TUCTF 24

Happy Lunar new years, this will be a short write-up since the challenges isn’t that hard

---

Mystery Presentation

The given file look like a PKzip instead of a PPTX so just rename the extention to zip then open it up there a secret_data inside, also this is a polygot file

open the secret data there a flag inside:

TUCTF{p01yg10+_fi1e5_hiddin9_in_p1@in_5i9h+}

Packet Detective

Just open the pcap file and the last packet contains the flag

TUCTF{N3tw0rk_M4st3r}

Security Rocks

open the network capture file this is a 802.11 capture file

there are some encrypted connection, we have to use aircrack to find the key then decrypt the traffic

┌──(raviel㉿kali)-[~/Desktop]
└─$ aircrack-ng -w /home/raviel/Desktop/wordlist/rockyou.txt dump-05.cap

Go to Edit > preferences > protocol > IEEE 802.11 > Decryption key > key type (wpa-pwd)

apply this then go back to the capture file you will see some TCP packets

Heres my super secret flag, I made it extra secure ;)
1KZTi2ZV7tO6yNxslvQbjRGL54BsPVyskwv4QaR29UMKj

using cipher identifier we can know that this is encoded in base62

TUCTF{w1f1_15_d3f1n173ly_53cure3}

Bunker

This look like a clean PE so let’s do some recon first, if you wandering around the internet you will see this https://github.com/vdohney/keepass-password-dumper and this https://nvd.nist.gov/vuln/detail/CVE-2023-32784

from that we can dump out the password of the keePass, there are some missing word at the beginning but we can guess it

password: gL0Ry_2_M4nk1Nd!_Y0RH4

Open the DB file with keepass then input the password

There a bunker record in the bunker, open it up and check the history entry, there a password change, from there we got the flag