# VishwaCTF 2025

33/736

| Name | category | | --------------------------------------------------------------------------------------------------------------------- | ----------------- | | [Flames](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/vishwactf-2025#flames) | Web | | [Are we up?](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/vishwactf-2025#are-we-up) | Web | | [Scan it to stay safe](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/vishwactf-2025#scan-it-to-stay-safe) | Web | | [Leaky Stream](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/vishwactf-2025#leaky-stream) | Digital Forensics | | [Persist](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/vishwactf-2025#persist) | Digital Forensics | | [Chaos](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/vishwactf-2025#chaos) | Cryptography | | [Sanity Check](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/vishwactf-2025#sanity-check) | Misc | {% stepper %} {% step %} ### Flames > ### Find Your True Love <3. > > NOTE :\ > Challenge Deplyment Platfrom: > Registration Key: vishwactf
> > Register on the platfrom and spawn the instances accordingly.
> > Author: Abhinav @.0\_0.ace.0\_0. Starting off the challenge the website asks us to input 2 parameters to check their love level but weirdly the parameters were called in such way that its supposed to be used for login like theres a parameter for a username and for a password\ so suspecting it was using a login backend but without checking for usernames and passwords possibly just ignoring the backend but still using it i suspect it of containing a sqli vulnerability so i first tried doing ' but nothing was wrong but then i was thinking how can i extract more data so i tried UNION SELECT NULL, NULL NULL --\ ![](https://2781327171-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMuMceEGBvWN37BjlZKgv%2Fuploads%2FZXjcsMtZUWS0wDOiw3uf%2Fimage.png?alt=media\&token=270077ed-f66a-4a01-8968-b525b44a63b8) and a random link actually popped up going into that link
we actually found the flag and solved the challenge! {% endstep %} {% step %} ### Are we up?
The hint was saying something about status of their website
on the bottom left we can press on this button and it will redirect us to another endpoint
we were told about another endpoint called /flag possibly the challenge and something about local when entering /flag we will obtain a fake flag

view page source

inside the source we found another endpoint again called /uptimer now shall go inside that web
and it brought us to a web availability monitoring tools knowing that i tried some stuff like going into webs and stuff so it seems like it will go to a web that we give to it but when we try to use localhost it will be blacklisted so we can bypass this using a redirect
{% endstep %} {% step %} ### Scan it to stay safe > ### NOTE: > > Challenge Deplyment Platfrom: Registration Key: vishwactf > > Register on the platfrom and spawn the instances accordingly. > > Author: Samarth @ark.dev
starting off the challenge we were greeted by an Advanced URL Scanner and its asking for an ip me as a webex guy immediately asked my self what if we tried to scan our own server how does the url scanner work?\ so i set up my own request catcher using my favourite one > then i made the server scan my own request catcher
we actually found the flag just by making it do a request to our own server {% endstep %} {% step %} ### Leaky Stream > ### Find Your True Love <3. > > NOTE :\ > Challenge Deplyment Platfrom: > Registration Key: vishwactf
> > Register on the platfrom and spawn the instances accordingly.
> > Author: Abhinav @.0\_0.ace.0\_0. checking the stats we can see that the wireshark is using tcp we can already suspect that the message is hidden in the tcp
there was a packet comment that was given from the probsetter so we can also suspect the other flag is inside another comment we can use tshark to get this ``` tshark -r chitty-chat.pcapng -Y pkt_comment -Tfields -e frame.comment ```
{% endstep %} {% step %} ### Persist > User, “I logged onto my computer on FRIDAY and noticed something on the home screen before the computer shut down. Could it have been malware?” > > Author: Parnika @parnika\_maskar before we start the challenge we have to understand the description first he says there was something on the home screen before the computer shutdown so knowing that we can suspect that the so called "malware" opened an app in his computer knowing that usually last opened file data is saved in recentdocs recent docs is contained in this folder > Software > Microsoft > Windows > CurrentVersion > Explorer > RecentDocs so i tried going inside the Recent docs from the HKCU to check for the current user we can use reglookup to look inside the registry in linux ``` reglookup -p "/Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs" HKCU PATH,TYPE,VALUE,MTIME /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs,KEY,,2025-02-27 17:35:52 /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/MRUListEx,BINARY,%05%00%00%00%08%00%00%00%07%00%00%00%06%00%00%00%04%00%00%00%03%00%00%00%02%00%00%00%01%00%00%00%00%00%00%00%FF%FF%FF%FF, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/2,BINARY,R%00e%00g%00i%00s%00t%00r%00y%00E%00x%00p%00l%00o%00r%00e%00r%00.%00z%00i%00p%00%00%00z%002%00%00%00%00%00%00%00%00%00%00%00RegistryExplorer.lnk%00%00V%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00R%00e%00g%00i%00s%00t%00r%00y%00E%00x%00p%00l%00o%00r%00e%00r%00.%00l%00n%00k%00%00%00$%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/4,BINARY,{%00b%003%00l%001%00e%00f%00.%00t%00x%00t%00%00%00^%002%00%00%00%00%00%00%00%00%00%00%00{b3l1ef.lnk%00D%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00{%00b%003%00l%001%00e%00f%00.%00l%00n%00k%00%00%00%1A%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/6,BINARY,_%00i%00n%00.%00t%00x%00t%00%00%00R%002%00%00%00%00%00%00%00%00%00%00%00_in.lnk%00<%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00_%00i%00n%00.%00l%00n%00k%00%00%00%16%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/7,BINARY,_%00r%003%00g%00.%00t%00x%00t%00%00%00V%002%00%00%00%00%00%00%00%00%00%00%00_r3g.lnk%00%00>%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00_%00r%003%00g%00.%00l%00n%00k%00%00%00%18%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/8,BINARY,p%000%00w%00e%00r%00}%00.%00t%00x%00t%00%00%00\%002%00%00%00%00%00%00%00%00%00%00%00p0wer}.lnk%00%00B%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00p%000%00w%00e%00r%00}%00.%00l%00n%00k%00%00%00%1A%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/5,BINARY,S%00i%00l%00e%00n%00t%00 %00F%00i%00l%00e%00s%00%00%00n%002%00%00%00%00%00%00%00%00%00%00%00Silent Files.lnk%00%00N%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00S%00i%00l%00e%00n%00t%00 %00F%00i%00l%00e%00s%00.%00l%00n%00k%00%00%00 %00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.jpg,KEY,,2025-01-10 13:51:10 /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.lnk,KEY,,2025-02-27 17:19:22 /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.lnk/MRUListEx,BINARY,%FF%FF%FF%FF, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.reg,KEY,,2025-01-05 11:22:18 /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.reg/MRUListEx,BINARY,%00%00%00%00%FF%FF%FF%FF, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.reg/0,BINARY,H%00K%00C%00U%00.%00r%00e%00g%00%00%00V%002%00%00%00%00%00%00%00%00%00%00%00HKCU.lnk%00%00>%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00H%00K%00C%00U%00.%00l%00n%00k%00%00%00%18%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt,KEY,,2025-02-27 17:35:52 /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/MRUListEx,BINARY,%01%00%00%00%03%00%00%00%02%00%00%00%00%00%00%00%07%00%00%00%06%00%00%00%05%00%00%00%04%00%00%00%FF%FF%FF%FF, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/4,BINARY,p%000%00w%00e%00r%00.%00t%00x%00t%00%00%00X%002%00%00%00%00%00%00%00%00%00%00%00p0wer.lnk%00@%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00p%000%00w%00e%00r%00.%00l%00n%00k%00%00%00%18%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/5,BINARY,r%003%00d%00u%00n%00d%004%00n%00t%00.%00t%00x%00t%00%00%00d%002%00%00%00%00%00%00%00%00%00%00%00r3dund4nt.lnk%00H%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00r%003%00d%00u%00n%00d%004%00n%00t%00.%00l%00n%00k%00%00%00%1C%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/6,BINARY,r%003%00g%00.%00t%00x%00t%00%00%00R%002%00%00%00%00%00%00%00%00%00%00%00r3g.lnk%00<%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00r%003%00g%00.%00l%00n%00k%00%00%00%16%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/7,BINARY,i%00n%00.%00t%00x%00t%00%00%00P%002%00%00%00%00%00%00%00%00%00%00%00in.lnk%00%00:%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00i%00n%00.%00l%00n%00k%00%00%00%16%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/1,BINARY,p%000%00w%00e%00r%00}%00.%00t%00x%00t%00%00%00\%002%00%00%00%00%00%00%00%00%00%00%00p0wer}.lnk%00%00B%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00p%000%00w%00e%00r%00}%00.%00l%00n%00k%00%00%00%1A%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/0,BINARY,{%00b%003%00l%001%00e%00f%00.%00t%00x%00t%00%00%00^%002%00%00%00%00%00%00%00%00%00%00%00{b3l1ef.lnk%00D%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00{%00b%003%00l%001%00e%00f%00.%00l%00n%00k%00%00%00%1A%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/2,BINARY,_%00i%00n%00.%00t%00x%00t%00%00%00R%002%00%00%00%00%00%00%00%00%00%00%00_in.lnk%00<%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00_%00i%00n%00.%00l%00n%00k%00%00%00%16%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.txt/3,BINARY,_%00r%003%00g%00.%00t%00x%00t%00%00%00V%002%00%00%00%00%00%00%00%00%00%00%00_r3g.lnk%00%00>%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00_%00r%003%00g%00.%00l%00n%00k%00%00%00%18%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.zip,KEY,,2025-02-27 17:19:22 /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.zip/0,BINARY,R%00e%00g%00i%00s%00t%00r%00y%00E%00x%00p%00l%00o%00r%00e%00r%00.%00z%00i%00p%00%00%00z%002%00%00%00%00%00%00%00%00%00%00%00RegistryExplorer.lnk%00%00V%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00R%00e%00g%00i%00s%00t%00r%00y%00E%00x%00p%00l%00o%00r%00e%00r%00.%00l%00n%00k%00%00%00$%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/.zip/MRUListEx,BINARY,%00%00%00%00%FF%FF%FF%FF, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder,KEY,,2025-02-27 17:35:52 /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/0,BINARY,F%00i%00l%00e%001%00%00%00X%002%00%00%00%00%00%00%00%00%00%00%00File1.lnk%00@%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00F%00i%00l%00e%001%00.%00l%00n%00k%00%00%00%18%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/MRUListEx,BINARY,%02%00%00%00%06%00%00%00%05%00%00%00%04%00%00%00%03%00%00%00%01%00%00%00%00%00%00%00%FF%FF%FF%FF, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/1,BINARY,D%00o%00c%00u%00m%00e%00n%00t%00s%00%00%00d%002%00%00%00%00%00%00%00%00%00%00%00Documents.lnk%00H%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00D%00o%00c%00u%00m%00e%00n%00t%00s%00.%00l%00n%00k%00%00%00%1C%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/3,BINARY,T%00h%00e%00m%00e%00s%00%00%00\%002%00%00%00%00%00%00%00%00%00%00%00Themes.lnk%00%00B%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00T%00h%00e%00m%00e%00s%00.%00l%00n%00k%00%00%00%1A%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/4,BINARY,C%00h%00a%00l%00l%00e%00n%00g%00e%002%00%00%00h%002%00%00%00%00%00%00%00%00%00%00%00Challenge2.lnk%00%00J%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00C%00h%00a%00l%00l%00e%00n%00g%00e%002%00.%00l%00n%00k%00%00%00%1E%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/5,BINARY,P%00i%00c%00t%00u%00r%00e%00s%00%00%00b%002%00%00%00%00%00%00%00%00%00%00%00Pictures.lnk%00%00F%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00P%00i%00c%00t%00u%00r%00e%00s%00.%00l%00n%00k%00%00%00%1C%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/6,BINARY,M%00y%00 %00P%00i%00c%00t%00u%00r%00e%00s%00%00%00j%002%00%00%00%00%00%00%00%00%00%00%00My Pictures.lnk%00L%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00M%00y%00 %00P%00i%00c%00t%00u%00r%00e%00s%00.%00l%00n%00k%00%00%00%1E%00%00%00, /Software/Microsoft/Windows/CurrentVersion/Explorer/RecentDocs/Folder/2,BINARY,S%00i%00l%00e%00n%00t%00 %00F%00i%00l%00e%00s%00%00%00n%002%00%00%00%00%00%00%00%00%00%00%00Silent Files.lnk%00%00N%00%08%00%04%00%EF%BE%00%00%00%00%00%00%00%00*%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00S%00i%00l%00e%00n%00t%00 %00F%00i%00l%00e%00s%00.%00l%00n%00k%00%00%00 %00%00%00, ``` then cause of the huge data i asked deepseek to filter the useless data\ ![](https://2781327171-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMuMceEGBvWN37BjlZKgv%2Fuploads%2F2XuMQ37es46v1c7LdXb8%2Fimage.png?alt=media\&token=46e564dd-3597-4add-84f8-de7ef89f3798) as you can see we found the flag pattern and we solved the challenge {% endstep %} {% step %} ### Chaos > You've stumbled upon a bunch of garbled nonsense—some might call them "encrypted messages," but who really knows? Most of it is just random junk, but hidden somewhere in this mess is an actual secret. No keys, no hints, just you and the chaos. Good luck figuring it out—if you even can. > > Author: Abhinav @.0\_0.ace.0\_0. ```python import random import base64 import os messages = [] with open('https://x.com/Abhinav04139720.txt', 'rb') as f: for line in f.readlines(): messages.append(line.strip()) with open('flag.txt', 'rb') as f: flag = f.read().strip() messages.append(flag) random.shuffle(messages) def xor_encrypt(msg): transformed = bytearray(msg) for i in range(len(transformed)): transformed[i] ^= (i % 256) return base64.b85encode(transformed).decode() with open('output.txt', 'w') as f: for msg in messages: encrypted_msg = xor_encrypt(msg) f.write(f'{encrypted_msg}\n\n') ``` the code above will take the text from a web then put it inside messages then it will clean the string from spaces and enters then it will open the real flag.txt file then it also cleans the extra spaces and enters and stores it to flag and append it to the message then it will shuffle the messages making it hard to find the flag then the text will be encrypted using xor first it will convert the message to a sequence of bytes so we can modify it then it will over then we will xor the bytes using the i % 256 after xoring we will b85 encode the message then we will write the output to a file called output.txt after reading this code this is easily reversible ### solver ```python import base64 def xor_decrypt(encrypted_msg): decoded = base64.b85decode(encrypted_msg) decrypted = bytearray() for i in range(len(decoded)): decrypted.append(decoded[i] ^ (i % 256)) return decrypted.decode() with open('output.txt', 'r') as f: lines = f.readlines() for line in lines: line = line.strip() if line: try: decrypted = xor_decrypt(line) print(f"Ciphertext: {line}") print(f"Decrypted: {decrypted}") print("-" * 40) except Exception as e: print(f"Error decrypting: {line}") print(f"Error: {e}") print("-" * 40) ``` first we decode the message so it will return to the bytes it was then we will put it in a sequence of bytes while xoring them again with their own i % 256 to get back the original bytes then we can return the decode() and we solved the challenge {% endstep %} {% step %} ### Sanity check > Let's get started and look at the bigger picture
zoom out {% endstep %} {% step %} ### {% endstep %} {% endstepper %}