CTF
Walkthrough – HideToSee
Category: Steganography / Cryptography
Files provided:
- Atbash.jpeg
- encrypted.txt (contains:
krxlXGU{zgyzhs_xizxp_1u84w779})
Challenge Description:
"How
about some hide and seek heh? Look at this image here."
Hint: Download the image and try to extract it.
So this sounds like classic stego — there’s probably something hidden inside the image file. Let’s dig in!
Step 1:
Take a Look at the Text File
We’re given
an encrypted.txt file with this inside:
krxlXGU{zgyzhs_xizxp_1u84w779}
Looks like a
flag format, right? That picoCTF{} structure is a dead giveaway.
The part
inside the brackets is what we need to decrypt:
zgyzhs_xizxp_1u84w779
Now, here’s
where the filename of the image gives away a big clue: Atbash.jpeg.
Looks like
we’re dealing with an Atbash cipher.
What’s the Atbash Cipher?
Atbash is a
super simple cipher where the alphabet is reversed. So:
A <->
Z
B <->
Y
C <->
X
...
Same applies
to lowercase letters. So z becomes a, g becomes t, and so on.
Step 2: Decrypt the Encrypted Text
We’ll try
two different ways — one manual, one using a website.
Method 1: Manually (The Old-School Way)
Take the
string:
zgyzhs_xizxp_1u84w779
We only
apply Atbash to the letters. Numbers and underscores stay as they are.
Break it
down and map each letter:
|
Cipher |
z |
g |
y |
z |
h |
s |
_ |
x |
i |
z |
x |
p |
_ |
1 |
u |
8 |
4 |
w |
7 |
7 |
9 |
|
Plain |
a |
t |
b |
a |
s |
h |
_ |
c |
r |
a |
c |
k |
_ |
1 |
f |
8 |
4 |
d |
7 |
7 |
9 |
So the
decrypted text is:
atbash_crack_1f84d779
Which means
the flag is:
picoCTF{atbash_crack_1f84d779}
Boom.
Method 2:
Using dCode (Quick & Easy)
If you don’t
want to do it manually, here’s the fast way:
- Go to dCode Atbash Cipher Tool
- Paste the text:
zgyzhs_xizxp_1u84w779
- Click "Decrypt".
You’ll get:
atbash_crack_1f84d779
Flag =
picoCTF{atbash_crack_1f84d779}
Simple and effective.
More SQLi
Description
Can you find the flag on this website.Try to find the flag here.
Hints:SQLiLite
As the challenge is related to SQL Injection I asked it to chatgpt and found some information about it.
SQLiLite likely refers to a lightweight SQLite database used in a challenge or practice environment for SQL Injection (SQLi). The goal is to exploit a vulnerability in the website's input fields to interact with its backend SQLite database and extract sensitive information, such as a flag.
After this I checked the website
Identify Vulnerable Input Field:
- Look for input fields, URLs with query parameters, or forms (e.g., login, search, etc.) where you can input data.
- Test for SQL injection by entering basic payloads like:
'or 1=1;-- if we pass this as username and pass we can bypass the authentication.
- Explanation:'1'='1' is always true, and the -- comments out the rest of the query, causing the SQL server to ignore the password check.
And boom we have bypassed the system but we are not seeing any flag.So now I started the burp suite and captured the post request of login page.Sent it to repeater and modified the username and password as 'or 1=1;--
And here is the flag in the script.
Flag: picoCTF{G3tting_5QL_1nJ3c7I0N_l1k3_y0u_sh0ulD_e3e46aae}
.jpg)
.jpg)
No comments:
Post a Comment