A short write up for some ctf challenges held at KCA University during the intervarsity bootcamp by SheHacksKE, fr334aks, Safaricom, AfricaHackOn, Ekraal Innovation Hub, Trend Micro & Microsoft.
Challenge link https://kca.ciphercode.dev/
OSINT
Challenge: Hunter1
Given a SHA256 hash of a malicious office document,
What’s the name of the ransomware behind the Malicious Office Document?
This was pretty easy.
Solution
Searching the SHA256 hash on Google brings up a link highlighting “Gandcrab ransomware” and that’s it, you have hunted down the name of the ransomware. flag{gandcrab}
Challenge: Last Hunt
This hunt was about the payment methods used by gandcrab.
Other than BTC the Ransomware group also uses?
Solution
I did some googling on “gandcrab ransomware” and went through articles.
A story featured on malwarebytes (here) stated the payment method.
flag{dash}
Forensics
Challenge: Chatty Chatty — 2
“See ye and you shall find me”. Dig deeper to earn the second flag.
I didn’t get the first flag but here, I could “see and find”
Download the given file.
Well, turns out there are many ways of killing a rat(including burning the whole house)
Solution
I ran strings on the file and found a base64 string.
I decoded the base64 string to get the flag.
Flag{I_Kn3w_Y0u_w0ulD_f1nd_me}
Similarly:
Uploading the file at cyberchef also revealed the base64 without any recipe.
Similarly:
The exiftool should reveal the base64 string as explained by oste here.
There are many ways of killing a rat!
Connect with me: Here
Happy Hacking.
