Deadface CTF Writeups

Our Team consists of Sahil Dharme Ahmed Hamzah X058_Sakshi Giri Ayush Varma and Rohan

We participated in Deadface CTF, here are writeups

Writeup for Voice challenge

Description: A friend of mine sent me an audio file which supposes to tell me the time of our night out meeting, but I can’t comprehend the voice in the audio file. Can you help me figure it out? I want to hang out with my friends. We were given an audio .wav file

Solution

• -Download and open up the sonic visualizer and now select add spectrogram in the layers.
• -Now adjust the spectrogram with siders and the flag will be visible.

Screenshots

Flag is

flag{1257}

All A Loan Challenge

For this challenge we were provided with the database and we need to filter of the data.

Challenge statement :- “De Monne has reason to believe that DEADFACE will target loans issued by employees in California. It only makes sense that they’ll then target the city with the highest dollar value of loans issued. Which city in California has the most money in outstanding Small Business loans? Submit the city and dollar value as the flag in this format: flag{City_$#,###.##}Use the MySQL database dump from Body Count”

Solution :-

Steps :-

1. separate out data of employee and loan from given database file (unzip the demonne.zip file (password-d34df4c3) which consist of data)
2. For the given challenge we need to filter as per this hierarchy:- employees from CA -> employee who gave loan of type
3. (Small Business) -> City with max of balance Code:- Can be found in resources as .py file link to the file here.
4. Code Output :-
   Riverside 13723.0
   San Diego 15231.0
   Long Beach 33404.0
   Oakland 22549.0
   Sacramento 40566.0
   Garden Grove 23228.0
   Fresno 26201.0
   Inglewood 15851.0
   San Jose 33641.0
   Burbank 5892.0
   Ventura 12855.0
   Fresno 2669.0
   Oakland 33882.0
   San Diego 3572.0
   Pasadena 31949.0
   North Hollywood 45467.0
   San Jose 1016.0
   Van Nuys 25293.0
   Oakland 5872.0
   Santa Clara 43950.0
   Bakersfield 40110.0
   Santa Cruz 20615.0
   Oakland 28297.0
   North Hollywood 18601.0
   San Diego 36185.0
   Petaluma 25157.0
   Concord 10976.0
   San Francisco 37824.0
   Fullerton 32850.0
   Inglewood 30168.0
   Santa Monica 29365.0
   Huntington Beach 44377.0
   Garden Grove 24187.0
   Bakersfield 46094.0
   San Francisco 25511.0
   Los Angeles 37324.0
   Stockton 37270.0
   Fresno 21936.0
   Fresno 18182.0
   Pasadena 41143.0
   Santa Barbara 41095.0
   Santa Ana 32418.0
   San Francisco 17398.0
   Stockton 2359.0
   Whittier 5141.0
   Now we can sum up which city have highest balance and arrange in flag format :flag{Oakland_$90,600.00}

Monstrum ex Machina

Challenge Statement :-
Our person on the “inside” of Ghost Town was able to plant a packet sniffing device on Luciafer’s computer. Based on our initial analysis, we know that she was attempting to hack a computer in Lytton Labs, and we have some idea of what she was doing, but we need a more in-depth analysis. This is where YOU come in.

We need YOU to help us analyze the packet capture. Look for relevant data to the potential attempted hack.

To gather some information on the victim, investigate the victim’s computer activity. The “victim” was using a search engine to look up a name. Provide the name with standard capitalization: flag{Jerry Seinfeld}.

Download file
SHA1: 6c0caf366dae3e03bcbd7338de0030812536894c
NOTE: All of the packet capture challenges use this PCAP file.

Solution :-
1. We were provided with a pcap file.

2. Inspect the file in Wireshark and separate http/https requests. I found a url under those packet which is bellow
URL : https://www.baidu.com/sugrec?prod=pc_his&from=pc_web&json=1&sid=34436_34378_34403_33848_34072_34092_34458_26350_34415_34390&hisdata=%5B%7B%22time%22%3A1629670145%2C%22kw%22%3A%22lytton%22%7D%2C%7B%22time%22%3A1629670163%2C%22kw%22%3A%22lytton%20iowa%22%7D%2C%7B%22time%22%3A1629670590%2C%22kw%22%3A%22mk%20ultra%22%7D%2C%7B%22time%22%3A1629671595%2C%22kw%22%3A%22charles%20geshickter%22%2C%22fq%22%3A2%7D%2C%7B%22time%22%3A1629671715%2C%22kw%22%3A%22lytton%2C%20iowa%22%2C%22fq%22%3A2%7D%5D&_t=1629672401299&csor=0

3.This URL contains name -
Lytton Iowa
Charles Geshickter

I tried there name and perhaps Charles Geshickter was correct
flag{Charles Geshickter}

The Count

Challenge Statement: Apparently DEADFACE is recruiting programmers, but spookyboi is a little apprehensive about recruiting amateurs.

1.He’s placed a password hash in the form of a flag for those able to solve his challenge.

2.Solve the challenge and submit the flag as flag{SHA256_hash}. The challenge was all about automation, that is , writing a socket for taking direct input from server and sending answer .

3.So just build a program for it (you can find it exploit.py) and algorithm is quite simple we need to sum up values for each letter where a =0 , b=1 , c=2 ,…. Run the exploit.py and get flag

exploit.py:

#!/usr/bin/env python
import socket

s = socket.socket(socket.AF_INET , socket.SOCK_STREAM)

# Here we use the connect method of the socket we created. The two arguments are pretty self-explanatory
# The first is the adress the second is the port.
s.connect((‘147.182.204.61’,50000))

# Here we save what the socket reviewed in the variable answer.
answer = s.recv(1024)
p = answer.split(“\n”)[5][14:]
print “word : “,p
sum = 0
for i in range(len(p)):
sum = sum + ord(p[i]) — 97
s.send(str(sum))

print “Sent answer = “,sum

flag = s.recv(1024)
print(flag)
s.close()

Link to python file here

The flag was obtained:

flag{d1c037808d23acd0dc0e3b897f344571ddce4b294e742b434888b3d9f69d9944}