3JAcGh5XzEkX2hAcmR9
We need to decrypt in Cyberchef:
Flag: Amazon{St3n0gr@phy_1$_h@rd}
Simple PCAP (100 points)
Simple pcap
Can you spot the activity?
To resolve this exercise, we need to enter in Wireshark:
Then I used the filter frame contains “flag”
Then I exported the packet and extracted the image in Cyberchef.
Flag : Amazon{pc@p_mak3s_th3_m@gic}
I Am Lazy ( 50 points)
On certain occasions, it becomes evident that the most efficient way to accomplish the task of retrieving the flag from challenge.txt involves the creation of a novel, simplified methodology.
For this exercise, it has many encodings, so I used the next code to decrypt and get the flag.
Code:
Flag: Amazon{too_many_times_encoded}
Network Analyzer ( 100 points)
Our internal network engineers got tired of using the terminal. They have created network analyzer. This tools allows them to ping any ip in our network. Some hackers have tried to use our tools for evil purposes. Good thing we have the best security engineers in town. They have secured this service by preventing any “;”, “python”, “wget”, and “curl”. That should be enought to stop the hackers right?
For this exercise, I used the following command to get the flag.
127.0.0.1 && cat flag.txt
Flag: Amazon{4n0th3r_H4ck3r_Succ33d$}
Password Locker on the Web (100 points)
We have created the lastest crypto encryption software and are sharing it with the public!! Use our new tool password locker on the web to see the lastest and greatest in encryption software OR is it……………
In this exercise, we need to decipher the encoding.
Change maxlenght value =70
Write a random value:
Copy the result in cyberchef:
Flag: Amazon{This_Flag_Is_Secret_front_end_validation_is_bullet_proof}
Bad Actor ( 100 points)
We received a report about a hacker who goes by the alias mickey_z_scott. They have been hacking into classified systems and must be stopped! Help us find their social media account and get us their flag.
To solve this challenge, we need to find the account of mickey.
I used the following website to find his account:
As we can see He has his account in twitter.
Flag: Amazon{OS1NT_1s_c00l}
Secret Server ( 200 points)
(Bad Actor challenge must be completed to continue this challenge) Reports show that the bad actor is recruting other hackers into a secret server. Using the social media account that you found, find the new username and find the hidden server invite link!
To resolve this exercise, we need to find his account in GitHub and find the Discord Link:
Flag : Amazon{Y0u_h@v3_m@st3red_0S1NT}
