This CTF reminds me of the rAWSEC 2023 event. The difficulty isn’t that hard, but you can learn a lot from it, really suitable for beginners like me
Steganography
Shrekanana Banana
I was given this image of Shrek in a Banana, but I can’t help but feel like I am missing something…
This is a steganography challenge, I’ll straight away use this website to solve it https://www.aperisolve.com/
flag bronco{shr3konogr@phy}
Crypto
Keyboard Elitist
My buddy is bragging about how cool his Framework laptop is and how much faster he can type than me.
When I tried to type a message, it came out as garbage!
1 | A;;apfkgij gj;ukd ar ut ghur war a Qwfpgj efjbyaps yk a Cyifmae uk;lg rchfmf maefr ghur iyye iuef dapbadf. Mj tpufks ur sftukugfij a efjbyaps rkyb, ylg hfpf wugh hur mysliap tpamfwype ia;gy;. Rudh, fughfp waj... hfpf ur ghf tiadO bpykcy{qwfpgj_vr_c0ifm@e} |
This is a substitution cypher; you can use this website to decode it: https://planetcalc.com/8047/
Another method is to use the Colemak converter.
flag bronco{qwerty_vs_c0lem@k}
OSINT
Wiki Wiki Wiki
Not much to go off here, but it’s all you need: Wikipedia and 128.125.52.138. The flag is not in the typical format, but wrap it in bronco{} before submitting. You will know when you find it.
This is an OSINT Challenge. My first strategy would be to go to Wikipedia and use the search engine to find out if the IP Address has anything to do with it.
From my observation, it lists the contributors from the same IP Address, so I decided to look at the changes that have been made to the contributor.
If you look at the competitions section, it shows the flag; therefore, by appending the flag to the format given, we got the flag.
flag bronco{cNi76bV2IVERlh97hP}
ACM Borg Members
I am convinced the board members of Santa Clara’s ACM clubs are cyborgs! They are definitely digitally enhanced! ACM Board? More like, ACM-BORG! If only I had a way of proving it.
Alright, by looking at the quotes, I have no clue what’s going on—until the part where it says cyborgs.
Cyborgs might be the clue for the robots.txt file; what is that?
So now we need to find the URLs of Santa Clara’s ACM members and browse its robots.txt file.
https://www.scuacm.com/robots.txt
flag bronco{be3p_b0op_@CM_are_cyb0rgs}
Misc
Countries Unite
“yoshie” sent me a peculiar message. What could he possibly be trying to say?
This challenge is quite easy; just find out the first letter of each country, and then you’ll get the flag
flag bronco{diveristyequityinclusion}
Web
Blue Boy Storage
This blue boy saved something on his home planet but cannot seem to find it. Can you help him?
https://blue.web.broncoctf.xyz
When it comes to web challenges, I usually go straight into the view page source file and find out what script file is attached to the website.
The index-mXi4uzfe.js file seems quite interesting. Therefore, I will examine it and Ctrl+F Bronco.
flag broncoctf{ab4_d3_4ba_d1e_1m_blu3}