EKOPARTY CTF 2022

https://ctftime.org/event/1790



CHALL’S

CategoryChallenge
GITHUBClassroom
OSINTSquare
OSINTYankee
METAVERSEIntro
BLOCKCHAINSecrets
BLOCKCHAINCall

Classroom



This challenge category is GITHUB, it the first chall is called Classroom we given a link https://github.com/Octoversity-Admissions/Admissions-Test

All we need to do is accessed the repository that has file called intro.py we need to run that then you got the output like this



I assume that’s a link, there’s a random number, I thought it’s Hexadecimal value, and it’s right, I decoded that Hexadecimal value using AsciiToHex Tools we got output like this,



Yeahh.. we got the output, now we have to assembled the link

https://classroom.github.com/assignment-invitations/25a94104e34a852f3af0a8a53d734fad

after we entered the link, we need to authenticate to Github account agreement to entered Github Classroom,



Look, now we have to entered that link



We got the first flag now 😎

Flag: EKO{s3cur1ty_thru_0bscur1ty}



Square



This osint challenge we given an image square.png we have to identify the name of the monument



Arround the statue it has a building, we need find that building using Google Lens



That’s building Hotel name is Hotel Agualongo, aight now find that hotel on Google Maps



After you look around the hotel, you have to specify the coordinate of that Monument, I got this coordinate POV using Google Maps, so the main square name is Plaza de Narino

Then I just search on Google by using keyword “plaza de narino statue monument” then I got the statue person name, which is Antonio Narino.

When I trying to submit the Flag, I got the wrong submitted flag,

The flag format should be correct, but it was wrong, it turns out that the original name of the person from the monument must match the alphabet,



There’s wrong with n alphabet in Spanish it should be ñ now let’s go ahead and try submit that,



So the spanish person name of that statue monument for flag is antonio nariño, the flag is correct now,

Flag: EKO{antonio_nariño}


Yankee



We are given a challenge like this, basically we are told to seek DNI from a girl (her) and that person commits a case of counterfeiting tickets for a Daddy Yankee concert, the woman is still 18 years old, and we have to identify to get a DNI (Documento Nasiconal Identidad)



I want to know that person, so I search on Google by keyword “Daddy Yankee fake ticket”, and it turns out that the person who faked the ticket was a girl named Pamela Cabanillas.

Then I just search for her DNI on google, and I found a twitter page that discussing about this person, there is a picture of that person’s DNI, then I visited this twitter https://twitter.com/lachill721/status/1582889263233871872



The twitter account replies to his own post, and attaches a photo that looks like this and then there is a DNI information, which is 72266384, and that’s the flag.



Flag: EKO{72266384}



Intro



Idk but, is Metaverse a new category of ctf ? We given a challenge called Intro that has link into website,

Welcome to the EKOVERSE!



It just show blank page without any informations

First thing first, the most common thing that every IT person does is identify the source of the web by Inspecting the elements of the website, it will look like this,



I just identifying to other informations, but Hmm.. sus 🤔🧐 there are same .png file https://uploads-prod.reticulum.io/files/18fc3e04-89ea-4bdd-b669-96824311ca18.png



And that was a flag



Flag: EKO{v3rs3}



Secrets



We are given a challenge with the BLOCKCHAIN category called Secrets, and given the address of the Ethereum blockchain transaction, which is contract 0x5af2ca84205681B278ee3552dFB8AeBeE49610F9

I know it’s Ropsten Ethereum, which is an Ethereum test network that allows blockchain development testing before being placed on the Mainnet



I tried to access a website that contains transactions, addresses, tokens and other activities on https://ropsten.etherscan.io/




Then on this website I look for transaction information and then I enter the address that has been given, https://blockscan.com/address/0x5af2ca84205681B278ee3552dFB8AeBeE49610F9



The search results show 3 transactions, I tried to open detailed information on successful transactions. There is some information about the transaction in the form of Transaction hash, status, block timestamp, etc. Here, it can be seen in the transaction that there is a contract address as given in this challenge



In the data input menu, there is bytecode that originally appeared as follows, View Input As → Default View



If I change View Input As to UTF-8 Format here, We can see the Flag:



Flag: EKO{N3v3r_P0sT_s3cr3ts!}


Call



We are given a challenge in the form of address 0xb8101db8 or can be called a 4-byte signature of ETH function, which if we decode the address is the name of the function

I try to search on Google the 4-byte signature of the ETH function, and there will be a relevant website, one of the websites used to decode the function address is, https://www.4byte.directory/



I try to use the tools from the web, then search with the address given in this challenge, the following is the result of the decoding, the name of the function is, isKnownCallToEkoparty()



The flag format is just a function name, without () parentheses.

Flag: EKO{isKnownCallToEkoparty}