TISC 2021

Short journey into TISC 2021

The competition was held from 29 Oct to 14 Nov 21. It was structured in a way that you had to solve all the challenges in that level before they unlocked the next level of challenges.

Sadly, I didn't even get past Level 1... There were 10 levels in total.

Level 0 - Welcome to TISC 2021!

A survey to find out more about you. After completing it, the flag is revealed.

Flag: TISC{Br1ng_0n_th3_ch4ll3ng3s!!}

Level 1 - Scratching the Surface

Challenge 1

An audio file is given for this challenge. I downloaded Audacity to load the file for analysis. Playing around with the audio showed 2 channels in the image below. The dots and dashes looked like Morse code.

Dump it into a Morse code translator and the flag is shown!

Flag: TISC{CSITISLOCATEDINSCIENCEPARK}

Challenge 2

An image was given and participants were asked to find out when the image was last modified. First thing that came to my mind was to extract the metadata with an exif tool since you the image won't tell you anything.

I used an online tool for this challenge; uploaded the image and the metadata churned out. Look at the data and time for the flag. (Unfortunately, I had deleted the image and can't retrieve it)

Flag: TISC{2003:08:25 14:55:27}

Challenge 3

The last challenge for this section had participants wondering over an image of Singapore's flag. "Nothing unusual about the Singapore logo right?" The image was titled 'picture_with_text.jpg'.

I used binwalk to analyse the details and check what type of file the image was.

Doesn't say much. I looked at the folder again and there's a file named 'desktop'. Analyse this file and it throws a chunk of data out. The first line shows something suspicious - a ROT13 encrypted message.

I immediately went to CyberChef to see what was the message behind this. Viola! The message said 'ANSWER TO THIS CHALLENGE IS HERE APPLECARROTPEAR'.

Flag: TISC{APPLECARROTPEAR}

Upon completion of the 3 challenges above, the organisers revealed challenges 4 to 10. Participants had to download a VM to continue solving the challenges.

Free Flag: TISC{Yes, I've got this.}

Challenge 4

The question asked who was the User. Running the command whoami showed the user.

Flag: TISC{adam}

Challenge 6

A 7z archive file was deleted. So the first clue was to visit the 'Recycle Bin'.

An image was found there, time to analyse the image. The challenge asked for CRC32 hash of the file in uppercase. Running the command below showed the hash.

Flag: TISC{040E23DA}

Challenge 7

There were 3 questions for this challenge. First question asked about users with an RID of 1000 or above, second question on the account name for RID of 501 and third question on the account name for RID of 503.

Run the net users command would show all the RID/SID of the accounts on the system.

Flag: TISC{1-Guest-DefaultAccount}

That's all the challenges I managed to solve. Busy studying for GCIH and trying to put some skills to test in this CTF. Below were challenges I was stuck at and how I tried to solve them.

Challenge 5

The last login time for adam should be easy, or so I thought.

I ran the command below, but that showed the date I logged on for the challenge. That was not right.

net user  username | findstr /B /C:"Last logon"

Combing through the security event logs for 'Logon' showed the last logon on 17 June 2021, 10:41:37am. Keying the flag in as TISC{17/06/2021 10:41:37} was not the answer. The challenge requested for the answer in UTC and I thought the time logs were already in UTC. So I had to convert to UTC to get the right flag. A missed flag. The correct flag was TISC{17/06/2021 02:41:37}.

Challenge 8

This was on the Internet browser history. Navigating to the Edge window, there was nothing much under the history. Next, navigate to the C drive and all the way to the Microsoft Edge User Data. There was a history file there but I didn't know how to open it.

Challenge 9

This challenge was on Registry Keys asking about a device with the drive letter 'Z' connected as a shared folder on VirtualBox. Opening the 'Registry Editor', navigate to the 'MountPoints2' and see the 'VBoxSvr'.

The funny thing was the answer was there... I entered the flag as '##VBoxSvr#vm-shared' but didn't know that it was just 'vm-shared'. I found this answer through others' writeup. So the flag was TISC{vm-shared}. Another missed flag.

Overall, a good learning experience which I had hoped I could get pass Level 1 at least. Will definitely improve my skills from hereon. Tried to run the VM for this CTF to solve the challenges and levels I couldn't solve but it kept crashing my computer... This shall be the end of my short journey into TISC 2021.