CYBERYAMI CTF

This CTF competition was quite an interesting beginner level ctf.Below are some of the challanges I was able to solve during the competion and after.

Scoreboard

FORENSICS

1. Shark Tank

challange description

After unziping the file we get a challlange.pcapng file,I fireapp wireshark to analyse the file .Going through the TCP stream I found an encoded message on stream 15.

The stream

We base58 decode then base 64 decode to get our flag.WHL{f0r3nsics_1s_4w3s0m3}

2. MS_Crack!!!

challange description

Unzipping the file we get two .docx files one of which is password protected.We use office2john to get a hash from the file then use john the ripper to crack the hash gotten.We get our password {ichliebedich} and use it to open the files and get our first part of the flag.

cracking the password protected file

On the second file I ran binwalk -e and got some embeded files .Under the document.xml I got the second part of the flag as a comment.

second part of the flag

MALWARE ANALYSIS

1. MalVBA-I

challange description

I used olevba to detect the macros in the file and got lewd.exe as the executable.

results after running olevba.py

2. MalVBA-II

description of the challange

I used oledump looked at stream 6706 and got solemnize as the name of the stream.

results after running oledump.py

3. Lokibot — I

challange description

I analysed the .pcap file and exported the http objects.

Http objects

One of the files was a Xehmigm.exe executable file.That is the flag.

4. TA551 — I

I exported the Http objects in the .pcap file into a folder. I then ran file * to get the file types of the files and found date1%3fBNLv65=pAAS to be a DLL file.

I did the sha256sum of the file and got the flag

the sha256sum