Hey everybody!

It’s Shahabor Hossain Rifat here.Today we will slove Cicada-3301 Vol:1 room on tryhackme.

So, without further ado, let’s get started.

So, at first download task files . After downloading I found a zip file and extracted the zip file. After extracting I got two files.

I found an audio file. Let’s analyze the audio file with Sonic Visualiser. After analyzing the audio file I found QR code.

After scanning the QR code I found the following link.

`https://pastebin.com/wphPq0Aa`

I visited the link and I found some text in Pastebin

Let’s decrypt the passphrase and key with CyberChef

Now to get the final passphrase

Let’s find the secret message with steghide from image .

Let’s visit the link. In this link I found an image. I downloaded the image and tried to find the hidden files using the outguess tool.

Outguess tool link : https://github.com/crorvick/outguess

```
[r1fat@exploit outguess]$ outguess -r image-link.jpg tryhackme
Reading image-link.jpg....
Extracting usable bits: 29035 bits
Steg retrieve: seed: 38, len: 1351
[r1fat@exploit outguess]$ cat tryhackme
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Welcome again.
Here is a book code. To find the book, break this hash:
b6a233fb9b2d8772b636ab581169b58c98bd4b8df25e452911ef75561df649edc8852846e81837136840f3aa453e83d86323082d5b6002a16bc20c1560828348
Use positive integers to go forward in the text use negative integers to go backwards in the text.
I:1:6
I:2:15
I:3:26
I:5:4
I:6:15
I:10:26
/
/
I:13:5
I:13:1
I:14:7
I:3:29
I:19:8
I:22:25
/
I:23:-1
I:19:-1
I:2:21
I:5:9
I:24:-2
I:22:1
I:38:1
Good luck.
3301
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJQ5QoZAAoJEBgfAeV6NQkPf2IQAKWgwI5EC33Hzje+YfeaLf6m
sLKjpc2Go98BWGReikDLS4PpkjX962L4Q3TZyzGenjJSUAEcyoHVINbqvK1sMvE5
9lBPmsdBMDPreA8oAZ3cbwtI3QuOFi3tY2qI5sJ7GSfUgiuI6FVVYTU/iXhXbHtL
boY4Sql5y7GaZ65cmH0eA6/418d9KL3Qq3qkTcM/tRAHhOZFMZfT42nsbcvZ2sWi
YyrAT5C+gs53YhODxEY0T9M2fam5AgUIWrMQa3oTRHSoNAefrDuOE7YtPy40j7kk
5/5RztmAzeEdRd8QS1ktHMezXEhdDP/DEdIJCLT5eA27VnTY4+x1Ag9tsDFuitY4
2kEaVtCrf/36JAAwEcwOg2B/stdjXe10RHFStY0N9wQdReW3yAOBohvtOubicbYY
mSCS1Bx91z7uYOo2QwtRaxNs69beSSy+oWBef4uTir8Q6WmgJpmzgmeG7ttEHquj
69CLSOWOm6Yc6qixsZy7ZkYDrSVrPwpAZdEXip7OHST5QE/Rd1M8RWCOODba16Lu
URKvgl0/nZumrPQYbB1roxAaCMtlMoIOvwcyldO0iOQ/2iD4Y0L4sTL7ojq2UYwX
bCotrhYv1srzBIOh+8vuBhV9ROnf/gab4tJII063EmztkBJ+HLfst0qZFAPHQG22
41kaNgYIYeikTrweFqSK
=Ybd6
-----END PGP SIGNATURE-----
```

let’s analyze the hash

Decrypt the hash

`https://pastebin.com/6FNiVLh5`

let’s do the Book Cipher

```
I:1:6 = h # Exemple 1 = number 1 line , 6 = 6 number character
I:2:15 = t
I:3:26 = t
I:5:4 = p
I:6:15 = s
I:10:26 = :
/ = /
/ = /
I:13:5 = b
I:13:1 = i
I:14:7 = t
I:3:29 = .
I:19:8 = l
I:22:25 = y
/ = /
I:23:-1 = 3
I:19:-1 = 9
I:2:21 = p
I:5:9 = w
I:24:-2 = 2
I:22:1 = N
I:38:1 = H
```

After completing this I found another link

`https://bit.ly/39pw2NH`

Yahoooooooo!

Hope you guys enjoyed this tryhackme Walkthrough .