Open in app

Sign in

Write

Sign in

The Rat Pack New Years CTF 22–23

Ctf writeup

Pronay Biswas
5 min readJan 5, 2023

Pronay Biswas (b0mk35h)

Introduction

The Rat Pack New years CTF 22–23 hosted a CTF on the 4th of January 2023, which was a 12 hour CTF from 4:30a.m. to 4:30p.m. I participated in the CTF using the alias “b0mk35h” and solved 14 challenges and ranked 4th position.

The Challenges I have solved-

  1. Roborat
  2. Cryptography — Pt 1
  3. Cryptography — Pt 2
  4. Cryptography — Pt 3
  5. xorat
  6. Find the flags — Pt. 1
  7. Remorse
  8. MOUSE ROLL?
  9. JWT — 1
  10. Basic OSINT
  11. OSINT — Part 2
  12. SAN!TY
  13. IDOR2
  14. IDOR1

The pages below show a summary of how I found the flags by solving the challenges.

****************************************************************************

Web Challenge

Roborat

challenge url- https://hackxpert.com/labs/chall2/

  1. As mentioned, the name of this challenge is “roborat”. My first step was to check the “/robots.txt” file of this website and I got the path.

2. By using this path I have got my flag.

****************************************************************************

Cryptography challenges

  1. Cryptography — Pt 1

> crypto- ZmxhZ3tJYW1Ob3RDcmF6eSwsLFlPVUFSRSEhfQ==

As I saw last of this crypto there was “==” in the last. “==” define the base 64 encoding. Then I have to use CyberChef to decode it.

2. Cryptography — Pt 2

> It was a very easy challenge. To solve this crypto I used CyberChef and got the flag.

3. Cryptography — Pt 3

> It was a very easy challenge, using CyberChef easily anyone can solve this.

4. xorat

> Based on the name of the challenge, I assume it is a XOR cipher. Then I used the dcode.fr tool to decrypt this file using the XOR cipher.

****************************************************************************

Forensics challenges

  1. Remorse

> From the name of this challenge we can understand that it is Morse code. Then I use the Morse code decoder online tool to decode the wav file and get the flag.

2. MOUSE ROLL?

> I first used an online morse code decoder to decode the wav file, since it is a wav file. Then I found that it was not clear. There was something similar called spectrogram.

> Then I had to search for a spectrogram analyzer again to decode the WAV file. And I got the flag.

****************************************************************************

JWT

  1. JWT — 1

>JWT stands for “JSON Web Token”. I recall watching a video walkthrough and can apply that experience. I have opened the challenge. Then I right clicked and “inspect element”. Then I click on “Network” and try to find JWT but there is nothing there.

> Then click on the JWT file and watch the response code and find “Bearer…..”

> Copy the value and open a online tool and from there find value false and change the value true.

> Copy the code and past it to the main page and get the flag.

*************************************************************************

OSINT

  1. Basic OSINT

> In this challenge, the hints were — “Are you following our posts on social media …”. Then I decide to search Twitter for The XSS Rat gr33nm0nk hAck3rio Twitter profiles one by one. When visiting the hAck3rio Twitter page, I found a tweet with a link.

> I opened the link and got a photo of a “rat”.

> Then I downloaded it and checked the metadata with exiftool and got the flag.

2. OSINT — Part 2

In this challenge a link was given. And also a hint was there which is- “We have a hidden page on https://hackxpert.com/ratsite that is not mentioned in the code. Can you find it together with the flag?”

Then I opened the link and searched for the robots.txt file and got a hidden page.

Then I went to the page and nothing was there. I inspect the page code and found the flag within source code.

3. SAN!TY

> With this challenge there was mention of a Discord link to solve this challenge. I clicked on the link and opened the Discord OSINT page.

> Then I opened this link- https://twitter.com/gr33nm0nk2802 . And I started scrolling and got a comment by gr33nm0nk using morse code.

> Then using CyberChef decode the morse code and got the flag.

****************************************************************************

Source code challenge

  1. Find the flags — Pt. 1

> As soon as I open the challenge, I right-click on the mouse and select inspect element.

> Then I found the flag within the source code <!- — flag{……….}>

******************************Thank you***********************************

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Pronay Biswas
Pronay Biswas

Written by Pronay Biswas

107 Followers
3 Following

Secured NASA, Cisco, TATA Power, Inflectra, and so on | CEH | CAP | CNSP | Bug hunter | CTF Player 🚩

No responses yet

Write a response

What are your thoughts?

More from Pronay Biswas

See all from Pronay Biswas

Recommended from Medium

Lists

Staff picks

826 stories1649 saves

Stories to Help You Level-Up at Work

19 stories948 saves

Self-Improvement 101

20 stories3355 saves

Productivity 101

20 stories2818 saves
See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams