x03e

← Back to Writeups

SpookyCTF 2024

Web Challenge : Cryptid Hunters

Category: Web Points: 50 Solves: 309

Solution

The vulnerability exploited a classic SQL injection in the login form. By entering the payload below, we bypassed authentication:

Username: admin' ;# | Password: Anything

Here is the flag:

Flag

OSINT Challenge : They Have Returned

Category: OSINT Points: 472 Solves: 39

Solution

A secret permission has been discovered. Your task:

  1. Identify the user with this role.
  2. Permissions
  3. Investigate their profile for clues.
  4. Profile

On Twitter, you’ll find the final hint:

Final Hint

Twitter Handle: @D4rk_F4t3

Recovered Flag:

NICC{Gue55_wh0'5_b4ck?}

Bin Challenge: What Flag

Category: Binary Analysis Points: 539 Solves: 113

NICC received a mysterious email with an executable file that does nothing. Can you figure out what this executable does?

Solution

Upon analyzing the binary in Binary Ninja, we discovered variables hinting at the flag's structure. By examining the sequence, we inferred the correct flag format as follows:

Flag Structure

Recovered Flag:

NICC{uhH_fl@g_i_ThInk}

Forensic Challenge: Won't Somebody Think of the Children

Category: Forensic Points: 554 Solves: 109

If Loab is back, we might need the council to help us out. The problem is that Anna sent Maya looking for them, but she still hasn't come back. This is her last known location... Maybe you can help find her.

I'd go, but I really don't want to be around those spooky ghost orphans.

Challenge Overview

This challenge involves uncovering a hidden image within the provided data. By decoding a Base64-encoded string, you will reveal the images that lead you to the solution.

Steps to Solve

  1. Base64 Decoding: The first step is to decode the Base64 string provided in the challenge.
  2. Save the Images: After decoding, save each output as an image file (e.g., img1.png, img2.png, ..., img8.png).
  3. Identify the Correct Image: Examine the saved images and identify which one, named img5, is the correct one related to the challenge.

Photos

Image 2 Image 3 Image 4 Image 5 Final Image

Stego Challenge: Phenomenal-Photo

Category: Steganography Points: 152 Solves: 133

Simon was spotted dwelling under the clock-tower yet again, this time taking pictures. He seems to have captured a strange object in the far distance going left, right, up, and down, seemingly lost or out of control. There is a strange aura radiating from the photo, pulsations even, like an SOS. Can you figure out this strange phenomenon?

Use Steghide to extract hidden data from the image file.

Final Image

Ship#1 Folder: Map.txt

⋔⏃⌿: ⌰⟒⎎⏁, ⎍⌿, ⎅⍜⍙⋏, ⌰⟒⎎⏁, ⎅⍜⍙⋏, ⍀⟟☌⊑⏁, ⍀⟟☌⊑⏁, ⎅⍜⍙⋏, ⌰⟒⎎⏁, ⎍⌿, ⌰⟒⎎⏁, ⍀⟟☌⊑⏁, ⎍⌿
⍀⟒⋔⟟⋏⎅⟒⍀ ⏁⊑⏃⏁ ⍜⎍⍀ ☌⌿⌇ ⟟⌇ ⏃ ⌰⟟⏁⏁⌰⟒ ⎎⎍⋏☍⊬, ⟟⏁ ⍜⋏⌰⊬ ⏁⏃☍⟒⌇ ⏁⊑⟒ ⎎⟟⍀⌇⏁ ⌰⟒⏁⏁⟒⍀ ⍜⎎ ⟒⏃☊⊑ ⎅⟟⍀⟒☊⏁⟟⍜⋏ ⍙⟒ ⍙⏃⋏⏁ ⏁⍜ ☌⍜ (⌇⏁⎍⌿⟟⎅ ⋔⟒⋔⍜⍀⊬ ⋔⏃⋏⏃☌⟒⋔⟒⋏⏁)

Translation (via Alien Language Decoder):

MAP: LEFT, UP, DOWN, LEFT, DOWN, RIGHT, RIGHT, DOWN, LEFT, UP, LEFT, RIGHT, UP

REMINDER: OUR GPS IS A LITTLE FUNKY. IT ONLY TAKES THE FIRST LETTER OF EACH DIRECTION (STUPID MEMORY MANAGEMENT)

Password for gps.zip

LUDLDRRDLULRU

Explanation: This password corresponds to the first letters of LEFT, UP, DOWN, LEFT, DOWN, RIGHT, RIGHT, DOWN, LEFT, UP, LEFT, RIGHT, UP.

Contents of gps.zip

⋏⟟☊☊{⊑⟒⌰⌿_⋔⟒_⎎⟟⋏⎅_⏁⊑⟒_⌿⌰⏃⋏⟒⏁_⏚0⍜}

Translation (via Alien Language Decoder):

NICC{HELP_ME_FIND_THE_PLANET_B0O}

Stego Challenge: Phenomenal-Photo

Category: Steganography Points: 50 Solves: 311
Final Image NICC{UR_4SAK3N_D3CISION}

Stego Challenge: Whisperz in Morse

Category: Steganography Points: 50 Solves: 333

Mary got a letter from Maya talking about seeing a cryptid sighting but doesn't want other people to know, the only thing attached is this picture? She wonders if there could be a secret message hidden inside.

Use Steganography to extract a hidden flag from the image file.

Mary Morse

Steps to Solve:

  1. Extract the Flag: To extract the hidden content from the image, use the following command: steghide extract -sf MaryMorse.jpg
  2. Password: During the extraction process, you will be prompted for a password. Use the following key: M.A.__.R.Y
  3. Retrieve the Flag: After successfully entering the password, a file named flag.txt will be created. Open this file to reveal the flag.

Flag:

NICC{tHe_whIspeRz_iN_Th3_aiR}

Misc Challenge: Well-Met

Category: Misc Points: 50 Solves: 205

For the past three years these characters have appeared in JerseyCTF, SpringForwardCTF, and SpookyCTF - but their lore was kept secret. Can you find the secret in their history?

Steps to Retrieve the Flag:

  1. Open the webpage here.
  2. View the page source and search for the keyword "NICC" to locate parts of the flag.
  3. The flag is split into four parts, found hidden within the source code:
    • First Part: NICC{StOr
    • Second Part: IeS_DoNt_M
    • Third Part: aKe_ThE_cTf_T
    • Fourth Part: oO_cTfY_rIgHt?}

Pictures:

Well-Met Image 1 Well-Met Image 2 Well-Met Image 3 Well-Met Image 4

Combine these segments to get the complete flag:

NICC{StOrIeS_DoNt_MaKe_ThE_cTf_ToO_cTfY_rIgHt?}

Misc Challenge: No-Access

Category: Misc Points: 736 Solves: 30

Mary hid a little surprise for everyone in the SpookyCTF Discord. Can you find it? This challenge does not require sending any messages.

Steps to Retrieve the Flag:

After inspecting the Discord server for anything suspicious, we discovered a hidden, super-secret channel that’s invisible by default. To view this channel, you’ll need a Discord mod like Vencord or BetterDiscord.

Flag Components:

  1. Category Name (First Part): TklDQ3t3aFlf No-Access Image 1
  2. Channel Detail (Second Part): ZDAzU19kSVNjMFJkXzRMbDBXX3RIaVo/fQ== No-Access Image 2

Complete Flag:

Combining both parts, the flag is:

TklDQ3t3aFlfZDAzU19kSVNjMFJkXzRMbDBXX3RIaVo/fQ== Final Flag Image

Final Flag Format:

NICC{whY_d03S_dISc0Rd_4Ll0W_tHiZ?}