Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. Get the archive, unpack it and find "there you go.png" file ----- STEGO #1 part
- 2. By manipulating the picture, you can find the rick-roll URL. -> clck.ru shortened link
- 3. At the end of the picture (in HEX editor) you can find a Base64 message. Decrypting it leads to an encyphered message ----- CRYPTO #2 part
- 4. Structure of the message appears to look like an URL, the cipher is ROT (Caesar cipher), pretty common cipher
- 5. https://vk.cc/avXot0 is the decrypted URL. The link redirects to http://iktm.me/ctf/Doubled_IUGHEUR.mp3
- 6. Download the song. It is "Take on me", except for some reason you only hear the actual song on your right ear. ----- STEGO #3 part
- 7. In the end of the file you can find some filename. Attempt to open the track with archivator reveals the file is also an archive. Yet it's passworded
- 8. Open the song in Audacity, split stereo track into mono tracks, and remove right channel.
- 9. The track left will contain morse. Use any decoder to decode it
- 10. WENEEDMOREPASSWORDS is the password.
- 11. Inside, you can find another picture. Opening it in archivator reveals it's a passworded archive. By auto-leveling the picture, you can find the password right under the HACKERMAN label. ----- STEGO #4 part
- 12. "V3ryP@ssw0rd9" is the password.
- 13. Inside, there's an .exe file. When open, requires password. ----- REVERSE #5 part
- 14. *there's multiple solutions*
- 14.1 opening the file in HEX reveals it's C# file. Use dotPeek or any C# decompiler to reveal the password
- 14.2 opening the file in HEX reveals the Unicode link (something like h.t.t.p.s.:././......)
- 14.3 opening the file in HEX reveals the Unicode password (V.e.r.y.S.3.c.r.e.t.V.e.r.y.P.@.s.s.w.o.r.d)
- 15. Any of those ways will lead to the link - https://vk.cc/avXj3Q
- 16. The link contains an image (look at the URL). Use ctrl+S to save it. --- PPC + STEGO #6 part
- 17. The image is one long array of white and black pixels. It's probably binary.
- 18. Use your programming skills to read all bits and convert them to string.
- 19. Get binary that looks like this 01001100011011110111001001100101011011010010000001101001011100000111001101110101011011010010000001100100011011110110110001101111011100100010000001110011011010010111010000100000011000010110110101100101011101000010110000100000011000110110111101101110011100110110010101100011011101000110010101110100011101010111001000100000011000010110010001101001011100000110100101110011011000110110100101101110011001110010000001100101011011000110100101110100001011000010000001110011011001010110010000100000011001000110111100100000011001010110100101110101011100110110110101101111011001000010000001110100011001010110110101110000011011110111001000100000011010010110111001100011011010010110010001101001011001000111010101101110011101000010000001110101011101000010000001101100011000010110001001101111011100100110010100100000011001010111010000100000011001000110111101101100011011110111001001100101001000000110110101100001011001110110111001100001001000000110000101101100011010010111000101110101011000010010111001101000011101000111010001110000011100110011101000101111001011110111011001101011001011100110001101100011001011110011001001100010001110010111001001011010011011101001011110001011100010111000111110001100110001011101000011010000100010011001010011010001100111001001110011010000100111101000100110100111100111001010011110110101
- 20. Converting it to UTF-8 string, it looks like this: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.https://vk.cc/2b9rZn???????????О?????
- 21. Get rickrolled
- 22. By inverting all the bits (or the image), such as white = black and black = white, or 1 = 0 and 0 = 1, you can then convert them to UTF-8 again and get string similar to this: ????????????????????????????????????????????????????????????????????????????????????????????????????????ї???????????????https://vk.cc/avXcXJ
- 23. Link leads to a .txt file, containing the flag: BruhCTF{y0u_d1d_it_83756}
Add Comment
Please, Sign In to add comment