TFCCTF Solutions 2022

Note : Flag format: TFCCTF{secret_message}

Challenge 1 — Basic (Crypt)

Solution :

Given string : /Rn/X7n#bUc.rjzh,|eEsg,?&QI;@^ARm}UKOkICi#X.ixEmN]D

Using Cipher Identifier at : https://www.dcode.fr/cipher-identifier

We found that its possibly Base 91 Encoding

So we decode it from Base 91 to ASCII (PRINTABLE) CHARACTERS

Result : TFCCTF{sh3's_4_10…_but_0n_th3_ph_sc4l3}

Challenge 2 — MAFIOSO (Crypt)

Solution :

By using online hash identifier we found that it’s SHA256 encrypted.

Since SHA256 is one way hash function, in order to find what the hash actually is we have to hash all the possible string positions to find it. And its entirely impossible.

So here comes a tool in mind well known to all CTF Players : https://crackstation.net/

We got the result as : snitchesgetstitches

Result : TFCCTF{snitchesgetstitches}

Challenge 3 — OBSCURE (Crypt) (Glitch)

Solution :

Since the text has some glitches lets remove it by pasting it at : https://lingojam.com/GlitchTextGenerator

Which is a glitch text to normal text converter

Result : https://lingojam.com/GlitchTextGenerator

Challenge 4 — RULES

Solution :

Let’s Go and read rules at : https://ctf.thefewchosen.com/dashboard/faq

Result : TFCCTF{Fr33_fl4gz_f0r_U}

Challenge 5 — ROBOTS AND MUSIC

Solution :

Lets start the container and go to : http://01.linux.challenges.ctf.thefewchosen.com:59858

In title they have mentioned robots and music.

Usually every website has robots.txt file i tried to add the path in the end

http://01.linux.challenges.ctf.thefewchosen.com:59858/robots.txt

Output :

User-agent: *

Disallow: /g00d_old_mus1c.php

Tried going to disallowed path :

http://01.linux.challenges.ctf.thefewchosen.com:59858/g00d_old_mus1c.php

Result : TFCCTF{Kr4ftw3rk_4nd_th3_r0b0ts}

Challenge 6 — Deep Links

Solution :

Searched on google : how to find deeplinks in a website

Fount a plausible result at answer location in : https://stackoverflow.com/questions/48443050/how-do-i-find-an-apps-websites-deep-link

Which is : https://developer.apple.com/library/content/documentation/General/Conceptual/AppSearch/UniversalLinks.html

Tried : http://01.linux.challenges.ctf.thefewchosen.com:59887/apple-app-site-association

nano apple-app-site-association

Which Says :

Creating and Uploading the Association File

To create a secure connection between your website and your app, you establish a trust relationship between them. You establish this relationship in two parts:

An apple-app-site-association file that you add to your website

Tried : http://01.linux.challenges.ctf.thefewchosen.com:59887/apple-app-site-association

Output of downloaded file (apple-app-site-association):

{

“applinks”: {

“apps”: [],

“details”: [

{

“appID”: “ABCDEFGHIJ.com.example.example”,

“paths”: [“TFCCTF{4ppl3_4pp_51t3_4550c14t10n}”]

}

]

}

}

Result : TFCCTF{4ppl3_4pp_51t3_4550c14t10n}

My Current Position :