Hide to See - 100 pts

 

Description

How about some hide and seek heh?Look at this image here .

Approach

 

atbash.jpg

 

The image hinted at the Albash cipher, but I didn’t found any encrypted data. After examining the metadata and trying different steganography tools, I eventually discovered the encrypted data hidden within the image using steghide.

┌──(kali㉿iasad)-[~/CTFs/PicoCTF]
└─$ steghide extract -sf atbash.jpg 
Enter passphrase: 
wrote extracted data to "encrypted.txt".



┌──(kali㉿iasad)-[~/CTFs/PicoCTF]
└─$ cat encrypted.txt 
krxlXGU{zgyzhs_xizxp_1u84w779}

 

decoded it on Atbash Cipher and got the flag

 

Untitled

 


Flag: picoCTF{atbash_crack_1f84d779}


 

 

ReadMyCert - 100 pts

 

Description

How about we take you on an adventure on exploring certificate signing requests

Take a look at this CSR file here

Hint💡
Download the certificate signing request and try to read it.

 

Approach

Dumping the contents of the readmycert.cer file reveals:

-----BEGIN CERTIFICATE REQUEST-----
MIICpzCCAY8CAQAwPDEmMCQGA1UEAwwdcGljb0NURntyZWFkX215Y2VydF9hNzE2
M2JlOH0xEjAQBgNVBCkMCWN0ZlBsYXllcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL6KBBqiFmUHDwT3NtVw+Ozveo9uAZ+c47X5n+MEsWPowsNIz9fG
kpLf9rgu9kR4ZR1H5IEddOGEsTA9qRUc1mwBuZeld5o9ltDU+6YzCKANDnwS61sB
w4FV54LTy33T1+1bc11o++3LM34pFCGWI3lwoj8GWDRJdxvvp5Iwh5kz4ki6Mwp/
HAKyyG9i9KMOXAm/Zw0FkL1UZppHa00cbdCieen7lZgeVpFlIs3uo8tL6fGmpYww
Ard6ZFzL1zCwgZukSHsul20gi9Ba4Uz3R4f6zA/PL0S7haAif96yyi/REREKUZGt
76Gt8zv2xVAqhZYYpFqOmv1ycRmZSyF8GWkCAwEAAaAmMCQGCSqGSIb3DQEJDjEX
MBUwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAI4mtS0h
2HQseRJfnySGJdsnquMyLSV1EdvAfb2qTosXuQH0vunk5NbnR9yjXKej0I2Uu6DW
f9UehV+QsgW1tmZKpjGXj602nESDBVwiyNw84AXaW74+vH1lVKu9YFf08GI40Fee
jYYjQLz6DatXL0Qsuyjjo/MF1W1z/N7ErLvox7tj+dIOfEs14LYx61JrwwcAw8Ak
1lo4gwusg/+aEpAhDcw62Bjh2iGfwydHV7vh04vWBzPoSz5xyrNG+w8kALKKRUTh
Z9wKzilfeMGpobC7at6ys5cMdrC3ePVxn0XWTQEWfjQwtr+UtOoOWlP8eJEstWQU
qbdZveR4nsgbnkU=
-----END CERTIFICATE REQUEST-----

 

Looks base64 encoded, running through CyberChef the flag is found in amongst the decoded output :

Untitled

 


Flag: picoCTF{read_mycert_a7163be8}


 

 

Rotation - 100 pts

 

Description

You will find the flag after decrypting this file Download the encrypted flag here

Hint💡
Sometimes rotation is right

Given the name of this challenge, a rotation-based substitution cipher is suspected.

Approach

The contents of the encrypted flag file are:

xqkwKBN{z0bib1wv_l3kzgxb3l_25l7k61j}

The encrypted text follows the flag structure picoCTF{}

We can use CyberChef to find the plaintext. By applying ROT13 operation, and adjesting the amount to 18 we get the Flag

Untitled

 


Flag: picoCTF{r0tat1on_d3crypt3d_25d7c61b}