My First Experience on CTF

       
           I had a chance of attending my first jeopardy CTF competition on 14th November 2017, conducted by MYGOV India. In this post, I am just going to share my personal experience on that competition. Now Let's get started with the competition scenario.,

          This is a grand exposure for logical thinkers with explicit experience in the fields like cryptography, forensics and web hacking. It's just applying the knowledge we all have on a live scenario.

          I had lots of fields as a part of the challenge, the only thing I had in my mind was to solve one of the best challenge in the list of challenges provided, since that can built my confidence for further competitions.   :)

        Okay , now let's get started with the main part of the challenge. I choose a challenge under Forensics. Which had the maximum points as about 175 points, the topic was on digital forensics and the problem statement given to me was to recover a key from a crashed system recovery file with a mention that the system has crashed just before the user was about to decode the flag. They gave me the download link for the file along with the problem statement. I downloaded the file and stored in my local Linux machine.

        To examine the file of about 180MB, to find bits of encoded flag in it. Then started with evaluating the type of file it is. Where actually I found nothing but I thought that, it's better to start there..

        Then I started digging into the file as much possible, such that the maximum amount of data is recovered. I started my recovery with a general forensics tool foremost and listed the files.,

      Now I am good to go with various strategies, Initially I had no idea about what the flag is? and where the flag is? then I started with the image files(bmp,jpg,png) to get something there, honestly I came to a conclusion that there is definitely nothing there after a sum of 9 hrs in a stretch then followed by the various other file format sequentially. then I came across the .dll files which where completely binary, it was the place where I started realizing that the flag, I am searching for is a "crashed data". And it's of no use to handle it in user's visibility level.
This the place where I started my tracing level to binarys.

      Then I grabbed the flags in the binary level at all the files extracted from the crashed data, that again gave me a long list to go through.
 

That's probably the first time where I really lost my mind and went for a relaxed walk. Then I went back to my terminal and started to skim the entire files and the places where I got hits in the binary matches. At the end of the search I got almost 4 flags ;) that was really cool.

 So I started trying against various common decoding techniques, seeing the first one I thought that it was a base64 but was not. I tried various common decoders nothing decoded it to the original form need. then I thought maybe I missed a flag or went off the route to reach the flag so I went back to the files and started searching for new keywords. That' the best part where I saw this .,

Then I found the final hidden flag by digging further through the files. I saw the various tab in the browser information that is stored before the system was crashed. Since the user about to decode it before the crash these are the most important information gathered . The words that got my interest were "base64" and "hexcode" there I concluded that two decoders are needed to solve this challenge.
Further I tried all possible combinations of them ,But still I never got the solution.
Atlast I found the mysterious key in a .dll file as .,

Seeing this I confirmed that this is a hexcode ,decoding that gave me a base64 encoded value. 

I decoded it to get the solution.

So I ended up with this solution.

Happy challenging  :)