# Kashi CTF

| Challenge | Category | Status | | -------------------------------------------------------------------------------------------------------- | ------------ | -------- | | [Corporate Life 1](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/kashi-ctf#corporate-life-1) | Web | Solved | | [Corporate Life 2](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/kashi-ctf#corporate-life-2) | Web | Solved | | [SuperFastAPI](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/kashi-ctf#superfastapi) | Web | Solved | | [Lost Frequencies](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/kashi-ctf#lost-frequencies) | Cryptography | Solved | | [Key Exchange](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/kashi-ctf#key-exchange) | Cryptography | Solved | | [Easy Jail 1](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/kashi-ctf#easy-jail-1) | Misc | Solved | | [Restaurant](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/kashi-ctf#restaurant) | Forensics | Upsolved | For Pwn, Rev and more Misc checkout my teammate writeup : *** {% stepper %} {% step %} ## Corporate Life 1 > The Request Management App is used to view all pending requests for each user. It’s a pretty basic website, though I heard they were working on something new. > > Anyway, did you know that one of the disgruntled employees shared some company secrets on the Requests Management App, but it's status was set *denied* before I could see it. Please find out what it was and spill the tea!

starting off the challenge we were greeted by a weird app that gave us pending data in the challenge description we were told that there was an employee that shared some company secrets on the request management app and the `status` was set to *denied* this will be very helpful in the future ### enumeration when we check the network of the web page we can see lots of interesting files {% code overflow="wrap" %} ```javascript self.BUILD_MANIFEST=function(e,r,s){return{rewrites:{afterFiles:[],beforeFiles:[],fallback:[]},routerFilterStatic:{numItems:0,errorRate:1e-4,numBits:0,numHashes:null,bitArray:[]},routerFilterDynamic:{numItems:0,errorRate:1e-4,numBits:e,numHashes:null,bitArray:[]},"/":["static/chunks/pages/index-6413244cd5618b98.js"],"/_error":["static/chunks/pages/_error-fde50cb7f1ab27e0.js"],"/v2-testing":["static/chunks/pages/v2-testing-fb612b495bb99203.js"],sortedPages:["/","/_app","/_error","/v2-testing"]}}(0,0,0),self.BUILD_MANIFEST_CB&&self.BUILD_MANIFEST_CB(); ``` {% endcode %} in the code above there is an interesting endpoint called /v2-testing {% code overflow="wrap" %} ```javascript (self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[415],{3906:(e,t,s)=>{(window.__NEXT_P=window.__NEXT_P||[]).push(["/v2-testing",function(){return s(4708)}])},4708:(e,t,s)=>{"use strict";s.r(t),s.d(t,{default:()=>l});var a=s(4848),r=s(6540);function l(){let[e,t]=(0,r.useState)("All"),[s,l]=(0,r.useState)(""),[n,i]=(0,r.useState)([]);async function x(){let t="All"===e?"":e,a=s?{name:s}:{filter:t},r=await fetch("/api/list-v2",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(a)});i(await r.json())}return(0,r.useEffect)(()=>{x()},[e,s]),(0,a.jsx)("div",{className:"min-h-screen bg-gray-50 p-8",children:(0,a.jsxs)("div",{className:"max-w-4xl mx-auto",children:[(0,a.jsx)("h1",{className:"text-3xl font-bold text-center mb-6 text-blue-600",children:"Pending Tasks List"}),(0,a.jsx)("p",{className:"text-red-500 font-mono text-sm my-2",children:"Notice: The v2 is currently being tested and is not yet ready for production use. Please report any issues to the development team."}),(0,a.jsx)("div",{className:"flex space-x-4 mb-4",children:["All","Finance","IT","Legal","Engineering","Operations","Compliance","HR","Executive"].map(s=>(0,a.jsx)("button",{onClick:()=>t(s),className:"px-4 py-2 font-mono text-sm rounded ".concat(e===s?"bg-blue-700 text-white":"bg-gray-200 text-gray-700 hover:bg-gray-300"),children:s},s))}),(0,a.jsx)("div",{className:"mb-6",children:(0,a.jsx)("input",{type:"text",value:s,onChange:e=>l(e.target.value),placeholder:"Search employee name",className:"w-full font-mono text-sm border-2 border-gray-300 p-3 rounded bg-white text-gray-900"})}),(0,a.jsxs)("div",{className:"bg-white rounded-lg shadow-md overflow-hidden",children:[(0,a.jsxs)("table",{className:"min-w-full divide-y divide-gray-200",children:[(0,a.jsx)("thead",{children:(0,a.jsxs)("tr",{children:[(0,a.jsx)("th",{className:"px-2 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider",children:"Employee Name"}),(0,a.jsx)("th",{className:"px-2 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider",children:"Request Details"}),(0,a.jsx)("th",{className:"px-2 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider",children:"Status"}),(0,a.jsx)("th",{className:"px-2 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider",children:"Department"}),(0,a.jsx)("th",{className:"px-2 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider",children:"Role"}),(0,a.jsx)("th",{className:"px-2 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider",children:"Email"})]})}),(0,a.jsx)("tbody",{className:"bg-white divide-y divide-gray-200",children:n.map((e,t)=>(0,a.jsxs)("tr",{children:[(0,a.jsx)("td",{className:"px-2 py-2 text-sm text-gray-700",children:e.employee_name}),(0,a.jsx)("td",{className:"px-2 py-2 text-sm text-gray-700",children:e.request_detail}),(0,a.jsx)("td",{className:"px-2 py-2 text-sm text-gray-700",children:e.status}),(0,a.jsx)("td",{className:"px-2 py-2 text-sm text-gray-700",children:e.department}),(0,a.jsx)("td",{className:"px-2 py-2 text-sm text-gray-700",children:e.role}),(0,a.jsx)("td",{className:"px-2 py-2 text-sm text-gray-700",children:e.email})]},t))})]}),0===n.length&&(0,a.jsx)("p",{className:"mt-4 text-center text-gray-500",children:"No results to display."})]})]})})}}},e=>{var t=t=>e(e.s=t);e.O(0,[636,593,792],()=>t(3906)),_N_E=e.O()}]); ``` {% endcode %} from the code above we learnt how the /v2-testing endpoint works by doing a POST request into the /api-v2 and we can filter data from the request this makes sql injections a possibility in the web app

this is an example of filtering the department of the api

if we try to make an error as you can see the error message said error databse communication this is interesting

i tried doing injections in the name but im not sure if its vulnerable now i tried the other data in the filter part as you can see when we tried to do it' OR '1'='1 it actually works and theres nothing wrong this means that we found an sqli knowing that we can try to get the flag by giving the status denied

and look at that we actually found the flag

{% endstep %} {% step %} ## Corporate Life 2 > The disgruntled employee also stashed some company secrets deep within the database, can you find them out? this is the second part of the corporate life challenge and its saying about a new secret that the employee saved deep within the database this means we have to try access the database more the first thing i did was try to find how any columns were used

we can use UNION to try and select the columns after using 7 it will give an error this makes us knkow the total of column used and we can continue to gain data now i want to know which sql is the server using

when using sqlite\_version() the server actually returned the sql version that they are using this means we found what sql the server is using after searching about sqlire sqli i found this github that is really helpful at solving the challenge {% embed url="" %}

and i selected sql from the sqlite\_schema to gain more information about the database and i found an interesting table called flags which had a secret\_flag knowing this we can just select the flag from the table

and we can just combine the parts of the flag to get the flag ``` KashiCTF{b0r1ng_old_c0rp0_l1f3_am_1_r1gh7_WHjIa3tZ} ``` {% endstep %} {% step %} ## SuperFastAPI > Made my verty first API! > > However I have to still integrate it with a frontend so can't do much at this point lol.

starting off the challenge we were greeted by a weird flag we can try to find other endpoints and found out theres an endpoint called /docs after getting that info i immediately went to that endpoint

well this is interesting a place to access the apis i created a user called test and then tried to get the flag but the website said only admins can get the flag

so i tried creating updating my user and giving it the role admin unexpectedly it actually worked then i tried to get the flag again

and as easy as that we solved all the web challenges {% endstep %} {% step %} ## Lost Frequencies > Zeroes, ones, dots and dashes\ > Data streams in bright flashes > > `111 0000 10 111 1000 00 10 01 010 1011 11 111 010 000 0` > > **NOTE**: Wrap the capitalized flag in KashiCTF{} from the chall desc we can already expect that this is a morse code by zeroes -> dots and ones -> dashes ```python flag = "111 0000 10 111 1000 00 10 01 010 1011 11 111 010 000 0" new = "" for i in flag: if i == '1': new += "-" elif i == '0': new += "." else: new += " " print(new) ``` the code above will do just that

and then a simple cyber chef and we got the flag KashiCTF{OHNOBINARYMORSE} {% endstep %} {% step %} ## Key Exchange {% code overflow="wrap" %} ````python ``` from redacted import EllipticCurve, FLAG, EXIT from Crypto.Cipher import AES from Crypto.Util.Padding import pad import hashlib import random import json import os def encrypt_flag(shared_secret: int): sha1 = hashlib.sha1() sha1.update(str(shared_secret).encode("ascii")) key = sha1.digest()[:16] iv = os.urandom(16) cipher = AES.new(key, AES.MODE_CBC, iv) ciphertext = cipher.encrypt(pad(FLAG, 16)) data = {} data["iv"] = iv.hex() data["ciphertext"] = ciphertext.hex() return json.dumps(data) #Curve Parameters (NIST P-384) p = 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 a = -3 b = 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 E = EllipticCurve(p,a,b) G = E.point(26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087,8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871) n_A = random.randint(2, p-1) P_A = n_A * G print(f"\nReceived from Weierstrass:") print(f" Here are the curve parameters (NIST P-384)") print(f" {p = }") print(f" {a = }") print(f" {b = }") print(f" And my Public Key: {P_A}") print(f"\nSend to Weierstrass:") P_B_x = int(input(" Public Key x-coord: ")) P_B_y = int(input(" Public Key y-coord: ")) try: P_B = E.point(P_B_x, P_B_y) except: EXIT() S = n_A * P_B print(f"\nReceived from Weierstrass:") print(f" Message: {encrypt_flag(S.x)}") ``` ```` {% endcode %} the code elliptic curve cryptography and AES encryption the goal of the challenge is to exchange keys using ECC and then encrypt the flag using AES with a key derived from the shared secret then we can decrypt the flag the curve follows the equation y^2= x^3 + ax + b (mod p) the server generates a random private key called n\_A creates a public key P\_A using the base point G this public key will be shared and we are going to provide our public key coordinates (P\_B\_x, P\_B\_y) and the server will take it once our public key is accepted the server calculates a shared secret S by multiplying its private key n\_A with the our public key P\_B the shared secret x-coordinate S.x will be used in the next steps for encryption. the shared secret x-coordinate is hashed using the SHA-1 algorithm AES in CBC mode is then used to encrypt the flag with a random IV then we will get the encrypted flag and the IV after the server makes it after that we can solve the challenge and get the flag {% code overflow="wrap" %} ```python # solver import socket import random from hashlib import sha1 from Crypto.Cipher import AES from Crypto.Util.Padding import unpad from ecdsa import NIST384p, SigningKey, VerifyingKey from ecdsa.ellipticcurve import Point import json import re HOST = 'kashictf.iitbhucybersec.in' PORT = 64697 with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: s.connect((HOST, PORT)) received = s.recv(1024).decode() print("Received from server:") print(received) sk = SigningKey.generate(curve=NIST384p) vk = sk.verifying_key P_B_x = vk.pubkey.point.x() P_B_y = vk.pubkey.point.y() s.sendall(f"{P_B_x}\n".encode()) s.sendall(f"{P_B_y}\n".encode()) print(f"Sent Public Key x-coord: {P_B_x}") print(f"Sent Public Key y-coord: {P_B_y}") data = "" while True: part = s.recv(1024).decode() if not part: break data += part print("Full response from server:") print(data) if "Message: " in data: encrypted_data = data.split("Message: ")[1] data = json.loads(encrypted_data) iv = bytes.fromhex(data["iv"]) ciphertext = bytes.fromhex(data["ciphertext"]) P_A_x = int(re.search(r"$(\d+),", received).group(1)) P_A_y = int(re.search(r",(\d+)$", received).group(1)) P_A = Point(vk.curve.curve, P_A_x, P_A_y) S = sk.privkey.secret_multiplier * P_A shared_secret = S.x() sha1_hash = sha1() sha1_hash.update(str(shared_secret).encode("ascii")) key = sha1_hash.digest()[:16] cipher = AES.new(key, AES.MODE_CBC, iv) plaintext = unpad(cipher.decrypt(ciphertext), 16) print("Decrypted flag:", plaintext.decode()) else: print("Error: 'Message: ' line not found in the server's response.") print(f"IV: {iv.hex()}") print(f"Ciphertext: {ciphertext.hex()}") ``` {% endcode %} first we can connect to the netcat using socket then we will get the server data and put it in the received variable then we can generate our own ECC private key using the SigningKey.generate() then our public key will be derived from our private key and the coordinates of P\_B\_x and P\_B\_y are extracted then we are going to send the public key to ther server to initiate the process of sharing secret to the server then we will take data from the server until we get "Message: " then the encrypted data is parsed and decoded from JSON format from that the IV and ciphertext are extracted from the parsed data the AES encryption key is derived by hashing the shared secret using the SHA-1 hash function. The first 16 bytes of the SHA-1 hash are used as the key for AES decryption the client then performs AES decryption in CBC mode using the derived key and the IV provided by the server The decrypted message, presumably a flag is unpadded and printed as the final result > └─$ python3 dec.py > > Received from server: > > Received from Weierstrass: Here are the curve parameters (NIST P-384) p = 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 a = -3 b = 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 And my Public Key: (3566202173137821722130092688383305924997463575472886405441749267614553800694432962044692633891912189270771281119570,20370024990198787978523063066932992609529336596289645449862709577314425763441145558827878335172048252128011578352787) > > Send to Weierstrass: Public Key x-coord: Sent Public Key x-coord: 27871206782627841017690054619484714724887553500931550506348846946398623960977733778994851543914370573191638858627662 Sent Public Key y-coord: 848511266713431150848423780814604077994361267687146716818688105948906818181396067256876072795799500811233309902020 Full response from server: Public Key y-coord: Received from Weierstrass: Message: {"iv": "ddb97c1429c6ffe5ba471468187b71cc", "ciphertext": "e58652bc2e568027635549e2b41114873c66277867207745046994cb19c3b2dc25bc5bc08484b40c5fa699df5089b4493b315929009b4c86a49c3fc0a4452f80a13d3f77716550e063254e0a93df501bedc3bedcf7f062c784fc737575d637ea"} > > Decrypted flag: NaeusGRX{L\_r3H3Nv3h\_kq\_Sun1Vm\_O3w\_4fg\_4lx\_1\_t0d\_a4q\_lk1s\_X0hcc\_Dd4J\_slAQEbh3} > > Hint: DamnKeys after getting the encrypted flag the server also gave us a hint the flag the flag still looks like a cipher text so i began to think that the hint is actually the key to getting the real flag

after doing a vigenere decode we actually solved the challenge {% endstep %} {% step %} ## Easy Jail 1 > I made this calculator. I have a feeling that it's not safe :( > > Suffering hasn't begun ````python ``` #!/usr/bin/env python3 print(" _ _ _ ") print(" | | | | | | ") print(" ___ __ _| | ___ _ _| | __ _| |_ ___ _ __ ") print(" / __/ _` | |/ __| | | | |/ _` | __/ _ \| '__|") print("| (_| (_| | | (__| |_| | | (_| | || (_) | | ") print(" \___\__,_|_|\___|\__,_|_|\__,_|\__\___/|_| ") def calc(op): try : res = eval(op) except : return print("Wrong operation") return print(f"{op} --> {res}") def main(): while True : inp = input(">> ") calc(inp) if __name__ == '__main__': main() ``` ```` we were given the source code of the server and as we can see the server will take our input and then put in the calc function which will use our input in eval() to run without filter this is very dangerous we can input **import**('os').system('cat /flag.txt') and we solved the challenge {% endstep %} {% step %} ## Restaurant > I just asked for my favourite pasta and they gave me this. Are these guys STUPID? Maybe in the end they may give me something real. (Wrap the text in KashiCTF{})

we were given a pasta picture then i tried checking if its a stegano file and i tried checking the metadata nothing was wrong but when i tried checking the hex i found something interesting

the file should finish in the ffd9 part but there were extra data after the file footer and this is weird i didnt notice until the event was over that this was a bacon cipher

KashiCTF{theywerereallllycooking} {% endstep %} {% endstepper %}