USCYBERGAME 2025 Writeup

 
// Inside the cookie storage, I found a suspicious-looking base64 string:
QWZ0ZXIgaW5zcGVjdGluZyB0aGUgY29udGVudHMsIGhlJ2xsIGhvcCBvbiB0aGUgUk9CT1QgdmFjY3V1bSBwaWNraW5nIHVwIHRoZSBjcnVtYnMgaGUgbWFkZS4KQ3J1bWIgMTogZFY5Q1FHc3paRjloVA==

┌──(mburk4㉿notRoot)-[~/Downloads]
└─$ echo "QWZ0ZXIgaW5zcGVjdGluZyB0aGUgY29udGVudHMsIGhlJ2xsIGhvcCBvbiB0aGUgUk9CT1QgdmFjY3V1bSBwaWNraW5nIHVwIHRoZSBjcnVtYnMgaGUgbWFkZS4KQ3J1bWIgMTogZFY5Q1FHc3paRjloVA==" | base64 -d
After inspecting the contents, he'll hop on the ROBOT vaccuum picking up the crumbs he made.
Crumb 1: dV9CQGszZF9hT  "

Phase 4: Baking Time Begins

Inside the /kitchen directory, I discovered a README.txt file:

While exploring further around the kitchen, I stumbled upon a handwritten recipe note:

It was clear the final ingredient the last crumb was near. After some digging, I found a Milk.js file. Inside it? The final crumb I needed

With all the crumbs now collected, I combined them to bake the final cookie string which was a base64 encoded string.

To activate it, I opened the browser's developer tools, modified the original cookie, and pasted in my freshly baked value. A quick refresh later...

Voila

Flag:SVBRG{he_w1ll_g!v3_y0u_A_fl@g_a5_tH4nk%!}

Future Of SWE (Forensics)

The Future Of SWE challenge focused on digital forensics, where critical files had been deleted by an AI named Clippy. The goal was to recover those files and extract the flag hidden within them.

Autopsy Workflow

• Deleted ProjectNextBigThing.docx
• Recovered meeting_notes.txt

The Docs cannot be read normally as it seems to be encrypted

To open the ProjectNextBigThing.docx file, the password clippyisawesome was used.

After opening the file,the flag is shown:

Flag:SVUSCG{th3_futur3_is_look1n_br1ght}

Just Look At It (Stego)

Steganography with password-protected embedding

Toolchain

At first glance, the file appeared to be a standard image. I began my analysis with a few foundational checks.

I ran strings to extract any readable text it came up clean. I followed up with binwalk and foremost to check for any hidden or embedded files, but the output confirmed the image wasn’t hiding anything obvious using those methods.

Knowing steganography often hides data behind a passphrase, I selected a tool built for this challenge: stegseek.

Stegseek is designed to extract hidden data from image files using a wordlist. I launched it against the image using a rockyou based wordlist. Within seconds, stegseek successfully brute-forced the password and extracted the embedded file containing the flag.

Flag:SVUSCG{l00k_4t_th1s_gr44444444444ph}

Deleted (Forensics)

File recovery challenge, find and restore a file that had been deleted from the file system.

This challenge was straightforward and efficient.

I loaded the provided disk image into Autopsy, a powerful digital forensics tool.

Using Autopsy’s file recovery feature, I quickly identified a set of deleted files. One of them stood out an image file.

Opening the image revealed the flag embedded directly within it.

Flag:SVUSCG{FILE_DELETE_2025}

Redactable (Forensics)

The Redactable challenge began with a locked PDF file.

The objective was clear: gain access, extract its contents, and reveal the hidden secret embedded within.

It unfolded as a fun, multi-step journey through PDF analysis and content extraction.

Password Cracking

As part of my usual process for dealing with password-protected PDFs, I started by using pdf2john to extract the password hash from the file. With the hash in hand, I turned to John the Ripper to crack it. The tool quickly identified the password using a common wordlist.

Hashcat is another excellent alternative for this task

Image Extraction

There are several ways to extract embedded content from a PDF, but I opted for a reliable utility from the Poppler

Using pdfimages, I first listed all the images embedded in the PDF with the following command:

pdfimages -list redactable.pdf -opw friends4eva

This confirmed the presence of images within the document.

Next, I extracted them using the appropriate format by running:

pdfimages -j redactable.pdf image -opw friends4eva

The -j flag ensures that JPEG-compressed images are extracted in their native format. You can adjust the output extension if needed.

The image extracted from the PDF appeared scrambled, making the content unreadable.

GIMP Distortion Fix

I used GIMP to fix the distorted image.

Under Filters → Distorts → Whirl and Pinch, I reversed the swirl by adjusting the Whirl slider.

The image cleared up, and the flag was revealed.

Before	After

Flag:SVUSCG{oops_i_did_it_again_i_didnt_redact}

Gotta Go Low (Crypto)

The Gotta Go Low challenge was a classic RSA crypto puzzle. We were given an encrypt.py script and an encrypted flag, with the goal of reversing the encryption. While reviewing the script, one flaw stood out immediately: the RSA public exponent e was set to 3. Using such a small exponent without proper padding is a well-known weakness in RSA. It can make the ciphertext vulnerable to simple attacks especially if the message is small enough to avoid modular wrapping.

Automated Solution

To recover the plaintext, I crafted a script based on a known low-exponent RSA attack. Once executed, the script successfully computed the plaintext and revealed the flag.

Flag:SVBGR{l0w_3xp0nent5_@r3_n0t_s@fe}

CTF Café (Reverse Engineering)

This challenge involved analyzing a 64-bit ELF binary with protections enabled. Through static analysis and decompilation, I identified a hidden function, secret_sauce(), which performed a simple XOR operation to reveal the flag.

By extracting the encoded data and reversing the logic in Python, I successfully decrypted the flag.

Flag:SVBGR{d3c0p1l3rs_m4k3_l1f3_34sy}

I earned a badge for participating in this Competion.

📥 Click to download the badge

Note: This badge was awarded for active participation in the CTF and reflects my continued involvement and learning.

The hunt continues... See you in the next round • ͜ •