Resources

• Picoctf: CMU founded CTF training and learning platform great for "learn as you go."
• CyberChief: For Encryption/Decryption and Encode/Decode

General Knowledge

• grep
• strings
• | (pipe)

Forensics

• Base64 encoding: transforms any binary data (like images or files) into a string of printable ASCII characters
• Steganography: method that hides information in a non-secret file such as an image, or audio. The existence of the hidden message is unobservable to the viewer. Some of the most common techniques used includes LSB (least significant bit).

Tools

• Image analysis:

  • zsteg: Package based on Ruby allows user to check metadata of images and steganography; specifically for .png and ,bmp images. It analyzes images to detect hidden data and extract hidden information on least significant and other steganography techniques.
  • steghide: Steganography tool used to hide/reveal hidden data in images/audio files; mostly used with .jpeg, .bmp, .wav, and .au files.
  • identify: Tool from ImageMagick, used to analyze and display information about image files such as image format, dimensions, file size, medatadata and properties.

• Skills:

  • Converting files to base64 and to an image file

  • # -d stands for decode
    cat file.txt | base64 -d > file.jpeg

Cryptography

• Hash: Hash encryption generates a unique hashcode for each piece of data. It is often used to check file integrity by comparing the hash value of the package being installed and the original package to prevent potential modifications from unauthorized parties. Given a hashed value, to try to get the original value, we can use wordlist and word maps and try all different combinations to get their hashcode and comparing to the given hashed value. This is called bruteforce attacking/guess and checking.
• RSA Encryption: Asymmetric encryption that involves the encrypted message (C), the original message (M), public key (e, n), and private key (d, n). Where d and e are prime of the product n.

  • Mathematical relationships are:

    • Encryption C ≡ Mᵉ (mod n)
    • Decryption M ≡ Cᵈ (mod n)

    Note

    ≡ indicates congruence, where under the context of A ≡ B (mod n), it means A and B have the same remainder when divided by n.

    Example Use of RSA

    Key Generation (Creating the Padlock and Key)

    This is the most complex part, done once by the receiver (let's call her Alice).

    • Choose Two Prime Numbers: Alice picks two large, random, and distinct prime numbers, p and q.
      • Example (using small, manageable numbers): p = 3, q = 11
    • Calculate the Modulus (n): Multiply p and q to get n. This number will be part of both the public and private keys.
      • n = p * q = 3 * 11 = 33
      • n is the "padlock" itself. Its length in bits (e.g., 2048, 4096) is what we refer to as the "key size" and determines the security.
    • Calculate Euler's Totient (φ(n)): This is φ(n) = (p-1) * (q-1). It's the number of integers less than n that are relatively prime to n (i.e., share no common factors with n).
      • φ(n) = (3-1) * (11-1) = 2 * 10 = 20
    • Choose the Public Exponent (e): Alice picks a number e that must be:
      • Less than φ(n) (which is 20).
      • A coprime with φ(n) (meaning they share no common factors other than 1).
      • Example: e = 7 (7 and 20 share no common factors).

      The pair (e, n) is the Public Key. Alice can broadcast this to the world. In our example, the public key is (7, 33).

    • Calculate the Private Exponent (d): This is the magic step. Alice calculates d, which is the modular multiplicative inverse of e mod φ(n). In simpler terms, d is the number that satisfies this equation:
      • (d * e) mod φ(n) = 1
      • (d * 7) mod 20 = 1
      • After calculating, d = 3 (because 3 * 7 = 21, and 21 mod 20 = 1).

      Info

      The pair (d, n) is the Private Key. Alice must guard this with her life. In our example, the private key is (3, 33).

    Encryption (Locking the Message)

    Now, someone else (Bob) wants to send Alice a secret message. The message must be a number M less than n. (In real life, text is converted into a large number).

    • Bob gets Alice's Public Key: (e, n) = (7, 33).
    • He has his message, which is a number M. Let's say M = 4 (for example, representing the letter 'D').
    • He encrypts it using the encryption formula to get the ciphertext C: -C = M^e mod n
      • C = 4^7 mod 33
        • Let's calculate: 4^7 = 16,384
        • 16,384 / 33 = 496.606... -> 33 * 496 = 16,368
        • 16,384 - 16,368 = 16
        • So, C = 16
    • Bob sends the ciphertext C = 16 to Alice.

    Decryption (Unlocking the Message)

    Info

    Alice receives the ciphertext C = 16. She uses her Private Key: (d, n) = (3, 33).

    • She decrypts it using the decryption formula to recover the original message M:
      • M = C^d mod n
      • M = 16^3 mod 33
        • Let's calculate: 16^3 = 4,096
        • 4,096 / 33 = 124.121... -> 33 * 124 = 4,092 - 4,096 - 4,092 = 4
      • So, M = 4
    • Alice has successfully decrypted the secret message 4 that Bob sent.

Tools

• Hash-cracking:
  • hashcat: GPU-accelerated tool for hash-cracking such as SHA1, SHA2-256, MD5, bcrypt.

    hashcat -m (hashtype: 0 = MD5, 100 = SHA1, 1400 = SHA2-256, 3200 = bcrypt) -a 0 (hashed text) (wordlist path)

Contributors

Lunear01aier9500

Changelog

12/11/25, 5:51 PM

View All Changelog

• 35118-Grammar and Spell Checks for the entire Webon 12/11/25
• 5810a-Cleaner way of displaying contributors in articles.on 12/9/25
• d5554-Fix typos and enhance clarity in CTF second brain guideon 11/11/25
• 4fc42-Update author name in CTF guideon 11/11/25
• 26c5a-Restructuring tags.on 11/10/25
• aa7ed-CTF page Updateon 10/18/25
• 4d57f-CTF guide updatedon 10/18/25
• 0547e-updated ctf pageon 10/17/25
• c30bc-New ctf pageon 10/17/25