Hello Everyone, Let’s start with the writeup. So, There is a room on TryHackMe called CTF100 which is created by Deskel ( an amazing user of TryHackMe). This room contains total 100 flags, which are divided in different stages. Every stage have different methodologies , technologies and tools to get the flags. The themes of room is based on telent, cipher, encode and esolang. Let’s get started with solution.
Follow along with this writeup, and deploy your own instance of CTF100! https://tryhackme.com/room/ctf100
Task 1-1: Flag1
Start scanning the ip_address with the help of nmap.
It is showing that port 3333 is open. Let’s dig on port 3333.
$ telnet <ip_address> 3333
It will ask you for you address. Enter your address according to your tunnel ip.
Woah.. We just get the first flag, and terminal also showing that 5 more ports are open now. Time to perform another scan using nmap.
Task 1-2: Flag2
Do the nmap scan using below mention command.
$ nmap -v -T5 -p3000-4000 -Pn 10.10.42.75
So, we find the all 5 open ports. Let’s sart to dig on it.
$ telnet <ip_address> 3343
It is showing some enciphered text. Decipher text using ROT13.
Enter the text to capture the flag and note the number, it will be use in upcoming steps.
Task 1-3: Flag3
Let’s dig on next port.
$ telnet <ip_address> 3353
It is again a enciphered text. This is a ceaser cipher, decipher it.
Keep rotating until you not get meaningful text.
Task 1-4: Flag4
Let’s check a new port for a new flag. Repeat the same telnet process but change the port number.
Now, where is the key?.. he is trying to make you fool bcoz key is where…hahaha
This is vignere cipher, decode it using the key and grab the flag.
Task 1-5: Flag5
It is morse code. Use a morse code translator to decode it and grab the flag.
Task 1-6: Flag6
It is hex. Try to decode hex to ASCII.
Task 1-7: Flag7
Remember the number with each flag? Collected all 5 numbers are
8989 7431 5667 9332 3331
This sequence of these ports, open up port 9999. Enter these numbers on it.( The reason is port knocking)
Something hapen… Time to perform a scan using nmap.
$ nmap -v -T5 -p4000-4999 -Pn <ip_address>
A new open port. Let’s check it.
Do not trust anything it said. Maybe it is trying to fool you. Just press enter, it will show you something.
PORT PORT …. Means there are 5 more open ports. Time to scan again.
Task 1-8: Flag8
$ nmap -v -Pn -T5 -p4000-4999 <ip_address>
Let’s check on each port. 5 more challenges are ready to solve.
It is base64 text. Decode it.
Save the number. It will be gonna help again.
Task 1-9: Flag9
Same Process. Check the next port.
It is base32.
Task 1-10: Flag10
Now, check port 4003. It seems like butter now ..right? Easy and simple… just go with flow and be ready for try harder level….hahhaha
This is base58 which is also look like base64. Decode base58
Task 1-11: Flag11
This is base85 looking like unreadable to us. Decode the base85.
Task 1-12: Flag12
port 4005… what do you have?
This is also unreadable and it is base91. Decode it.
Task 1-13: Flag13
Similar to Flag 1-7, collect all 5 numbers and open new ports using port knocking on port 9999.
According to flag, 5 numbers are
10113 10415 21033 35555 25637
But it is wrong sequence, reverse the order.
25637 35555 21033 10415 10113
Repeat same process, use port 9999 to open new ports.
Something happen. Time to perform a new scan.
$ nmap -v -T5 -Pn -p-6000-6999 <ip_address>
Voilaaa…. Port 6000 is open. Let’s check on this port.
5 more open ports means 5 new flags…
Task 1-14: Flag14
Perform a new scan to identify 5 new ports.
5 new open ports. Let’s dig on each one to find the flags.
Remember something…sounds like pika pika pikachu…yes it is pikachu language. Actually, this is an esolang. Decode it.
Task 1-15:Flag 15
Let’s check port 6020. What is it say?
This is not simple binary language. This is another esolang which is binaryfuck. Let’s decode it.
Task 1-16: Flag16
Check port 6030…
This is spoon esolang. Let’s decode it.
Task 1-17: Flag17
Let’s check port 6040…
Looking like brainfuck…but is reversefuck language.
Task 1-18: Flag18
port port port hahhaha… it is last port to check 6050.(hope so xD)
This is alphuck language.
Task 1-19: Flag19
Collect all the 5 ports? yes…we did. This is port knocking for stage 2.
The sequence is
31031 50010 7968 20010 6100
Use these numbers to open ports in stage 2.
Ports: 31031 50010 7968 20010 6100
So, It was the writeup for stage1. For Stage2 and more, writeup will coming soon. Stay tuned and wait for writeups. Byee byee.