# DefCamp CTF Qualifiers ## EagleEye - Stego \[1 pt] > Do you see it? ![](https://980792987-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Md9Bzo_DCKomMglV10a%2F-MevNRN6L6erhsjaL1os%2F-Mevm3RtsZbyXrQvFmJa%2Fchall.png?alt=media\&token=5e0d531b-4790-4310-90a1-8457e89e9a95) I opened the file in StegSolve and clicking through the Greyscale version showed the flag in the top left corner. ![](https://980792987-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Md9Bzo_DCKomMglV10a%2F-MevNRN6L6erhsjaL1os%2F-Mevm7JxngpyCLUjfyju%2FgreyVersion.png?alt=media\&token=71294cf2-4d75-4612-922a-6491f83950a7) **Flag: DCTF{912c07726142de12943b76a89d40847028330f0a1a0be1ac24503c57242404ab}** ## Robot VS Humans - Web \[1 pt] > Find your flag on this website. Target: As this challenge suggests it is most likely the robots.txt file. We check and that request returned the message `Did you know that robots.txt is not the only .txt file in a website? BTW: I am against humans!` On a hunch, I tried humans.txt which returned `/* TEAM */`\ \ `Your title: RobotsVSHumans`\ \ `Location: Bucharest, Romania`\ \ `/* THANKS */`\ \ `Name: DCTF{1091d2144edbffaf5dd265cb7c93e799c4659eb16ee79735b3bd6e09dd6e791f}` **Flag: DCTF{1091d2144edbffaf5dd265cb7c93e799c4659eb16ee79735b3bd6e09dd6e791f}** ## Multiple Flags - Stego \[1 pt] > Look flags everywhere ![](https://980792987-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Md9Bzo_DCKomMglV10a%2F-MevmMPNHe_gAbOadFq-%2F-Mevp6HejKNemMykKuRc%2Fimage.png?alt=media\&token=ba38c165-eda2-4a98-998b-6fd9c2f740c5) My search history was the first ***man with flag meaning*** to ***signalman letter signs*** to get this beautiful image ![](https://980792987-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Md9Bzo_DCKomMglV10a%2F-MevmMPNHe_gAbOadFq-%2F-MevpVFDw7ET3ppLIB--%2Fimage.png?alt=media\&token=7b8268e0-6325-468c-b4ab-17e18647f3c4) Given this image \ \# # # # # # # > JDCTFSP\ \# # # # # # # > ECIALFL\ \# # # # # # # > AG???JA\ \# # # # # # # > A???JAA\ \# # # # # # # > ???????\ \# # # # # # # > ??JDCTF\ So that is JDCTFSPECIALFLAG???JAA???JAA?????????JDCTF... UM So I am missing something and after doing a reverse image search I found a [Wikipedia article](https://en.wikipedia.org/wiki/Flag_semaphore) that made numbers into the play. With that making more sense it probably also meant that J was a delimiter for letters and not the actual letter. **Flag: DCTFSPECIALFLAG00AA00AA00991337DCTF** ## Message - Misc \[50 pts] > **Description** > > I just typed this secret message.txt with my new encoding algorithm.\ > Author: Lucian Nitescu {% file src="" %} message.txt {% endfile %} **Solution** We look at the file and while scrolling, I have no clue what I am going to do. I found that "qwerty", "asdfg", and "zxcvbn" appeared a lot so I split up the document using those phrases. That left me with 1220 segments.\ Next, I thought about which of those segments are unique which brought me down to 144 unique segments. Printing out the segments I had an "Ahaa" moment and knew exactly where the flag is. I did this through the code below. **Code** ```python f = open("message.txt") line = f.readline() newLine = line.replace("qwerty", "#").replace("asdfg", "#").replace("zxcvbn","#") flagStart = newLine.index("{") flagEnd = newLine.index("}") print(str(flagStart) , str(flagEnd)) print(newLine[flagStart - 100:flagEnd + 20]) splits = newLine.split("#") options = [] for s in splits: if s not in options: options.append(s) print("Letters: " , str(len(splits))) print("Options: " , str(len(options))) print(options) ---------------------------------------------------------- Output: 4058 4338 ghu#wsxcde#xsweftynh#h #rfv#hnbvcxswerf#iuyhnbv#hedcvbgt#xsweftyhn#.# #wsxcfe#htrfvb#hrtyuihn#redcf#{#rfvbhg#6#6#hedcvrf#redcv#hzsefvcx#hxcvbgrd#hgrdxcvb#9#0#zsefvcx#edcvgr#h0#h5#yhnmku#hredcf#h5#wsxcfe#zsefvcx#hwsxcfd#3#3#edcvgr#7#1#grdxcvb#8#htrfvg#7#0#9#3#4#4#0#8#redcf#3#zsefvcx#5#8#4#h7#zsefvcx#h4#hewsxc#5#trfvb#3#h8#edcvgr#qazxds#h7#5#8#h9#h1#rfvbhg#h0#trfvg#h0#wsxcde#3#2#}#wsxcv#rfvbnhyt#mnb Letters: 1220 Options: 144 ['wsxcv', 'hrfvbnhyt', 'mnbvcdrtghu', 'wsxcde', 'hzaqwdrtgb', ' ', 'wsx', 'nbvcxswefr', 'iuyhnbv', 'wsxcvfr', 'hiuyhnbv', 'h ', 'ytrfvcx', 'mnbvccdertg', 'edcvb', 'hefvt', 'hwsxcfe', 'edcvbgt', 'xsweftynh', 'jmyi', 'rtyuihn', 'hrgnygc', 'qazxcdew', 'redcf', 'wertyfv', 'rfvgyhn', 'hwsxcde', 'rfv', 'xsweftgb', 'hxsweftgb', 'cvgred', 'hgrdxcvb', 'xsweftbg', 'hwertyfv', 'efvt', 'edcvrf', 'tgbnhy', 'zaqwdvfr', 'hedc', 'hyhnmku', 'hmnbvcdrtghu', 'h.', 'hrfvbn', 'wsxcvfre', 'hwsx', 'nbvcxswerf', 'xsweftyhn', 'hzsefvcx', 'rfvbhg', 'hedcvrf', 'htgbnhy', 'hrtyuihn', 'edcftgb', 'hzaqwdvfr', "'", 'zsefvcx', 'yhnmku', 'edcvgr', 'wsxcfe', 'hxsweftynh', 'hxsweftyhn', 'wdvtdz', 'wdcft', 'ewsxc', 'h1', '5', '0', 'h0', ',', 'efvgywdcft', 'grdxcvb', 'hwsxcvfr', 'hedcfby', 'hxsweftbg', 'hnbvcxswerf', 'edc', 'edcfby', 'xcvbgrd', 'trfvg', 'redcv', 'qazsce', 'hxcvbgrd', 'wsxcfd', 'hwsxcvfre', 'hwsxdrfv', 'efvgy', 'rfvbn', 'ewsxd', 'hedcvbgt', 'hwsxcv', 'trfvb', 'rfvbnhyt', 'hcvrged', 'cvrged', 'hnbvcxswefr', '1', '9', '6', 'hytrfvcx', 'hefvgywdcft', 'wsxdrfv', 'hqazxcdew', 'hrfv', 'hedcftgb', 'hqazsce', 'hrfvbhg', 'hcvgred', 'wsxdvr', 'hredcvg', '.', 'htrfvb', '{', 'h5', 'hredcf', 'hwsxcfd', '3', '7', '8', 'htrfvg', '4', 'h7', 'h4', 'hewsxc', 'h8', 'qazxds', 'h9', '2', '}', 'hmnbvccdertg', 'zaqwdrtgb', 'hwdvtdz', 'hedcvgr', 'hjmyi', 'hrfvgyhn', "h'", 'h,', 'hwsxdvr', 'redcvg', 'hefvgy', 'hwdcft', 'hredcv', 'hedcvb', 'h6', 'h'] ``` I used that segment and brushed it down to only be the section of the flag. ```python #wsxcfe#htrfvb#hrtyuihn#redcf#{#rfvbhg#6#6#hedcvrf#redcv#hzsefvcx#hxcvbgrd#hgrdxcvb#9#0#zsefvcx#edcvgr#h0#h5#yhnmku#hredcf#h5#wsxcfe#zsefvcx#hwsxcfd#3#3#edcvgr#7#1#grdxcvb#8#htrfvg#7#0#9#3#4#4#0#8#redcf#3#zsefvcx#5#8#4#h7#zsefvcx#h4#hewsxc#5#trfvb#3#h8#edcvgr#qazxds#h7#5#8#h9#h1#rfvbhg#h0#trfvg#h0#wsxcde#3#2#} ``` I was so thrown off until I typed it and noticed that the "rtyuihn" was looking like a "T" on the keyboard. All we did from there was hardcode the phrases in the brackets and you get the flag. By having the flag is a hash, it cut down on time only having to do max of 7 letters. ```python newLine = line.replace("qwerty", "#").replace("asdfgh", "#").replace("zxcvbn","#") letter = ["d","c","t","f", "v", "b", "e" , "c" , "a", "a", "a", "d", "d", "b", "f", "c", "b", "e"] match = ["wsxcfe", "trfvb", "rtyuihn", "redcf","wdcft","rfvbhg","edcvrf", "redcv", "zsefvcx", "grdxcvb", "xcvbgrd", "edcvgr", "yhnmku", "wsxcfd", "trfvg", "ewsxc", "qazxds", "wsxcde"] for i in range(0, len(match)): newLine = newLine.replace(match[i], letter[i]) ``` **Flag: dctf{b66ecaaa90ad05df5dab33d71a8f70934408f3a5847a4c5c38db75891b0f0e32}** ## Broken TV - Misc \[83 pts] \[Not Solved] > Guys, I've asked Google for this flag! But my only monitor is this Broken TV...\ > Target: \ > Author: Lucian Nitescu {% file src="" %} Broken TV {% endfile %} Solution Flag: ## Voices - Stego \[281 pts] \[Not Solved] > Listen. Can you hear the voices? They are there. Somehow. {% file src="" %} voices.wav {% endfile %} Solution Flag: