CTF INFOSEC INSTITUTE CTF SOLUTIONS





INFOSEC INSTITUTE CTF LEVEL ONE SOLUTION

This is pretty simple one !!
When you click level one !! you see below screen




Text – “May the source be with you “ is the clue for checking source page. Once you open source page, you will find the flag on top of page


Flag - <!-- infosec_flagis_welcome -->




INFOSEC INSTITUTE CTF LEVEL TWO SOLUTION
This is simple but tricky.
Once you open Level two page. You find “ image icon which cannot be loaded”


Check the image link , go to http://ctf.infosecinstitute.com/img/leveltwo.jpeg ,still image cannot be loaded. Go to http://ctf.infosecinstitute.com/img/ and download the image with “save as”



Open this image with Notepad plus .



You get a string value.
aW5mb3NlY19mbGFnaXNfd2VhcmVqdXN0c3RhcnRpbmc=

on quick look , I found this to be Base64 encoded.





You get the flag - infosec_flagis_wearejuststarting


INFOSEC INSTITUTE CTF LEVEL THREE SOLUTION
Level 3 is QR code displayed on page.




I quickly check if there is addon for firefox to read  QR code and convert code to text. Luckly I found on Add on – QR Secret decoder









It resulted into dot and dashes



This is morse code.
I entered this code into my favourite http://rumkin.com/tools/cipher/  used Morse decoder to see the text.





Flag is – INFOSECFLAGISMORSING

INFOSEC INSTITUTE CTF LEVEL FOUR SOLUTION
This is not a straight one at all. When you open level four you find below screen.


Clue is -HTTP means Hypertext Transfer Protocol
I tried looking to the entire corners of http, but could not found anything. It was like annoying .. Hold on.. I found something  http capture with “live http Header “ addon.
Other way you find this with cookie manager add on. 




You see some value - vasbfrp_syntvf_jrybirpbbxvrf
Hmmm.. I was not sure if this would be the flag or encrypted flag text . however I tried with few decoder from runkim.com .. at last I found that it is ROT13 encoder . using the same I decode it.



Flag is  - infosec_flagis_welovecookies


INFOSEC INSTITUTE CTF LEVEL FIVE SOLUTION
Level 5 page load with alert “hacker” repeatedly.
I tried to stop the pop up by checking “ prevent it” but this page does not move to any place. i did not try any hard way for this. I was sure “redirect” is key here. So I enabled “ No Redirect” addon  and I found this image.




Lol !!  Aliens here too J
But where is the Flag ? I tried opening the image with few editors , but no luck. Next move was stenography . I used online tool to check if this image contain any hidden code.



Found the hidden code



01101001011011100110011001101111011100110110010101100011010111110110011001101100011000010110011101101001011100110101111101110011011101000110010101100111011000010110110001101001011001010110111001110011

I converted this binary to text and found the flag.
Flag is - infosec_flagis_stegaliens


INFOSEC INSTITUTE CTF LEVEL SIX SOLUTION
In this level you did to download pcap file.
Opent the file in wireshark. Check UDP and follow UDP steam





You get a string , this could be possible flag ? on bit googling found that it could be hex and I used online hex to string convert , found the flag.

Flag - infosec_flagis_sniffed

INFOSEC INSTITUTE CTF LEVEL SEVEN SOLUTION
This is quite tricky one !! need more commom sense than a technology .
This level url end with 404.php , where as other user are like levelone , leveltwo.
I used the same, I changed 404.php to levelseven.php  … Uhh!!  I don’t see anything on page , looks like we are not done yet !! I checked source code and other area to find flag, no luck.
I used Live http header add on to see if I can capture tcp request to find for cule. Opps !!! got some thing


When I saw == I knew this base64 encoded J  I used decoder from Hack bar addon , found the flag
Flag is - infosec_flagis_youfoundit

INFOSEC INSTITUTE CTF LEVEL 8 SOLUTION
In this level you need to download exe file . I am sure this exe file has flag, I never decompiled exe till now and thought this right time to learn quickly,
Flag – Not found
INFOSEC INSTITUTE CTF LEVEL 9 SOLUTION



Cisco IDS web login ?  I check with default password for here
Found it :- username root and password attack.


I see the pop up with some character. I believe this is Flag.
In source code I found this.

I used hackbar and further reverse option, when you can reverse the string.
ssaptluafed_sigalf_cesofn
 

Flag is - infosec_flagis_defaultpass

INFOSEC INSTITUTE CTF LEVEL 10 SOLUTION
In this level you get to download wav file,  initially I thought it would Steganography but I was wrong.
Tried with music editor other tools. But no luck.
Here is what I think
Based on all the flag I found   , flag should be
Flag - infosec_flagis_sound

INFOSEC INSTITUTE CTF LEVEL 13 SOLUTION
This level you get a clue “What the heck happened here? It seems that the challenge here is gone? Can you find it? Can you check if you can find the backup file for this one? I'm sorry for messing up :(“

Back up files ? how we generally rename them? Old or with date or bak . I tried with them,
I could download the file

Not solved yet...