Justin C. Thomas

The Introduction (100 points) Connect to the service with the provided command. Enter a name and then the hacker manifesto gets slowly written to the terminal. Say yes to the next question and you will be given the flag. Answer: DUCTF{w3lc0m3_70_7h3_duc7f_7hund3rd0m3_h4ck3r} Discord (100 points) Go to the request-support channel on the discord server to find the flag. Answer: DUCTF{if_you_are_having_challenge_issues_come_here_pls} Twitter (100 points) I opened all of the pictures on the Twitter page that had the “DUCTF” Flag Format text in the background.

Table of Contents: Welcome (5 points) Thanks for playing (5 points) Feedback (5 points) Basic (10 points) Bad Developers (10 points) Identifying an Attack (10 points) Expic (15 points) Wait, what! (20 points) Where is this? (40 points) WDigest (50 points) Welcome (5 points) The provided string is encoded in base64. You can use many different tools to decode it. I used the command echo -n UlRMe0g0VkVfRlVOX1BMNFkxTkchfQ== | base64 --decode to get the decoded flag.

Table of Contents: Welcome to UIUCTF'21 (1 point) Join our Discord (1 point) Feedback Survey (1 point) wasmbaby (50 points) phpfuck (50 points) OSINT The Creator (50 points) OSINT The Creator 2 (50 points) CEO (50 points) doot doot (50 points) emote (50 points) buy_buy_buy (57 points) Chaplin’s PR Nightmare - 2 (50 points) Chaplin’s PR Nightmare - 3 (50 points) Chaplin’s PR Nightmare - 4 (50 points) Chaplin’s PR Nightmare - 5 (50 points)

Sanity Check (15 points) The flag is inside of the question description. Answer: ictf{w3lc0m3_t0_1m@g1nary_c7f_2021!} Discord (15 points) The flag is in the discord for the CTF. Answer: ictf{d41ly_ch4lls_0n_d1sc0rd_AND_4_ctf?_epic} Chicken Caesar Salad (50 points) Shift the provided text down by 8 letters to break the cipher. Answer: ictf{wHen_dID_cAEseR_cIphERs_gEt_sO_hARd} Roos_World (50 points) The can be found by checking the console in browser tools. Javascript Code that runs when the page is loaded outputs the flag in the console.

Secret Document (100 points) I used the file command and discovered that the Classified.docx file was actually a pcap capture file. Opening it up in wireshark after changing the extension to .pcap revealed that a pdf file was being transferred via FTP when the packet capture was was running. Following the TCP Stream for the Classified.pdf file and saving the data as “Raw” will give us the pdf file (you have to name the file and add the .

misc/HelloWorld (0 points) Open the text file to find the text synt{j4yp0z3_g0_PGS}. Run the ROT13 cipher decoder on it to get the flag. Answer: flag{w4lc0m3_t0_CTF} misc/Survey (1 point) Complete the end of CTF survey to get the flag. Answer: flag{th4nk5_f0r_c0m1ng} web/Let It Go (105 points) I used the browser inspector to check the HTML for the page and found the flag in the DOM. Answer: flag{l00k5_l1k3_y0u_f1n4lly_l3t_1t_g0} crypto/7 More Caesar Salads (106 points) Run the Caesar cipher decoder on the given cipher text mshn{Dlsjvtl_Av_Jyfwavnyhwof} with a letter shift of 20.

misc/sanity-check (1 point) Just a flag sanity check. Answer: flag{1_l0v3_54n17y_ch3ck_ch4ll5} misc/discord (1 point) Go to their discord and check the “#announcements” channel for the flag. Answer: flag{chall3n63_au7h0r5h1p_1nfl4710n} web/inspect-me (101 points) I found the flag by viewing the page source and searching for the string “flag”. The full flag is commented out in the HTML code. Answer: flag{inspect_me_like_123} misc/compliant-lattice-feline (102 points) Just paste the nc mc.ax 31443 command into a terminal window.