Hackyeaster 2017 Challenges - "Puzzle this!" Solution

https://hackyeaster.hacking-lab.com/hackyeaster/challenge01.html

there is an image that is a puzzle and we need to arrange it to be able to scan the bar code

checking the source code we found that each small image is placed by position from the original scrambled PNG file

arranging the position we get the bar code to scan by the mobile application

Hidden Message A Cyber Criminal is hiding information in the below file. capture the flag? submit Flag in MD5 Format Challenga Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/hidden_message.jpg

Hidden Message

A Cyber Criminal is hiding information in the below file. capture the flag? submit Flag in MD5 Format

Challenga Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/hidden_message.jpg

Download the image and from the first thought, an image and hidden message, so it should be steganography challenge

checked it against online sites and downloaded application but i cannot find any hidden messages

open teh image in Notepad++, and chacking the data i found the code "b1a1f2855d2428930e0c9c4ce10500d5"

we get the code "b1a1f2855d2428930e0c9c4ce10500d5"

Cyber Talents 2017 Challenges - "LOTR Hero Mania" Solution

LOTR Hero Mania

lord of the rings addict is the user of this application, can you find the creds?, the key is the md5(userpass)

Challenge Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Reverse/app.apk.zip

Download the APK and decompile it (i use online APD decompiler)

open the java file named MainActivity.java

compare line

if (user.compareTo(MainActivity.this.getUser()) == 0 && pass.compareTo(MainActivity.this.getPass()) == 0) {

getUser function

private String getUser() {
        String resp = this.weezy > 152 ? "Legolas" : "Aragon";
        this.weezy += 100;
        return resp;
    }

getPass function

private String getPass() {
        return this.weezy > 152 ? "Saruman" : "Gandalf";
    }

so the user is Legolas and the password is Saruman

get the MD5 of LegolasSaruman provide the code

we get the code "d710d29360684aef13ea7cdfecf63a3a"

Cyber Talents 2017 Challenges - "G&P List" Solution

G&P List

Just open the file and Capture the flag. Submission in MD5

Challenge Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/G%26P+lists.docx

this is a corrupted DOC file, opened and recover it did not give anything

open the file in Notepad++ and check the content, i found

Flag.txt877c1fa0445adaedc5365d9c139c5219PK

we get the code "877c1fa0445adaedc5365d9c139c5219"

Cyber Talents 2017 Challenges - "Hidden Message" Solution

Hidden Message

A Cyber Criminal is hiding information in the below file. capture the flag? submit Flag in MD5 Format

Challenga Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/hidden_message.jpg

Download the image and from the first thought, an image and hidden message, so it should be steganography challenge

checked it against online sites and downloaded application but i cannot find any hidden messages

open teh image in Notepad++, and chacking the data i found the code "b1a1f2855d2428930e0c9c4ce10500d5"

we get the code "b1a1f2855d2428930e0c9c4ce10500d5"

Cyber Talents 2017 Challenges - "Crack the Hash" Solution

Crack the Hash 

A hacker leaked the below hash online.Can you crack it to know the password of the CEO? 1ab566b9fa5c0297295743e7c2a6ec27

this seems to be SHA1 code, 
try to decrypt it online using https://hashkiller.co.uk/sha1-decrypter.aspx

we get the code "Iamtheflag"

Cyber Talents 2017 Challenges - "Guess The Password" Solution

Guess The Password 

A hacker leaked the below hash online.Can you crack it to know the password of the CEO?

the flag is the password Hash: 06f8aa28b9237866e3e289f18ade19e1736d809d

this seems to be MD5 code, 
try to decrypt it online using https://hashkiller.co.uk/md5-decrypter.aspx

we get the code "jrahyn+"

Hacky Easter 2017 Teaser , Riddle 16 Solution

RIDDLE 16

<~<+oue+DGm>FD,5.CghC,+E)./+Ws0B9h&:~>

this seems to be an encoded message, searching show it is ASCII85  encoded

using ASCII85 decoder online (https://www.tools4noobs.com/online_tools/ascii85_decode/)

the translated text is : This is the last one! DFMFZ

the code is "DFMFZ"

Hacky Easter 2017 Teaser , Riddle 15 Solution

RIDDLE 15

FRIDAY THE THIRTEENTH, 4:00 PM
/([FOR]*)([ID]{2})([^N]*)(.)(.*)/g
$2E$44

the second line is a regular expression, i tested the first line with it and it is ok

$2 and $44 capture parts of the check (good explanition is here http://stackoverflow.com/questions/5982824/what-does-1-2-etc-mean-in-regular-expressions)

i wrote the below javascript code to provide the $2 and $44

num="FRIDAY THE THIRTEENTH, 4:00 PM";
    re = /([FOR]*)([ID]{2})([^N]*)(.)(.*)/g;
    re.test(num);
    alert(num.replace(re, "$2,$44"));

this will alert ID,N4 adding to it the E

the code is "IDEN4"

Hacky Easter 2017 Teaser , Riddle 14 Solution

RIDDLE 14

89504E470D0A1A0A0000000D494844520000001D0000000708020000007BBCD1A5000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC300000EC301C76FA8640000001874455874536F9180C0665A0582C8C7E22DF20C5480A130629060CF29792C16CB06293C82283C2F0C562540693C94F297F2983FB9D667477617265007061696E742E6E657420342E302E36FC8C63DF000001AA4944415428534D513DC8416118BD7E4A1EBF9BEDB77A673CE7DEE799FF3BE0CFB81C160904824C4098542C1E17098CDE672B90C399D4E9D4EA740208846A39954AD84EA9542E974B9A108BC5FF7301AD564B2F91CFE729174033BC1BF17EBFCFF87CBEF97C4E7ABBDDEAF57A90DBCD2693C9300CF3F5079A29168B56ABD5E572B5DBEDDF5C954A85B9D3E944D2EBF5D66AB5DBEDF67EBF5BADD6EBF51A8D4676BB1D9F7ABD9EDFEF877FBFDFE3F1782E97BB5EAFF0B1473A9D063F1C0E1A8D86CB1D8FC7D8CBE3F1341A0A194DBED7E3C1E8893CBE5E804743A1DEE57964DA552F57A1D64B7DB994C2632095CAE4C260B8542C160502A95AEDDC8C964A2502840FE83CF050987C3642693C96AB54A1C558810B8DC4824321C0E178B85CD66836C369BD80244A7D37EBC160100804E05F2E97E3F1882054E6F7DDEFF770CEE73378369BA5DCE7F3899B04E1C174BBDD582CF6FD01162F00000049454E44AE42608296C66341A3FA519FE5AD56A35A44824C2D99F71B652A9F0B9ABD5CA62B1604028142612891FA2F7838B729D41E800

this seems to be binary data, looking about the start and end, it seems it is a PNG picture

i wrote the below php script that take the data and save it as PNG file, open the file i found the code

$hexpic="89504E470D0A1A0A0000000D494844520000001D0000000708020000007BBCD1A500000017352474200AECE1CE90"
."000000467414D410000B18F0BFC6105000000097048597300000EC300000EC301C76FA8640000001874455874536F"
."667477617265007061696E742E6E657420342E302E36FC8C63DF000001AA4944415428534D513DC8416118BD7E4A1"
."9180C0665A0582C8C7E22DF20C5480A130629060CF29792C16CB06293C82283C2F0C562540693C94F297F2983FB9D"
."1A8D4676BB1D9F7ABD9EDFEF877FBFDFE3F1782E97BB5EAFF0B1473A9D063F1C0E1A8D86CB1D8FC7D8CBE3F1341A0"
."EBF9BEDB77A673CE7DEE799FF3BE0CFB81C160904824C4098542C1E17098CDE672B90C399D4E9D4EA740208846A39"
."BCD2693C9300CF3F5079A29168B56ABD5E572B5DBEDDF5C954A85B9D3E944D2EBF5D66AB5DBEDF67EBF5BADD6EBF5"
."DC8C964A2502840FE83CF050987C3642693C96AB54A1C558810B8DC4824321C0E178B85CD66836C369BD80244A7D3"
."A194DBED7E3C1E8893CBE5E804743A1DEE57964DA552F57A1D64B7DB994C2632095CAE4C260B8542C160502A95AED"
."954AD84EA9542E974B9A108BC5FF7301AD564B2F91CFE729174033BC1BF17EBFCFF87CBEF97C4E7ABBDDEAF57A90D"
."7EBC160100804E05F2E97E3F1882054E6F7DDEFF770CEE73378369BA5DCE7F3899B04E1C174BBDD582CF6FD01162F"
."96C66341A3FA519FE5AD56A35A44824C2D99F71B652A9F0B9ABD5CA62B1604028142612891FA2F7838B729D41E800"
."00000049454E44AE426082";

$data = pack("H" . strlen($hexpic), $hexpic);

file_put_contents("sample.png", $data);

the code is "AGBTC"

Hacky Easter 2017 Teaser , Riddle 13 Solution

RIDDLE 13

URER LBH TB: MJX4E

this also seems not easy, some sort of encryption, searching google a bit, i came across (https://www.geocaching.com/geocache/GC4MAT5_calliope?guid=83acce99-4599-46bb-86b7-6ef37d578708) 

this seems to be a substitution encryption, the key is

A B C D  E F G H I  J  K  L M

-------------------------------------N O P Q R S T U V W X Y Z


so doing the substitution for all letters (example A will be N and N will be A)

the translated text is : HERE YOU GO: ZWK4R

the code is "ZWK4R"

Hacky Easter 2017 Teaser , Riddle 12 Solution

RIDDLE 12

697c611778601371647d12177e7d060572
3133333731333337313333373133333731

the 2 lines are 34 chars, and seems to be hexadecimal, i tried many ways, and find out it is an XoR

i user (http://xor.pw/) and i get

584f522049532046554e21204f4e353243

using hexadecimal to Ascii converter http://www.rapidtables.com/convert/number/hex-to-ascii.htm()  i solved it

the translated text is : XOR IS FUN! ON52C

the code is "ON52C"

Hacky Easter 2017 Teaser , Riddle 11 Solution

RIDDLE 11

👻👽👻👻👻👻👽👽👻👽👻👻👽👽👽👽👻👽👻👻👽👽👽👻👻👽👻👻👻👽👽👽👻👽👻👽👻👻👽👻👻👽👻👻👻👻👻👽👻👽👻👽👻👽👻👻👻👽👻👽👻👻👽👽👻👻👽👻👻👻👻👽👻👻👽👻👻👻👻👻👻👽👻👻👽👽👽👻👻👻👽👽👻👽👻👽👻👽👻👽👽👻👻👻👻👽👻👻👻👽👽👽👻👽👻👻👽👻👽👽

as we only have 2 options (Black and white), it is a binary system

we have either black is 1 and white is 0 or the opposite

so either

010000110100111101001110010001110101001001000001010101000101001100100001001000000100111000110101010110000100011101001011
or

101111001011000010110001101110001010110110111110101010111010110011011110110111111011000111001010101001111011100010110100

check any binary to Ascii with both , we get the code
CONGRATS! N5XGK

the code is "N5XGK"

Hacky Easter 2017 Teaser , Riddle 10 Solution

RIDDLE 10

No comment.

as usual if nothing in the page, check the source code

the code is "A43JN"

Hacky Easter 2017 Teaser , Riddle 9 Solution

RIDDLE 9

Just a bit:
/2mi4AMj

this is very confusing, and take a lot of time and luck

searching google for bit and /2mi4AMj i came across this website

the code is "5DFME"

Hacky Easter 2017 Teaser , Riddle 8 Solution

RIDDLE 8

84 97 107 101 32 116 104 105 115 58 32 71 89 53 84 70

these seems to be ASCII codes, so i checked them online ( i use https://www.branah.com/ascii-converter)


the translated text is : T a k e   t h i s :   G Y 5 T F

the code is "GY5TF"

Hacky Easter 2017 Teaser , Riddle 7 Solution

RIDDLE 7

Hwldp wx, Euxwh! QYAVL

this seems to be an encryption some how, but it is not clear

doing a quick search for Euxwh on google, i found it as an example of Ceaser Cipher

so using Ceaser Cipher (explanation is here https://mysterytriplets.wordpress.com/2014/11/13/hw-wx-euxwh-learning-the-cesarean-cipher-3-letters-back/)

the code is "NVXSI"

Hacky Easter 2017 Teaser , Riddle 6 Solution

RIDDLE 6

--- -. . / -- --- .-. . / .... . .-. . ---... / .--- .- --- -- -.--

this looks like Morse code, using any online decode (i use http://morsecode.scphillips.com/translator.html )

the translated text is : ONE MORE HERE: JAOMY

the code is "KAOMY"

Hacky Easter 2017 Teaser , Riddle 5 Solution

RIDDLE 5

3a3ea00cfc35332cedf6e5e9a32e94da
9d5ed678fe57bcca610140957afab571
f09564c9ca56850d4cd6b3319e541aee
5dbc98dcc983a70728bd082d1a47546e
7fc56270e7a70fa81a5935b72eacbe29

as the code is 5 characters, then each line will be a letter 

trying with MD5 decode (i use http://md5decrypt.net/en/)

the code is "EBQSA"

Hacky Easter 2017 Teaser , Riddle 4 Solution

RIDDLE 4

eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('0(\'1\');',2,2,'alert|VYGY6'.split('|'),0,{}))

running it in any browser or online you get

the code is "VYGY6"

Hacky Easter 2017 Teaser , Riddle 3 Solution

RIDDLE 3

One for free here: 404 - not found! 

nothing seems in this code, checking the source code of the page (i use chrome inspect), i found under the text above the below script

document.write(String.fromCharCode(88, 73, 90, 76, 83));

running it in any browser or online you get

the code is "XIZLS"

Hacky Easter 2017 Teaser , Riddle 2 Solution

RIDDLE 2

UGllY2Ugb2YgY2FrZSEgWlhHSUQ=

checking the code above, it seems encoded or encrypted

so starting to decode it online

https://www.base64decode.org/

Piece of cake! ZXGID

so the code is "ZXGID"

Hacky Easter 2017 Teaser , Riddle 1 Solution

RIDDLE 2

MBD2A !ysaep ,ysaE

checking the code, it seems string is reversed

do it should be written

Easy, peasy! A2DBM

so the code is "A2DBM"