Hello Everyone,  Let’s start with the writeup. So, There is a room on TryHackMe called CTF100 which is created by Deskel ( an amazing user of TryHackMe). This room contains total 100 flags, which are divided in different stages. Every stage have different methodologies , technologies and tools to get the flags. The themes of room is based on telent, cipher, encode and esolang. Let’s get started with solution.

Follow along with this writeup, and deploy your own instance of CTF100! https://tryhackme.com/room/ctf100

Task 1-1: Flag1

Start scanning the ip_address with the help of nmap.

It is showing that port 3333 is open. Let’s dig on port 3333.

$ telnet <ip_address> 3333

It will ask you for you address. Enter your address according to your tunnel ip.

Woah.. We just get the first flag, and terminal also showing that 5 more ports are open now. Time to perform another scan using nmap.

Flag1: you_got_a_message

Task 1-2: Flag2

Do the nmap scan using below mention command.

$ nmap -v -T5 -p3000-4000 -Pn

So, we find the all 5 open ports. Let’s sart to dig on it.

$ telnet <ip_address> 3343

It is showing some enciphered text. Decipher text using ROT13.

Enter the text to capture the flag and note the number, it will be use in upcoming steps.

Flag2: qt8pm59jh5r49uqdwfw2

Task 1-3: Flag3

Let’s dig on next port.

$ telnet <ip_address> 3353

It is again a enciphered text. This is a ceaser cipher, decipher it.

Keep rotating until you not get meaningful text.

Flag3: 5wdtc7jzk33qjauh5gxm

Task 1-4: Flag4

Let’s check a new port for a new flag. Repeat the same telnet process but change the port number.

Now, where is the key?.. he is trying to make you fool bcoz key is where…hahaha

This is vignere cipher, decode it using the key and grab the flag.

Flag4: sm8jvu8jxu7dz6s7qmsp

Task 1-5: Flag5

Next port.

It is morse code. Use a morse code translator to decode it and grab the flag.

Flag5: 2p3363hrava9fbq296ca

Task 1-6: Flag6

Next port.

It is hex. Try to decode hex to ASCII.

Flag6: skuj9359mqdm6sv8d8z6

Task 1-7: Flag7

Remember the number with each flag? Collected all 5 numbers are

8989 7431 5667 9332 3331

This sequence of these ports, open up port 9999. Enter these numbers on it.( The reason is port knocking)

Something hapen… Time to perform a scan using nmap.

$ nmap  -v -T5  -p4000-4999  -Pn <ip_address>

A new open port. Let’s check it.

Do not trust anything it said. Maybe it is trying to fool you. Just press enter, it will show you something.

PORT PORT …. Means there are 5 more open ports. Time to scan again.

Flag7: zmht7gg3q3ft7cmc942n

Task 1-8: Flag8

$ nmap -v -Pn -T5 -p4000-4999 <ip_address>

Let’s check on each port. 5 more challenges are ready to solve.

It is base64 text. Decode it.

Save the number. It will be gonna help again.

Flag8: dmm32qvfkfwm6yjnw46k

Task 1-9: Flag9

Same Process. Check the next port.

It is base32.

Flag9: fuf8mx74nph26f69mr97

Task 1-10: Flag10

Now, check port 4003. It seems like butter now ..right? Easy and simple… just go with flow and be ready for try harder level….hahhaha

This is base58 which is also look like base64. Decode base58

Flag10: hud9bm8yc37md5b7t7mn

Task 1-11: Flag11

This is base85 looking like unreadable to us. Decode the base85.

Flag11: 4xm43r2wajrsrbm4775d

Task 1-12: Flag12

port 4005… what do you have?

This is also unreadable and it is base91. Decode it.

Flag12: qtfvbd7gbvyg9gww5jwj

Task 1-13: Flag13

Similar to Flag 1-7, collect all 5 numbers and open new ports using port knocking on port 9999.

According to flag, 5 numbers are

10113 10415 21033 35555 25637

But it is wrong sequence, reverse the order.

25637 35555 21033 10415 10113

Repeat same process, use port 9999 to open new ports.

Something happen. Time to perform a new scan.

$ nmap  -v   -T5   -Pn   -p-6000-6999  <ip_address>

Voilaaa…. Port 6000 is open. Let’s check on this port.

5 more open ports means 5 new flags…

Flag13: aehg24vwn5yyc8jz4tv5

Task 1-14: Flag14

Perform a new scan to identify 5 new ports.

5 new open ports. Let’s dig on each one to find the flags.

Remember something…sounds like pika pika pikachu…yes it is pikachu language. Actually, this is an esolang. Decode it.

Flag14: k2phhw85emq3v4njj5g6

Task 1-15:Flag 15

Let’s check port 6020. What is it say?

This is not simple binary language. This is another esolang which is binaryfuck. Let’s decode it.

Flag15: qtfvbd7gbvyg9gww5jwj

Task 1-16: Flag16

Check port 6030…

This is spoon esolang. Let’s decode it.

Flag16: ckjug6sj88xuajfku72h

Task 1-17: Flag17

Let’s check port 6040…

Looking like brainfuck…but is reversefuck language.

Flag17: x4xhrqx3ywzyx2jmgc5j

Task 1-18: Flag18

port port port hahhaha… it is last port to check 6050.(hope so xD)

This is alphuck language.

Flag18: kr2t9qcgt4ht9h6j5ydp

Task 1-19: Flag19

Collect all the 5 ports? yes…we did. This is port knocking for stage 2.

The sequence is

31031 50010 7968 20010 6100

Use these numbers to open ports in stage 2.

Ports: 31031 50010 7968 20010 6100

So, It was the writeup for stage1. For Stage2 and more, writeup will coming soon. Stay tuned and wait for writeups. Byee byee.