NahamCON CTF Writeup

5 min readJul 12, 2021

The CTF was in March between 12th and 14th 2021. This repository is included WARMUP, THE MISSION, RECON and MISC questions and answers.

WARMUP

Stay Away Creepy Crawlers

Please follow the rules for this CTF!
https://ctf.nahamcon.com/rules

Check out the source code and the flag is in comment line

flag{90bc54705794a62015369fd8e86e557b}

Sholeas

Do you double-knot your shoelaces? You gotta keep’em tied!
Download shoelaces.jpg

I used CyberChef to analyze the file

flag{137288e960a3ae9b148e8a7db16a69b0}

esab64

Was it a car or a cat I saw?
Download esab64 file.

I changed the file extension as txt and in the file mxWYntnZiVjMxEjY0kDOhZWZ4cjYxIGZwQmY2ATMxEzNlFjNl13X
There is a clue in the question Base64 but when I decoded it ….ÙÙ.XÌÄHØÒ@Î…áÈØÄ..Á .Ø.ÌÄLÍ.XÍ.]× has no meaning but the question is spelling in half backward.
So that I changed it from mxWYntnZiVjMxEjY0kDOhZWZ4cjYxIGZwQmY2ATMxEzNlFjNl13X to X31lNjFlNzExMTA2YmQwZGIxYjc4ZWZhODk0YjExMjViZntnYWxm and then I try to decode as Base64. The answer looked like _}e61e711106bd0db1b78efa894b1125bf{galf then reverse it again

flag{fb5211b498afe87b1bd0db601117e16e}

Chicken Wings

I ordered chicken wings at the local restaurant, but uh… this really isn’t what I was expecting…
Download chicken_wings file.

I changed the file extension as txt and in the file ♐●♋♑❀♏📁🖮🖲📂♍♏⌛🖰♐🖮📂🖰📂🖰🖰♍📁🗏🖮🖰♌📂♍📁♋🗏♌♎♍🖲♏❝
I researched every single charachter to understand the typing and I found these are Wingdings
The I used this dcode website to solve it.

flag{fb5211b498afe87b1bd0db601117e16e}

Pollex

Download the file below.
Download pollex.jpg

When I downloaded and opened it I saw a there is a thumb picture.

I used CyberChef to analyze the file

There are four different file and I focused the jpg extensions.

extracted_at_0x0.jpg has the same file size so that it is the original file.
I download both extracted_at_0x14e.jpg and extracted_at_0x350.jpg file.
There is the answer

flag{65c34a1ec121a286600ddd48fe36bc00}

THE MISSION

The Mission

Enter the flag you find on The Mission page to open the gates and unlock challenges for The Mission. Please note, your participation in “The Mission” serves as permission for us to share your e-mail address with our sponsors, for potential career opportunities and private invitations to vulnerability disclosure and bug bounty programs.
After solving this challenge, you may need to refresh the page to see the newly unlocked challenges.

Check out the source code https://ctf.nahamcon.com/mission and the flag is in comment line

flag{48e117a1464c3202714dc9a350533a59}

Bionic

Thank you for taking on The Mission. You can begin by exploring the CONSTELLATIONS public website, constellations.page.
CONSTELLATIONS has “tried” to reduce their attack surface by offering just a static website. But you might find some low-hanging fruit to get you started.
With the flag of this challenge, you should also find a new URL that will assist in the next challenge.
After solving this challenge, you may need to refresh the page to see the newly unlocked challenges.
https://constellations.page/

Check out https://constellations.page/robots.txt and the flag is there
User-agent: *
Disallow: /meet-the-team.html
flag{33b5240485dda77430d3de22996297a1} # this flag is for Bionic

flag{33b5240485dda77430d3de22996297a1}

Hercules

This is Stage 1 of Path 2 in The Mission. After solving this challenge, you may need to refresh the page to see the newly unlocked challenges.
Use open-source intelligence to track down information on Hercules.
With the flag of this challenge, you should also find details you can use in later challenges.

We knew that there is Constellations Github repositoryand on the People tab there is a one person Gus Rodry.
In the Gus’ repository there is no answer for us but in the follwers there is an another person HerculesScox.
I checked Hercules’ repository and here the answer

flag{5bf9da15002d7ea53cb487f31781ce47}

Gus

This is Stage 1 of Path 4 in The Mission. After solving this challenge, you may need to refresh the page to see the newly unlocked challenges.
Use open-source intelligence to track down information on Gus.
With the flag of this challenge, you should also find details you can use in later challenges.

I was found two people related to Constellations Gus Rodry and HerculesScox. I checked Gus’ repository and here the answer

flag{84d5cc7e162895fa0a5834f1efdd0b32}

RECON

#NahamCon2021

#NahamCon2021 #awesome #cool #winning! Did you know that the hashtag has another much cooler name, called the “octothorp?”
Perform some online reconnaissance to track down a flag for #NahamCon2021!

I checked Behrouz Sadeghipour’s Twitter account @NahamSec

flag{e36bc5a67dd2fe5f33b62123f78fbcef}

Merch Store

Check out our Merch Store! A portion of the proceeds go to support Women in CyberSecurity @WiCySorg!
Perform some online reconnaissance to track down a flag on the merch store!

Check out the source code and the flag is in comment line https://www.nahamcon.com/merch

flag{fafc10617631126361c693a2a3fce5a7}

HackerOne

Thanks to HackerOne for helping sponsor NahamCon! Perform some reconnaissance on their online presence and find a flag you can submit for points :)

In the HackerOne Discord Channel I searched the NahamCon keyword.

I used CyberChef to decode the clue Synt{rr907q188039nr543o81sq237o6o6q0o}

flag{ee907d188039ae543b81fd237b6b6d0b}

MISC

Abyss

A Vortex? No… an Abyss.
Click the Start button on the top-right to start this challenge.
#Password is userpass
ssh -p 32140 user@challenge.nahamcon.com

I run the code in the question after a plenty time there is flag on the screen

flag{db758a0cc25523993416c305ef15f9ad}