Open in app

Sign in

Write

Sign in

ACECTF 2025 WriteUp | LuffySec | STELK_CSC

Hack4Fun Academy
7 min read4 days ago

--

My team, Stelk_CSC, participated in ACECTF 2025, completing 23 challenges with a variation of categories Cryptography, Forensic, Reverse Engineering, OSINT, Web, Misc and PWN. securing 65th place out of 661 teams, now I’m gonna share a writeup of some chall that I solved

Broken Secret | 100 Points | Forensic

We we’re given a file, and the desc say it has been broken and cannot be opened normally, so analyzing this file I found out that this file is a 7z archive data

Extracting the zip file and we got this folder

Navigating to the word > media directory, we found a file named not_so_suspicious_file. Upon examining its hex dump, we discovered that it is a corrupted PNG file. To open the image, we need to repair its header. Let’s open hexed.it and modify the first few bytes to:

89 50 4E 47 0D 0A 1A 0A

We got our first FLAGG !

Virtual Hard Disk | 200 Points | Forensic

Analyzing the files, it was disk boot file

When dealing with this type of file, I immediately open FTK Imager and navigate through each folder. In one of the image files, I found two files named flag and key in one of the image files.

Flag : CTCHHW{7t3_h1hw3p3sq3_s37i33r_a0l_4li_a3}
Key : cryforme

This is a vigenere cipher, decrypting this flag with the correct key i got the decrypted flag !

Keyboard Echo | 300 Points | Forensic

We’re tasked to analyze a pcapng file, intercept the traffic and extract the keystrokes into readable text, I'm kinda stuck in here for a while but i found this blogs that explain this kind of thing step by step :

Decoding Mixed Case USB Keystrokes from PCAP

During a recent assessment, I captured USB keystrokes as a part of a larger set of data from a system. I spent a few…

blog.stayontarget.org

So first of all we need to run this command :

tshark -r challenge.pcapng -T fields -e usb.capdata > usbdata
0100000000000000
0100150000000000
0000150000000000
0000000000000000
0400000000000000
04002b0000000000
00002b0000000000
0000000000000000
00001c0000000000
0000000000000000
0000270000000000
0000000000000000
0000180000000000
0000000000000000
00000b0000000000
0000000000000000
0000210000000000
0000000000000000
0000190000000000
0000000000000000
0000200000000000
0000000000000000
0000090000000000
0000000000000000
0000270000000000
0000000000000000
0000180000000000
0000000000000000
0000110000000000
0000000000000000
0000070000000000
0000000000000000
00001e0000000000
0000000000000000
0000240000000000
0000000000000000
0100000000000000
0100150000000000
0000000000000000
0400000000000000
04002b0000000000
0400000000000000
0000000000000000

And we get this set of data, using the given script on the blogs we get the readable text of the keystrokes !

Flag : ACECTF{y0u_h4v3_f0und_17}

Cryptic Pixels | 200 Points | Steganography

Given a png file and i try to run zsteg to find out if there is a hidden file inside it

We discovered that there is a ZIP archive inside the file. I quickly ran foremost to extract the ZIP file and noticed that it is password-protected. Now, I need to crack the password using John the Ripper.

The zip is successfully cracked and now we got the password : qwertyuiop after unzipping we got the flag.txt file but it is encrypted

JLNLCO{q4q4_h0d'a3_5v4a7}

Analyzing this cipher into dcode.fr it detected it as a rot cipher and we got the flag :D

Tab&Spaces | 100 Points | Steganography

We we’re given a zip file, unzipping the file it contains plenty of image file inside the files folder

Notice that all the image have the same size except for one image that is . 87.jpg so i quickly do an analysis on this image, first i will extract hidden data inside this jpg file using steghide

We successfully discovered one file named whitespace_flag.txt analyzing the content of this file it just all empty line

So what I'm going to do in here is converting the Tab&Spaces into binary code like this

After getting the binary code ill convert it to the plain text and get the flag !

Significance of Reversing | 200 Points | Reverse Engineering

Analyzing the hexdump of the png file we found at the end of the line there is a words FLE which is a reversed words of ELF so we are tasked to reverse this whole files, here is script to automate this :

import sys

def reverse_file(input_file, output_file):
    try:
        with open(input_file, 'rb') as f:
            data = f.read()

        with open(output_file, 'wb') as output:
            output.write(data[::-1])

        print(f"Successfully reversed '{input_file}' and saved as '{output_file}'")
    except Exception as e:
        print(f"Error: {e}")

if __name__ == '__main__':
    input_file = 'Reverseme.png'
    output_file = 'elffile'

    if len(sys.argv) > 2:
        input_file = sys.argv[1]
        output_file = sys.argv[2]

    reverse_file(input_file, output_file)

DONOTOPEN | 400 Points | Reverse Engineering

We were given a python files and its looks like MD5 Checksum of a file

#!/bin/bash

TMP_DIR=$(mktemp -d)
PYTHON_SCRIPT="$TMP_DIR/embedded_script.py"
CHECKSUM_FILE="$TMP_DIR/checksum.txt"

EXPECTED_CHECKSUM="g5c533c0e5e1dd82051e9ee6109144b6" 

ARCHIVE_START=$(awk '/^__ARCHIVE_BELOW__/ {print NR + 1; exit 0; }' "$0")
tail -n +$ARCHIVE_START "$0" | gzip -d > "$PYTHON_SCRIPT"


CALCULATED_CHECKSUM=$(md5sum "$PYTHON_SCRIPT" | awk '{ print $1 }')


if [ "$CALCULATED_CHECKSUM" != "$EXPECTED_CHECKSUM" ]; then
  echo "Checksum mismatch! The embedded script may have been corrupted."
  echo "Doesnt match with the MD5 checksum - a3c533c0e5e1dd82051e9ee6109144b6"
  rm -rf "$TMP_DIR"
  exit 1
fi


python3 "$PYTHON_SCRIPT"


rm -rf "$TMP_DIR"
exit 0

__ARCHIVE_BELOW__
****PYTHON FILE******

Below the __ARCHIVE_BELOW__ line, there is a Python file that has been compressed using gzip. To access the script, we need to extract and decompress it.

Here is a script I use to extract the Python file:

awk '/^__ARCHIVE_BELOW__/ {found=1; next} found' DONTOPEN | gzip -d > extracted_script.py

This is a pin code checker program, after inspecting the source code of the file we got the pin code

Now lets run this and put in the correct pin code and get the flag !!

Buried Deep | 100 Points | Web

We we’re given a websites address going through the websites and navigating to the robots.txt we got plenty of secret directories

in one of the directories we got an ASCII Code on the /buried/

Decoding this we got part 1 of the flag

Now for the 2nd part of the flag its in /secret_path directories

this is a morse code, decoding this morse code give us the 2nd flag

For the 3rd part of the flag its on the styles.css

it was encoded by ROT47 decoding this give us the final flag !

Flag : ACECTF{1nf1l7r471ng_7h3_5y573m_15_345y_wh3n_y0u_kn0w_wh3r3_7h3_53cr3t5_4r3_buri3d}

Falls of 2022 | 100 Points | OSINT

This challenge is a bit tricky, but if you carefully analyze the description, you’ll understand what to do. The mention of “TXT” in the description suggests that the flag might be hidden in a TXT record of the domain.

To check the TXT record for the domain acectf.tech, we can use the following command:

nslookup -type=TXT acectf.tech

This is it for my ACECTF WriteUp, hope i can do more chall in the next edition of ACECTF

Ctf Writeup
Ctf
Cybersecurity

--

--

Hack4Fun Academy
Hack4Fun Academy

Written by Hack4Fun Academy

50 Followers
2 Following

Community that teach u all about hacking world, Founder LuffySec

Responses (2)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams