The problems for the CTF can be found here: github.com/buetsec/intra-buet-ctf-2023 or https://github.com/rng70/beginner-ctf-problemset
Cryptography
Fab-Five-Freddy
Just MD5 hash the string 1stCSE@BUET
and you get the flag buet{c517e8df662284b132d50666fe838038}
.
Vault
A vault is a secure place to store your valuables. But what if the vault is not secure? Can you get the flag from the vault?
Flag Format: buet{flag}
Reverse the hash in vault.py and get the flag buet{airplane}
Miscellaneous
Pair Up
One of my classmates is into loops and basic bitwise operations. Interestingly, he thought he could create an encryption algorithm and use it to protect his files.
Can you bypass his encryption to get the flag?
Flag format: buet{flag_here}
Follow the script shown below:
#! /usr/bin/python3
def decrypt(enc_flag):
flag = list(enc_flag)
l = len(flag)
for i in range(1, len(flag)):
flag[l-i-1] = chr(ord(flag[l-i-1]) ^ ord(enc_flag[l-i]))
return "".join(flag)
def main():
flag = open("flag.txt", "r").read()
enc_flag = open("encrypted.txt", "r").read()
dec_flag = decrypt(enc_flag)
if flag != dec_flag:
raise BaseException("Original flag and decrypted flag don't match!")
else:
print("Flag matches!")
if __name__ == "__main__":
main()
You get the flag buet{x0r_4mon6_p41r5}
!
Two Startups
Loop, also known as Loop Freight is one of the rising startups of Bangladesh. Swap is the first re-commerce marketplace in Bangladesh.
Anyway, you do not need to know much about them except their name. The source code given here performs some steps on the original flag and obfuscates it.
Can you retrieve it?
Flag format: buet{flag_here}
Author: dyn
Follow the script below to reverse the encrypt.py
script.
def decrypt(text):
plaintext = list(text)
for i in range(len(text)-1, -1, -1):
for j in range(len(text)-2, i-1, -1):
for k in range(len(text)-3, j-1, -1):
plaintext[k], plaintext[k+1] = plaintext[k+1], plaintext[k]
return "".join(plaintext)
if __name__ == "__main__":
enc_flag = open("ciphertext.txt", "r").read()
open("dec_flag.txt", "w").write(decrypt(enc_flag))
And we get the flag buet{3_t4_L00p_k0rl4m_T4rpor_5w4p_k0rL4m}
!
Reverse Engineering
Very Easy Reverse
The flag is: buet{a_b} where a = value of a, and b = value of b.
Just reverse the program as C program, and read the decompiled source code. And you'll find the numbers 38 and 39. The flag then becomes buet{38_39}
!
Goa
I've been thinking of going on a vacation to Goa. If you can reverse it and find out the number, maybe I'll take you with me.
Flag format: buet{flag_here}
This is a binary written and compiled in the Go language. Use GoRE or some other decompiler to decompile it. Upload to dogbolt or use HexRays. You'll find a list of array elements being assigned random ASCII values. Those are the flag characters.
We get the flag: buet{s1mpl3_g0l4ng_b1n4ry}
!
Steganography
ChatGPT-1
Check the PDF for challenge description.
Flag format: buet{flag_here}
This was the easiest problem of the entire CTF. The flag was written in WHITE ink in the PDF. Running a pdftotext
command on Linux, or copy-pasting the document would give out the flag buet{c4n_y0u_533_m3?}
!