Skip to main content
  1. CTF Writeups/

BackdoorCTF 2024

InfosecIITR’s flagship CTF event

Most of the forensics challenges had to be bruteforced in some manner and were more steganography heavy than is expected, especially for a 24hr ctf. I learnt about 2 common forensics challenges that are the firefox credential logins (firepwd.py) and XORing 2 images, though the challenges here were a level above the standard. Also binwalk works for extracting very small files a .pcap. That’s how I got the key.txt in torrent chal

Looking at writeups I saw something called deepsound exists for .wav steg, and hashcat for password cracking. Apparently hashcat uses “Rulesets” which were mentioned in the boss’s boss chal. The torrent chal had a zip header that I didn’t recognise, that would have helped reconstruct the files.

2024

Torrent Tempest
For Wireshark Torrent Deepsound
reconstruct torrent file then bullshit audio stego
I Like McDonalds
Cry 100pt Hash
hash collision
Cursed Credential
For 100pt Firefox Hashcat
firefox master profile password cracking