Houseplant CTF 2020

Houseplant CTF is a Capture The Flag event made by RiceTeaCatPanda developers.

CTF Link: https://houseplant.riceteacatpanda.wtf/

Flag Format: rtcp{.*}

This was a fun beginner-friendly Jeopardy based Capture the Flag event. Me(@gk2savage) and my TEAM had very much fun playing it and spent some solid hours on this.

I have only posted writeups of the challenges that i did myself so you won’t find every challenge solved here. Obviously I played it for prizes lol 🤣

🍚 wholesome ctf intensifies 🍚

Beginners

Beginner 1

Solution:

“cnRjcHt5b3VyZV92ZXJ5X3dlbGNvbWV9” is a Base64 String so decode it with Base64 decoder.

Flag : rtcp{youre_very_welcome}

Beginner 2

Solution:

“72 74 63 70 7b 62 6f 62 5f 79 6f 75 5f 73 75 63 6b 5f 61 74 5f 62 65 69 6e 67 5f 65 6e 63 6f 75 72 61 67 69 6e 67 7d”

Convert this Hex to ASCII with “HEX to ASCII” decoder.

Flag : rtcp{bob_you_suck_at_being_encouraging}

Beginner 3

Solution:

“162 164 143 160 173 163 165 145 137 155 145 137 151 137 144 151 144 156 164 137 153 156 157 167 137 167 150 141 164 137 157 143 164 141 154 137 167 141 163 137 157 153 141 171 77 41 175”

Convert this Octal String to ASCII

Flag : rtcp{sue_me_i_didnt_know_what_octal_was_okay?!}

Beginner 4

Solution:

“egpc{lnyy_orggre_cnegvpvcngr}”

This is a Caesar Cipher with 13 Shift or also known as “ROT13”

Flag : rtcp{yall_better_participate}

Beginner 5

Solution:

”– .- -. -.– ..–.- -… . . .–. … ..–.- .- -. -.. ..–.- -… — — .–. …”

This is a Morse Code. Decode it with an Online Decoder.

Flag : rtcp{many_beeps_and_boops}

Beginner 6

Solution:

“26 26 26 26 26 26 26 26 19 12 5 5 16 9 14 7 9 14 16 8 25 19 9 3 19”

This is an A1Z26 Cipher which is very simple direct substitution cipher, where each alphabet letter is replaced by its number in the alphabet.

Flag : rtcp{zzzzzzzzsleepinginphysics}

Beginner 7

Solution:

“igxk{fmovhh_gsvb_ziv_nvzm}”

This is an Atbash cipher which is a substitution cipher with a specific key where the letters of the alphabet are reversed. i.e. all ‘A’s are replaced with ‘Z’s, all ‘B’s are replaced with ‘Y’s, and so on.

Flag : rtcp{unless_they_are_mean}

Beginner 8

Solution:

“00110 01110 00100 00000 10011 00101 01110 01110 00011 00011 01110 01101 10011 10010 10011 00000 10001 10101 00100”

This is a Bacon cipher which is a biliteral substitution alphabet which replace a character with a group of 5 formed with two letters, generally A and B.

So we convert all the 0’s to A’s and 1’s to B’s. And then we will decode this Bacon Cipher.

“AABBA ABBBA AABAA AAAAA BAABB AABAB ABBBA ABBBA AAABB AAABB ABBBA ABBAB BAABB BAABA BAABB AAAAA BAAAB BABAB AABAA”

Flag : rtcp{GOEATFOODDONTSTARVE}

Beginner 9

Solution:

This time we get a file named “Beginner 10.txt”. It actually consists of all the challenges we done before.

As the hint says, we go to cyberchef to cook our recipe to decode this.

Flag : rtcp{nineornone}

Crypto

CH₃COOH

Solution:

This is a Vigenère cipher which can be decoded with a key. As the hint suggests, the key is short so we can try bruteforcing it with an online decoder.

We get the key “tony” for the cipher. Decode it to get the flag.

Flag : rtcp{vinegar_on_my_fish_and_chips_please}

“fences are cool unless they’re taller than you” - tida

Solution:

As the name suggest, This is a Rail Fence Cipher (also called zigzag cipher) which is a form of transposition cipher

With Rails: 3 and Offset: 3, we can get our flag.

Flag : rtcp{ask_tida_about_rice_washing}

Broken Yolks

Solution:

“smdrcboirlreaefd”

This ciphertext is scrambled. Upon trying online decoders, found that words that are related to the question and made sense for it were “descrambler”, “descrambled”, “scrambled”, “fried” etc.

Tried different flags until finally found the one.

Flag : rtcp{scrambled_or_fried}

Sizzle

Solution:

Download the “encoded.txt” and you will find Morse Code written in it. But if we try to decode it, we get nothing meaningful.

As the challenge suggests, it looks like a Bacon Cipher as all the morse codes are in group of 5. So we change all the “.”s to “A”s and “-“s to “B”s

If we try decoding it with a bacon cipher now, we will get the flag.

We will wrap the flag with rtcp{}, use all lowercase, and separate words with underscores.

Flag : rtcp{bacon_but_grilled_and_morsified}

Parasite

Solution:

This was a lovely challenge. As you can see in the description, some letters are capitalised. We get “SKATS” from it, and searching it we get that SKATS stands for Standard Korean Alphabet Transliteration System.

Also the name “Parasite” comes from Oscar-winning 2019 South Korean black comedy thriller film and the challenge has resemblance to the plot of the story. NICE:)

First we convert the Morse Code to ASCII. The ASCII is then converted to Hangul with the SKATS table relating the corresponding parts.

Convert the Hangul to English with Google Translater. You may have to remove some Hangul letters from the end as they don’t convert into English unless they make sense.

It also signifies the fact that those last Hangul letters are symbolising ‘Parasite’ as they don’t let you see the flag until you remove them.

“ㅎㅡㅣㅁㅏㅇㅇㅡㄴㅈㅣㄴㅈㅓㅇㅎㅏㄴㄱㅣㅅㅐㅇㅊㅜㅇㅇ” is converted to “Hope is a true parasite”

Flag : rtcp{Hope_is_a_true_parasite}

Rainbow Vomit

Solution:

Download the “output.png” and as the hints tell us, this is “Hexahue” invented by Josh Cramer.

To manually do the challenge is very time-consuming, but upon closer inspection, all the 6 (2x3) blocks represent an alphabet, number or commas.

In the end line, we can see that lot of hexahue blocks are stacked together meaning our flag might be at the end. Only trying the last line, we get “s one rtcp should,fl5g4,b3,st1cky,or,n0t” which is the flag.

Flag : rtcp{should,fl5g4,b3,st1cky,or,n0t}

Forensics

Neko Hero

Solution:

Download the “advertisement.png” file and check it.

Open the image with “stegsolve.jar” and check “Green Plane 0”. You will find the another hidden image with flag.

Flag : rtcp{s4ve_@LL_7h3m_c4tG1Rl$}

Misc

Rules

Solution:

It says “Please read the rules.” so that’s we are going to do.

Flag : rtcp{this_is_not_a_flag_i_think}

Spilled Milk

Solution:

Download the “spilled_milk.png” file and check it.

It is a total white image until you check it with “stegsolve.jar”.

Flag : rtcp{Th4nk$_f0r_h3LP1nG!}

Zip-a-Dee-Doo-Dah

Solution:

Download the passwords file given in hint.

SecLists/Passwords/xato-net-10-million-passwords-100.txt

The file “1819.gz” is zipped too many times and we need to make a script for it. Also upon somewhat manual extraction and experimentation, i found that:

1. The file is zipped continously in .tar , .gz and .zip format.

2. Only .zip files has password on it, which need to be cracked with the above password wordlist.

So I made a little handy “bash” script for it. (pass is the wordlist above)