1337up CTF writeup- Mirage

Hi Everyone. This time I played 1337up CTF by Intigriti and my team TamilCTF placed 10th in it 😊. Let me show how I solved one of the challenges in it, Mirage - Misc.

Mirage - Miscellaneous

Let’s visit the link and see what they have for us.

While looking it plainly, we can see it’s just a website. let’s look at the page source.

A small part of the page source

While casually reading the page source, I have seen the word ROBOTS hidden in the website, so I thought of checking whether there is a robots.txt file in it and it is there in the website.

robots.txt

So, there are a few directories listed in it. I saved those all in a separate text file.

saved text file from robots.txt

I had a feeling that most of them would be 404’s and rabbit holes so I fired up Burpsuite to use Intruder and brute-force those directories.

the captured request which is send to Intruder

adding the payload position in Intruder

The saved directories are used as payloads to brute-force

Intruder’s result

As we can see, there are certain directories which only gave 200 status codes. Let’s look them one by one.

At first, we are gonna see /flag.txt.

flag.txt

So there are certain characters given as flag. lets use cyberchef too find what it is.

cyberchef result

Of course it is a rabbit hole to troll us 😐. Well, it’s not going to be that easy. Let’s look at the second one /flag1.txt.

flag1.txt

So, they have given some gibberish. If you read the hint, “Rot Rot Everwhere but not a single Rot to see” we know that we should use Caesar Cipher. I use cryptii.com, but use can use any website you prefer.

Caesar cipher result

Another rabbit hole 😑. Let’s see the next one /wordlists.txt.

wordlists.txt

They have given a wordlist saying this will help us later. So, I saved it in a separate file. Now to the last one /ok.txt.

ok.txt

Another hint. In this they have given a directory which is encrypted using Caesar Cipher (/uncclzrny.wct). Let’s use cryptii again.

decoding using cryptii

We have found the plaintext which is happymeal.jpg. Let’s see what is in it.

happymeal.jpg

If you visit the link https://mirage.ctf.intigriti.io/happymeal.jpg this image is shown. Let’s visit /HelpMeOut.txt.

HelpMeOut.txt

Finally 😀. they have given a link to download the flag.zip file. let’s download and extract it.

flag.zip

The zip file is password protected. We need to use the wordlist wordlists.txt to find the password. We are gonna use john to crack the zip file. First let’s make a file which is compatible for john to crack using zip2john and crack the file using wordlists.txt.

cracked password using john

So we have found the password which is Soeasypeasy214. Now use the password to open the flag.txt and BOOM! , we got the flag.

flag.txt 😄

So this is how I solved Mirage challenge. Hope you guys like this blog. Make sure to show your support by applauding and sharing the blog with your fellow hackers and tech geeks. Let’s see you in another blog, until then PEACE OUT ✌️