UMDCTF Writeups

SYS_DATE: 2021-04-20 00:00 | SIZE: 421 words

#Steganography #Wireshark #Aircrack-ng

we settled for #43 from 484 teams

Misc

more writeups from Mystik0ri0n here

John’s Return

Description

you can get the challenge file here

received.pcapng

Solution

summary :

WPA traffic decrypting

Here we have a pcapng file wirh 802.11 radiotap (wireless) traffic dump,seems it’s encrypted

…. but wait it’s a .pcapng file which aircrack-ng is unable to read it so we are forced to convert to a pcap i used this site pcapng.com for that then we can use aircrack-ng with rockyou.txt as our wordlist, seconds later it spits out the password

 1aircrack-ng received.s0i0.pcap -w /usr/share/wordlists/rockyou.txt 
 2
 3      [00:00:00] 48/7120712 keys tested (2246.56 k/s) 
 4
 5      Time left: 52 minutes, 50 seconds                          0.00%
 6
 7                           KEY FOUND! [ chocolate ]
 8
 9
10      Master Key     : F8 FA E8 1B 93 20 46 CD F5 7C 0B 7C D0 70 0C 11 
11                       F5 70 AD 93 5B 9C 91 97 8D 44 18 70 76 56 5E B6 
12
13      Transient Key  : C7 DE 67 E5 E6 B2 C9 77 99 97 14 1C D2 88 60 60 
14                       10 05 FF CC 55 7A BF 51 63 CF 11 FilippoG98FilippoG98FilippoG9897 38 86 32 FF 
15                       AB 93 AA 76 0A E9 6B 85 72 70 26 ED 65 48 8C 44 
16                       22 A1 AC FA 0F 0B 6E 3D 1F 96 7B F7 C7 30 E5 54 
17
18      EAPOL HMAC     : B3 22 03 F5 85 25 3E 03 EE 64 24 6C C2 CB 77 76

using the password as chocolate and the SSID as linksys we can decrypt the traffic

open wireshark > edit > preferences > protocols > IEEE 802.11 > Enable Decryption > Key type : wpa-pwd > key password:SSID final as wpa-pwd chocolate:linksys

looking back at the decrpted traffic we get our flag in the decrypted CCMP data

Flag : UMDCTF-{wh3r3_j0hn}

Steganography

Pickle Rick

Challenge

Download Here

Solution

We are given two rick rolls :joy: but both contain a hidden message, the first had the steg password for the second

 1┌─[@parrot]─[~/Desktop/CTFs/umdctf]
 2└──╼ $steghide extract -sf together-forever-encoded.wav 
 3Enter passphrase: 
 4wrote extracted data to "steganopayload318205.txt".
 5┌─[@parrot]─[~/Desktop/CTFs/umdctf]
 6└──╼ $cat steganopayload318205.txt 
 7The password is "big_chungus"!
 8┌─[@parrot]─[~/Desktop/CTFs/umdctf]
 9└──╼ $steghide extract -sf rickroll.wav 
10Enter passphrase: 
11wrote extracted data to "steganopayload318287.txt".
12┌─[@parrot]─[~/Desktop/CTFs/umdctf]
13└──╼ $cat steganopayload318287.txt 
14UMDCTF-{n3v3r_g0nna_l3t_y0u_d0wn}

Flag : UMDCTF-{n3v3r_g0nna_l3t_y0u_d0wn}

Hidden Card

Challenge

Solution

having tried majority of Steganographic techniques and failed,decided to try one last tool

diit

opening the image in it and decoding using BattleSteg algorithm we get our Flag

1┌─[@parrot]─[~/Desktop/CTFs/umdctf]
2└──╼ $cat battle.txt 
3UMDCTF-{c4rd_1n_a_c4rd$t4ck}

Flag : UMDCTF-{c4rd_1n_a_c4rd$t4ck}