CYBERYAMI CTF

This CTF competition was quite an interesting beginner level ctf.Below are some of the challanges I was able to solve during the competion and after.

Scoreboard

FORENSICS

  1. Shark Tank
challange description

After unziping the file we get a challlange.pcapng file,I fireapp wireshark to analyse the file .Going through the TCP stream I found an encoded message on stream 15.

The stream

We base58 decode then base 64 decode to get our flag.WHL{f0r3nsics_1s_4w3s0m3}

2. MS_Crack!!!

challange description

Unzipping the file we get two .docx files one of which is password protected.We use office2john to get a hash from the file then use john the ripper to crack the hash gotten.We get our password {ichliebedich} and use it to open the files and get our first part of the flag.

cracking the password protected file

On the second file I ran binwalk -e and got some embeded files .Under the document.xml I got the second part of the flag as a comment.

second part of the flag

MALWARE ANALYSIS

  1. MalVBA-I
challange description

I used olevba to detect the macros in the file and got lewd.exe as the executable.

results after running olevba.py

2. MalVBA-II

description of the challange

I used oledump looked at stream 6706 and got solemnize as the name of the stream.

results after running oledump.py

3. Lokibot — I

challange description

I analysed the .pcap file and exported the http objects.

Http objects

One of the files was a Xehmigm.exe executable file.That is the flag.

4. TA551 — I

I exported the Http objects in the .pcap file into a folder. I then ran file * to get the file types of the files and found date1%3fBNLv65=pAAS to be a DLL file.

I did the sha256sum of the file and got the flag

the sha256sum

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Accelerating innovation in healthcare using low-code development

Salesforce Integration — Single unified customer experience

Salesforce Integration with Apps

Laravel Factories Explained

Ontology Is Now An Official Google Cloud Partner, As Three Ontology Projects Are Accepted To The…

Flutter — GetX (Powerful State Management)

This is What You Should Do If You Fail to Install the Latest or an Older Version of XGBoost on…

Apple’s Software Engineering Intern Interview

Blue-Green Deployment — the downtime savior

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
netsploit

netsploit

More from Medium

TryHackMe: Gallery Walkthrough

HACKTHEBOX | MEOW | writeup

TryHackme: Year of the pig

TryHackMe: Pentesting Fundamentals a Walkthrough