[CTF] 1337up CTF writeup- Mirage
Hi Everyone. This time I played 1337up CTF by Intigriti and my team TamilCTF placed 10th in it 😊. Let me show how I solved one of the challenges in it, Mirage - Misc.
Let’s visit the link and see what they have for us.
While looking it plainly, we can see it’s just a website. let’s look at the page source.
While casually reading the page source, I have seen the word ROBOTS hidden in the website, so I thought of checking whether there is a robots.txt file in it and it is there in the website.
So, there are a few directories listed in it. I saved those all in a separate text file.
I had a feeling that most of them would be 404’s and rabbit holes so I fired up Burpsuite to use Intruder and brute-force those directories.
As we can see, there are certain directories which only gave 200 status codes. Let’s look them one by one.
At first, we are gonna see /flag.txt.
So there are certain characters given as flag. lets use cyberchef too find what it is.
Of course it is a rabbit hole to troll us 😐. Well, it’s not going to be that easy. Let’s look at the second one /flag1.txt.
So, they have given some gibberish. If you read the hint, “Rot Rot Everwhere but not a single Rot to see” we know that we should use Caesar Cipher. I use cryptii.com, but use can use any website you prefer.
Another rabbit hole 😑. Let’s see the next one /wordlists.txt.
They have given a wordlist saying this will help us later. So, I saved it in a separate file. Now to the last one /ok.txt.
Another hint. In this they have given a directory which is encrypted using Caesar Cipher (/uncclzrny.wct). Let’s use cryptii again.
We have found the plaintext which is happymeal.jpg. Let’s see what is in it.
If you visit the link https://mirage.ctf.intigriti.io/happymeal.jpg this image is shown. Let’s visit /HelpMeOut.txt.
Finally 😀. they have given a link to download the flag.zip file. let’s download and extract it.
The zip file is password protected. We need to use the wordlist wordlists.txt to find the password. We are gonna use john to crack the zip file. First let’s make a file which is compatible for john to crack using zip2john and crack the file using wordlists.txt.
So we have found the password which is Soeasypeasy214. Now use the password to open the flag.txt and BOOM! , we got the flag.
So this is how I solved Mirage challenge. Hope you guys like this blog. Make sure to show your support by applauding and sharing the blog with your fellow hackers and tech geeks. Let’s see you in another blog, until then PEACE OUT ✌️.
Do Follow Techiepedia for more Interesting write-ups!
