This is the writeup of the challenge from the TCS hackquest.
There is a total of 10 challenges, out of which I got 7.
Challenge:- Alien Message
The given text is based64 because at the end of the string there is “==” symbol which is generally used for the base64 padding.

I use a $base64 command to decode the msg.


Decode msg a PNG file, used any Qr decoder tool to find out the result.

Challenge:- Lost Batman
The given file has a no extension, so to find out which type of the file, use $file command(google about magic numbers).

The file is a tcpdump wem can use Wireshark to open this pcap file.

After doing a quick analysis I find out that the captured data is some sort of website.
To export, all the files GO to the File menu →Export Object →HTTP then save all.

There are many text and image files, on koker.jpg on doing strings give us the flag.

Challenge Name:- Calling Charlie
Give file is .wav file, On listing, we found out that is the morse code and used an online tool to decrypt it.

Challenge:- Reset Password
There is a login page that is used to update the password, which requires the old password. I simply delete the element using inspect element., and ubmit the form.

There are many ways to do this challenge, we can use burp to capture the request and remove the old password field.
Challenge:- Leaks and Leaks
Given description gives us the hint that it is realted to some sort of AWS or maybe aws key.

The given file is a git file. so we can find out all the previous commit and role back to find out what are changes made.

git revert (Double tab to find out all the possible values ,fancy stuff :P)
after this revert command, it will open the commit file, which shows where the changes occur. in our case .env file is modified.


we can use git revert 4811fc and cat .env which also give the flag.
Challenge:- Excess Talent
Challenge gives the hint our request is seen by some special browser.

looks like some type of injection. so I started a ngrok server and send some payload. and after some tries, I got the response.



In left side, ngrok is running and on the right-hand side, we are listing from nc, in the left hand, we got the flag in user agent field.
Summary:- Ctf was quite easy some challenges are good and some require some guessing work.

