# DefCamp CTF Qualifiers ## EagleEye - Stego \[1 pt] > Do you see it? ![](/files/-Mevm3RtsZbyXrQvFmJa) I opened the file in StegSolve and clicking through the Greyscale version showed the flag in the top left corner. ![](/files/-Mevm7JxngpyCLUjfyju) **Flag: DCTF{912c07726142de12943b76a89d40847028330f0a1a0be1ac24503c57242404ab}** ## Robot VS Humans - Web \[1 pt] > Find your flag on this website. Target: As this challenge suggests it is most likely the robots.txt file. We check and that request returned the message `Did you know that robots.txt is not the only .txt file in a website? BTW: I am against humans!` On a hunch, I tried humans.txt which returned `/* TEAM */`\ \ `Your title: RobotsVSHumans`\ \ `Location: Bucharest, Romania`\ \ `/* THANKS */`\ \ `Name: DCTF{1091d2144edbffaf5dd265cb7c93e799c4659eb16ee79735b3bd6e09dd6e791f}` **Flag: DCTF{1091d2144edbffaf5dd265cb7c93e799c4659eb16ee79735b3bd6e09dd6e791f}** ## Multiple Flags - Stego \[1 pt] > Look flags everywhere ![](/files/-Mevp6HejKNemMykKuRc) My search history was the first ***man with flag meaning*** to ***signalman letter signs*** to get this beautiful image ![](/files/-MevpVFDw7ET3ppLIB--) Given this image \ \# # # # # # # > JDCTFSP\ \# # # # # # # > ECIALFL\ \# # # # # # # > AG???JA\ \# # # # # # # > A???JAA\ \# # # # # # # > ???????\ \# # # # # # # > ??JDCTF\ So that is JDCTFSPECIALFLAG???JAA???JAA?????????JDCTF... UM So I am missing something and after doing a reverse image search I found a [Wikipedia article](https://en.wikipedia.org/wiki/Flag_semaphore) that made numbers into the play. With that making more sense it probably also meant that J was a delimiter for letters and not the actual letter. **Flag: DCTFSPECIALFLAG00AA00AA00991337DCTF** ## Message - Misc \[50 pts] > **Description** > > I just typed this secret message.txt with my new encoding algorithm.\ > Author: Lucian Nitescu {% file src="/files/-MdsrftsU3fav89EF2On" %} message.txt {% endfile %} **Solution** We look at the file and while scrolling, I have no clue what I am going to do. I found that "qwerty", "asdfg", and "zxcvbn" appeared a lot so I split up the document using those phrases. That left me with 1220 segments.\ Next, I thought about which of those segments are unique which brought me down to 144 unique segments. Printing out the segments I had an "Ahaa" moment and knew exactly where the flag is. I did this through the code below. **Code** ```python f = open("message.txt") line = f.readline() newLine = line.replace("qwerty", "#").replace("asdfg", "#").replace("zxcvbn","#") flagStart = newLine.index("{") flagEnd = newLine.index("}") print(str(flagStart) , str(flagEnd)) print(newLine[flagStart - 100:flagEnd + 20]) splits = newLine.split("#") options = [] for s in splits: if s not in options: options.append(s) print("Letters: " , str(len(splits))) print("Options: " , str(len(options))) print(options) ---------------------------------------------------------- Output: 4058 4338 ghu#wsxcde#xsweftynh#h #rfv#hnbvcxswerf#iuyhnbv#hedcvbgt#xsweftyhn#.# #wsxcfe#htrfvb#hrtyuihn#redcf#{#rfvbhg#6#6#hedcvrf#redcv#hzsefvcx#hxcvbgrd#hgrdxcvb#9#0#zsefvcx#edcvgr#h0#h5#yhnmku#hredcf#h5#wsxcfe#zsefvcx#hwsxcfd#3#3#edcvgr#7#1#grdxcvb#8#htrfvg#7#0#9#3#4#4#0#8#redcf#3#zsefvcx#5#8#4#h7#zsefvcx#h4#hewsxc#5#trfvb#3#h8#edcvgr#qazxds#h7#5#8#h9#h1#rfvbhg#h0#trfvg#h0#wsxcde#3#2#}#wsxcv#rfvbnhyt#mnb Letters: 1220 Options: 144 ['wsxcv', 'hrfvbnhyt', 'mnbvcdrtghu', 'wsxcde', 'hzaqwdrtgb', ' ', 'wsx', 'nbvcxswefr', 'iuyhnbv', 'wsxcvfr', 'hiuyhnbv', 'h ', 'ytrfvcx', 'mnbvccdertg', 'edcvb', 'hefvt', 'hwsxcfe', 'edcvbgt', 'xsweftynh', 'jmyi', 'rtyuihn', 'hrgnygc', 'qazxcdew', 'redcf', 'wertyfv', 'rfvgyhn', 'hwsxcde', 'rfv', 'xsweftgb', 'hxsweftgb', 'cvgred', 'hgrdxcvb', 'xsweftbg', 'hwertyfv', 'efvt', 'edcvrf', 'tgbnhy', 'zaqwdvfr', 'hedc', 'hyhnmku', 'hmnbvcdrtghu', 'h.', 'hrfvbn', 'wsxcvfre', 'hwsx', 'nbvcxswerf', 'xsweftyhn', 'hzsefvcx', 'rfvbhg', 'hedcvrf', 'htgbnhy', 'hrtyuihn', 'edcftgb', 'hzaqwdvfr', "'", 'zsefvcx', 'yhnmku', 'edcvgr', 'wsxcfe', 'hxsweftynh', 'hxsweftyhn', 'wdvtdz', 'wdcft', 'ewsxc', 'h1', '5', '0', 'h0', ',', 'efvgywdcft', 'grdxcvb', 'hwsxcvfr', 'hedcfby', 'hxsweftbg', 'hnbvcxswerf', 'edc', 'edcfby', 'xcvbgrd', 'trfvg', 'redcv', 'qazsce', 'hxcvbgrd', 'wsxcfd', 'hwsxcvfre', 'hwsxdrfv', 'efvgy', 'rfvbn', 'ewsxd', 'hedcvbgt', 'hwsxcv', 'trfvb', 'rfvbnhyt', 'hcvrged', 'cvrged', 'hnbvcxswefr', '1', '9', '6', 'hytrfvcx', 'hefvgywdcft', 'wsxdrfv', 'hqazxcdew', 'hrfv', 'hedcftgb', 'hqazsce', 'hrfvbhg', 'hcvgred', 'wsxdvr', 'hredcvg', '.', 'htrfvb', '{', 'h5', 'hredcf', 'hwsxcfd', '3', '7', '8', 'htrfvg', '4', 'h7', 'h4', 'hewsxc', 'h8', 'qazxds', 'h9', '2', '}', 'hmnbvccdertg', 'zaqwdrtgb', 'hwdvtdz', 'hedcvgr', 'hjmyi', 'hrfvgyhn', "h'", 'h,', 'hwsxdvr', 'redcvg', 'hefvgy', 'hwdcft', 'hredcv', 'hedcvb', 'h6', 'h'] ``` I used that segment and brushed it down to only be the section of the flag. ```python #wsxcfe#htrfvb#hrtyuihn#redcf#{#rfvbhg#6#6#hedcvrf#redcv#hzsefvcx#hxcvbgrd#hgrdxcvb#9#0#zsefvcx#edcvgr#h0#h5#yhnmku#hredcf#h5#wsxcfe#zsefvcx#hwsxcfd#3#3#edcvgr#7#1#grdxcvb#8#htrfvg#7#0#9#3#4#4#0#8#redcf#3#zsefvcx#5#8#4#h7#zsefvcx#h4#hewsxc#5#trfvb#3#h8#edcvgr#qazxds#h7#5#8#h9#h1#rfvbhg#h0#trfvg#h0#wsxcde#3#2#} ``` I was so thrown off until I typed it and noticed that the "rtyuihn" was looking like a "T" on the keyboard. All we did from there was hardcode the phrases in the brackets and you get the flag. By having the flag is a hash, it cut down on time only having to do max of 7 letters. ```python newLine = line.replace("qwerty", "#").replace("asdfgh", "#").replace("zxcvbn","#") letter = ["d","c","t","f", "v", "b", "e" , "c" , "a", "a", "a", "d", "d", "b", "f", "c", "b", "e"] match = ["wsxcfe", "trfvb", "rtyuihn", "redcf","wdcft","rfvbhg","edcvrf", "redcv", "zsefvcx", "grdxcvb", "xcvbgrd", "edcvgr", "yhnmku", "wsxcfd", "trfvg", "ewsxc", "qazxds", "wsxcde"] for i in range(0, len(match)): newLine = newLine.replace(match[i], letter[i]) ``` **Flag: dctf{b66ecaaa90ad05df5dab33d71a8f70934408f3a5847a4c5c38db75891b0f0e32}** ## Broken TV - Misc \[83 pts] \[Not Solved] > Guys, I've asked Google for this flag! But my only monitor is this Broken TV...\ > Target: \ > Author: Lucian Nitescu {% file src="/files/-MdstFkZzItnpjia7vZX" %} Broken TV {% endfile %} Solution Flag: ## Voices - Stego \[281 pts] \[Not Solved] > Listen. Can you hear the voices? They are there. Somehow. {% file src="/files/-MdssXWSnXBTMd7RxbJQ" %} voices.wav {% endfile %} Solution Flag: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://codingmace.gitbook.io/masterward/ctf/2018/defcamp-2018.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.