ACECTF 2025 WriteUp | LuffySec | STELK_CSC
My team, Stelk_CSC, participated in ACECTF 2025, completing 23 challenges with a variation of categories Cryptography, Forensic, Reverse Engineering, OSINT, Web, Misc and PWN. securing 65th place out of 661 teams, now I’m gonna share a writeup of some chall that I solved
Broken Secret | 100 Points | Forensic
We we’re given a file, and the desc say it has been broken and cannot be opened normally, so analyzing this file I found out that this file is a 7z archive data
Extracting the zip file and we got this folder
Navigating to the word > media directory, we found a file named not_so_suspicious_file. Upon examining its hex dump, we discovered that it is a corrupted PNG file. To open the image, we need to repair its header. Let’s open hexed.it and modify the first few bytes to:
89 50 4E 47 0D 0A 1A 0A
We got our first FLAGG !
Virtual Hard Disk | 200 Points | Forensic
Analyzing the files, it was disk boot file
When dealing with this type of file, I immediately open FTK Imager and navigate through each folder. In one of the image files, I found two files named flag and key in one of the image files.
Flag : CTCHHW{7t3_h1hw3p3sq3_s37i33r_a0l_4li_a3}
Key : cryforme
This is a vigenere cipher, decrypting this flag with the correct key i got the decrypted flag !
Keyboard Echo | 300 Points | Forensic
We’re tasked to analyze a pcapng file, intercept the traffic and extract the keystrokes into readable text, I'm kinda stuck in here for a while but i found this blogs that explain this kind of thing step by step :
So first of all we need to run this command :
tshark -r challenge.pcapng -T fields -e usb.capdata > usbdata
0100000000000000
0100150000000000
0000150000000000
0000000000000000
0400000000000000
04002b0000000000
00002b0000000000
0000000000000000
00001c0000000000
0000000000000000
0000270000000000
0000000000000000
0000180000000000
0000000000000000
00000b0000000000
0000000000000000
0000210000000000
0000000000000000
0000190000000000
0000000000000000
0000200000000000
0000000000000000
0000090000000000
0000000000000000
0000270000000000
0000000000000000
0000180000000000
0000000000000000
0000110000000000
0000000000000000
0000070000000000
0000000000000000
00001e0000000000
0000000000000000
0000240000000000
0000000000000000
0100000000000000
0100150000000000
0000000000000000
0400000000000000
04002b0000000000
0400000000000000
0000000000000000
And we get this set of data, using the given script on the blogs we get the readable text of the keystrokes !
Flag : ACECTF{y0u_h4v3_f0und_17}
Cryptic Pixels | 200 Points | Steganography
Given a png file and i try to run zsteg to find out if there is a hidden file inside it
We discovered that there is a ZIP archive inside the file. I quickly ran foremost
to extract the ZIP file and noticed that it is password-protected. Now, I need to crack the password using John the Ripper.
The zip is successfully cracked and now we got the password : qwertyuiop after unzipping we got the flag.txt file but it is encrypted
JLNLCO{q4q4_h0d'a3_5v4a7}
Analyzing this cipher into dcode.fr it detected it as a rot cipher and we got the flag :D
Tab&Spaces | 100 Points | Steganography
We we’re given a zip file, unzipping the file it contains plenty of image file inside the files folder
Notice that all the image have the same size except for one image that is . 87.jpg so i quickly do an analysis on this image, first i will extract hidden data inside this jpg file using steghide
We successfully discovered one file named whitespace_flag.txt analyzing the content of this file it just all empty line
So what I'm going to do in here is converting the Tab&Spaces into binary code like this
After getting the binary code ill convert it to the plain text and get the flag !
Significance of Reversing | 200 Points | Reverse Engineering
Analyzing the hexdump of the png file we found at the end of the line there is a words FLE which is a reversed words of ELF so we are tasked to reverse this whole files, here is script to automate this :
import sys
def reverse_file(input_file, output_file):
try:
with open(input_file, 'rb') as f:
data = f.read()
with open(output_file, 'wb') as output:
output.write(data[::-1])
print(f"Successfully reversed '{input_file}' and saved as '{output_file}'")
except Exception as e:
print(f"Error: {e}")
if __name__ == '__main__':
input_file = 'Reverseme.png'
output_file = 'elffile'
if len(sys.argv) > 2:
input_file = sys.argv[1]
output_file = sys.argv[2]
reverse_file(input_file, output_file)
DONOTOPEN | 400 Points | Reverse Engineering
We were given a python files and its looks like MD5 Checksum of a file
#!/bin/bash
TMP_DIR=$(mktemp -d)
PYTHON_SCRIPT="$TMP_DIR/embedded_script.py"
CHECKSUM_FILE="$TMP_DIR/checksum.txt"
EXPECTED_CHECKSUM="g5c533c0e5e1dd82051e9ee6109144b6"
ARCHIVE_START=$(awk '/^__ARCHIVE_BELOW__/ {print NR + 1; exit 0; }' "$0")
tail -n +$ARCHIVE_START "$0" | gzip -d > "$PYTHON_SCRIPT"
CALCULATED_CHECKSUM=$(md5sum "$PYTHON_SCRIPT" | awk '{ print $1 }')
if [ "$CALCULATED_CHECKSUM" != "$EXPECTED_CHECKSUM" ]; then
echo "Checksum mismatch! The embedded script may have been corrupted."
echo "Doesnt match with the MD5 checksum - a3c533c0e5e1dd82051e9ee6109144b6"
rm -rf "$TMP_DIR"
exit 1
fi
python3 "$PYTHON_SCRIPT"
rm -rf "$TMP_DIR"
exit 0
__ARCHIVE_BELOW__
****PYTHON FILE******
Below the __ARCHIVE_BELOW__
line, there is a Python file that has been compressed using gzip. To access the script, we need to extract and decompress it.
Here is a script I use to extract the Python file:
awk '/^__ARCHIVE_BELOW__/ {found=1; next} found' DONTOPEN | gzip -d > extracted_script.py
This is a pin code checker program, after inspecting the source code of the file we got the pin code
Now lets run this and put in the correct pin code and get the flag !!
Buried Deep | 100 Points | Web
We we’re given a websites address going through the websites and navigating to the robots.txt we got plenty of secret directories
in one of the directories we got an ASCII Code on the /buried/
Decoding this we got part 1 of the flag
Now for the 2nd part of the flag its in /secret_path directories
this is a morse code, decoding this morse code give us the 2nd flag
For the 3rd part of the flag its on the styles.css
it was encoded by ROT47 decoding this give us the final flag !
Flag : ACECTF{1nf1l7r471ng_7h3_5y573m_15_345y_wh3n_y0u_kn0w_wh3r3_7h3_53cr3t5_4r3_buri3d}
Falls of 2022 | 100 Points | OSINT
This challenge is a bit tricky, but if you carefully analyze the description, you’ll understand what to do. The mention of “TXT” in the description suggests that the flag might be hidden in a TXT record of the domain.
To check the TXT record for the domain acectf.tech, we can use the following command:
nslookup -type=TXT acectf.tech