Knight Squad Blog

Tryhackme : Cicada-3301 Vol:1

Posted on by Shahabor Hossain Rifat

Hey everybody!

It’s Shahabor Hossain Rifat here.Today we will slove Cicada-3301 Vol:1 room on tryhackme.

So, without further ado, let’s get started.

So, at first download task files . After downloading I found a zip file and extracted the zip file. After extracting I got two files.

I found an audio file. Let’s analyze the audio file with Sonic Visualiser. After analyzing the audio file I found QR code.

After scanning the QR code I found the following link.

https://pastebin.com/wphPq0Aa

I visited the link and I found some text in Pastebin

Let’s decrypt the passphrase and key with CyberChef

Now to get the final passphrase

Let’s find the secret message with steghide from image .

Let’s visit the link. In this link I found an image. I downloaded the image and tried to find the hidden files using the outguess tool.

Outguess tool link : https://github.com/crorvick/outguess 

[r1fat@exploit outguess]$ outguess -r image-link.jpg tryhackme
                                       
Reading image-link.jpg....
Extracting usable bits:   29035 bits
Steg retrieve: seed: 38, len: 1351

[r1fat@exploit outguess]$ cat tryhackme                                                           

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Welcome again.

Here is a book code.  To find the book, break this hash:

b6a233fb9b2d8772b636ab581169b58c98bd4b8df25e452911ef75561df649edc8852846e81837136840f3aa453e83d86323082d5b6002a16bc20c1560828348

Use positive integers to go forward in the text use negative integers to go backwards in the text.

I:1:6
I:2:15
I:3:26
I:5:4 
I:6:15
I:10:26
/
/
I:13:5
I:13:1
I:14:7
I:3:29
I:19:8 
I:22:25
/
I:23:-1
I:19:-1
I:2:21
I:5:9
I:24:-2
I:22:1 
I:38:1


Good luck.

3301

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJQ5QoZAAoJEBgfAeV6NQkPf2IQAKWgwI5EC33Hzje+YfeaLf6m
sLKjpc2Go98BWGReikDLS4PpkjX962L4Q3TZyzGenjJSUAEcyoHVINbqvK1sMvE5
9lBPmsdBMDPreA8oAZ3cbwtI3QuOFi3tY2qI5sJ7GSfUgiuI6FVVYTU/iXhXbHtL
boY4Sql5y7GaZ65cmH0eA6/418d9KL3Qq3qkTcM/tRAHhOZFMZfT42nsbcvZ2sWi
YyrAT5C+gs53YhODxEY0T9M2fam5AgUIWrMQa3oTRHSoNAefrDuOE7YtPy40j7kk
5/5RztmAzeEdRd8QS1ktHMezXEhdDP/DEdIJCLT5eA27VnTY4+x1Ag9tsDFuitY4
2kEaVtCrf/36JAAwEcwOg2B/stdjXe10RHFStY0N9wQdReW3yAOBohvtOubicbYY
mSCS1Bx91z7uYOo2QwtRaxNs69beSSy+oWBef4uTir8Q6WmgJpmzgmeG7ttEHquj
69CLSOWOm6Yc6qixsZy7ZkYDrSVrPwpAZdEXip7OHST5QE/Rd1M8RWCOODba16Lu
URKvgl0/nZumrPQYbB1roxAaCMtlMoIOvwcyldO0iOQ/2iD4Y0L4sTL7ojq2UYwX
bCotrhYv1srzBIOh+8vuBhV9ROnf/gab4tJII063EmztkBJ+HLfst0qZFAPHQG22
41kaNgYIYeikTrweFqSK
=Ybd6
-----END PGP SIGNATURE-----

let’s analyze the hash

Decrypt the hash

https://pastebin.com/6FNiVLh5

let’s do the Book Cipher

I:1:6 = h #  Exemple 1 = number 1 line , 6 = 6 number character 
I:2:15 = t
I:3:26 = t
I:5:4 = p
I:6:15 = s
I:10:26 = :
/ = /
/ = /
I:13:5 = b
I:13:1 = i
I:14:7 = t
I:3:29 = .
I:19:8 = l
I:22:25 = y
/ = /
I:23:-1 = 3
I:19:-1 = 9
I:2:21 = p
I:5:9 = w
I:24:-2 = 2
I:22:1 = N
I:38:1 = H

After completing this I found another link

https://bit.ly/39pw2NH

Yahoooooooo!

Hope you guys enjoyed this tryhackme Walkthrough .

Leave a Reply

Your email address will not be published. Required fields are marked *