Review: EliteGhost CTF 2023

The summary for this CTF experience

Here is the challenge link if you somehow interested to check out other challenges:

EliteGhost CTF 2023

I admit, I got completely outclassed in this CTF. Even with sickness, I did not manage to even get one flag out of six offered for the OSINT category. That’s low.

Bygone be bygones, I can’t change the outcome of this CTF for myself. However, I can review the close call challenges and see in what aspect that I lack to solve the challenges. Let us start with the review:

[Source]

Write-Up EG CTF 2023

EG-CTF-2023/README.md at main · 5kitsune/EG-CTF-2023

Special mention for Octopus, thanks Hal:

My EliteGhost 2023 CTF write-up. Part 4.

Thanks to all the writeup writers here, I did not manage to find your socials to properly credit but if I do then I’ll do it.

[The challenges]

• Farewell

Current progress: Got the phone number, did try using tools like phoneinfoga to get something but nothing happens

Weakness: Does not realize the hint directly give the tool.

Hint:

Solution:

1. Extract out the mobile number from the letter given

The phone number is highlighted in this picture

2. Open the Web Getcontact and search the number in the app

(note: download the app first in your phone and scan the QR code for you to activate this search)

Link:

Getcontact Web

We got our flag already by the search

• Broken Man

Current progress: I got the exact video that the challenge shows but stuck there as I got carried away by the rabbit hole

The video:

The rabbit hole:

I filter the video based on new comments and find this one. I just endlessly search this guys profile to find something.

Weakness: Did not read the query properly. Even within the questions there are hint of @theniceguy4485 account. When it’s not your day, it is not your day. Maybe physical sickness causes this blunder to happen.

Solution:

1. Open the video and search comments made by theniceguy

We find a comment made by Eliteghost MY with some Base64 code

2. Decode the Base64 code to get the flag

The decoder:

Base64 Decode and Encode - Online

• Octopus

Current progress: Open the file string but no clue on how to piece the hint together

Weakness: Brain in mush mode due to physical sickness. I got all the tools, just dunno why I did not get the challenge

Hint:

Hint #1

Hint #2

Solution:

1. Reverse image search the image given in the question using RevEye Reverse Image Search on chrome, firefox.

The reverse image search result. We know that the question is somehow related to github.

2. Follow hint #2 and extract string using Cyberchef

We got some Base64 string at the bottom of the string file

3. Decode the Base64 code using the decoder

The decoder:

Base64 Decode and Encode — Online

We got some sort of github user and directory

4. Open the gathered code in github (https://github.com/0hanif0/EGCTF2023)

We got this. Damn it.

5. Browse around the repo to see anything flag related. I ended up just click the new folder untill got upside down text

This confirm the flag but first we need to un-reverse the text

6. Use https://fsymbols.com/generators/aboqe-flip/ to un-filp the word

We got the flag

• Oldest Historical Tree

Current progress: I did try search for pokemon GO OSINT to see how to access the map. The closest that I’ve got is this article:

Pokémon GO OSINT Techniques: Part I

From this article, I got the map is using OpenStreetMap. From the hint, I also got that the place is Dataran KTM Ipoh. I am stuck there.

OpenStreetMap

Weakness: the pokemon GO stuff threw me off guard + new knowledge on old krytan

Hint:

Solution:

1. Open the link given in the clue (the link redirects to Dataran KTM Ipoh):

2. Scroll through the image until got the same picture gathered in the challenge

on the lower half, of the pic we got a facebook link. Let us try open that.

3. Open the link given and check if anything weird on the link given

The link:

EliteGhost

Under the latest post, we got this weird comment

4. Open further the weird account

We got the tree picture, let us open further

At the upper left corner of the picture, we got this

5. Try decode the code on the picture

GitHub - H0j3n/EzpzCTF

In this repo, we got the picture that similar to what we got

The one that we got is this Old Krytan language

After decode, got the flag

FLAG : EG{L0T5_0F_M3M0R135}

• Thirsty

Current progress: No idea how to start this challenge after opening the pokemon GO file

Weakness: Does not read the prompt properly

Hint:

Solution:

1. Read properly the question.

We can see that Pikachu want Frappucinos at Starbucks near Ipoh

2. Search Starbucks at Ipoh and correlate it with the pokemon GO map given

This is Starbucks Medan Gopeng

This is the given pic, looks similar

So, the password for Place.zip is Starbucks Medan Gopeng

3. Open the Place.zip using the password gathered

We got this pic, let us search instagram with this profile pic, we know that the person liked this pic

Search the likes in the pic, we got the account, nnshuada._

4. Open the nnshuhada._ account

We got the frappucino menu and the pikachu pic. Let us open the pic to reveal more detail

The highlighted caption above is the password for Menu.zip

Menu.zip password: MOCHAPRALINEFRAPPUCCINO

5. Open up the Menu.zip file

This is Music.txt

This is Music.mp4. This is clearly a book cipher.

6. Use Book cipher decoder to get the flag

The decoder:

Book Cipher Decoder (online tool) | Boxentriq

This is the result after the decode. Follow the format as the pic to get the flag

• SixSenses

Current progress: Able to decode the sign language part and got the mp3, lost at searching Aiman at instagram

Weakness: Brain in mush mode.

Hint:

Hint #1

Hint #2

Hint #3

Solution:

1. Decode the flag.png file

This is the flag.png file

Using this alphabet to decode the flag.png file (source: https://www.faithour.com/bim-deaf/)

The result: https://eliteghost.tech/lalala.mp3

2. Open the link

This is what the link will show. They will show the song, Around the world (lalala) by R3HAB remix (damn my EDM ears..)

I did not catch anything due to me vibing to the song so I follow hint #3 that says “Cari Aim__ di EliteGhost Instagram”. My first instict would be Aiman

3. Search Aiman on EliteGhost Instagram

After searching on EliteGhost IG, we got this guy

Yup, this is our guy

This is the 2nd highlight. We need to arrange it based on this order

4. Find each senses in order to get the flag

> Eyes

The 1st highlight

The first highlight redirects to this link:

https://eliteghost.tech/eye.jpg

This is the content of eye.jpg. Kakashi’s Mangekyou Sharingan. Maybe to indicate additional sense?

> Ear

The 2nd post made by aiman shows a shadow of an ear with the captions S3NS3_

> Tounge

• Open izzkhamilia’s (the other account that aiman follow) account, we can see a tounge on her highlights

This is the account with tounge on her highlights

This is the detail on the tounge

For this we will follow hint #2

This is what you get when you enter the link (https://www.wattpad.com/961559598-%F0%9D%90%82%F0%9D%90%A8%F0%9D%90%9D%F0%9D%90%9E%F0%9D%90%AC-%F0%9D%90%9A%F0%9D%90%A7%F0%9D%90%9D-%F0%9D%90%82%F0%9D%90%A2%F0%9D%90%A9%F0%9D%90%A1%F0%9D%90%9E%F0%9D%90%AB%F0%9D%90%AC-%F0%9D%90%87%F0%9D%90%A2%F0%9D%90%9E%F0%9D%90%AB%F0%9D%90%A8%F0%9D%90%A0%F0%9D%90%A5%F0%9D%90%B2%F0%9D%90%A9%F0%9D%90%A1%F0%9D%90%A2%F0%9D%90%9C%F0%9D%90%AC)

This is the location of the taste bud on the tounge

Following the tastebud order and the hieroglyphs, we got:

IS_SO

> Nose

There are 2 sections in this post, first, the R4 scribble in the picture, second the brainfuck caption

Decode the brainfuck caption using the decoder:

https://www.dcode.fr/brainfuck-language

We got: R4R3}

Piece em’ all together we got: EG{SIX_S3NS3_IS_SO_R4R3}

Finally finished reviewing all the challenge done in this CTF.

If there’s any issue regarding the content, please inform me at @thisisfinx on twitter

Thank you for reading and have a good day :)