IIT Goa CTF Write-ups

CultRang 2026 CTF Writeup Collection of Capture The Flag (CTF) write-ups covering multiple domains of cybersecurity.

📂 Categories

🔍 OSINT / Git Forensics

• The Invisible Developer

🔐 Cryptography

• Secure Admin Panel (Length Extension Attack)

🖼️ Forensics / Steganography

• The Island Prison Escape

---

🗂️ Challenge Index

Challenge Name	Category	Difficulty	Status	Platform
The Invisible Developer	OSINT	Medium	✅ Solved	CultRang 2026
Secure Admin Panel	Cryptography	Medium	✅ Solved	CultRang 2026
The Island Prison Escape	Forensics	Medium	✅ Solved	CultRang 2026

🛠️ Tools & Techniques

• OSINT Tools: GitHub API, curl, Reddit investigation
• Cryptography: Length Extension Attack, SHA-1 manipulation, HMAC bypass
• Forensics: hexedit, xxd, file header repair
• Steganography: steghide, multi-layer extraction
• Decryption: Morse code, ROT13 cipher
• Programming: Python socket programming, manual SHA-1 implementation

Vulnerabilities Exploited:

• GitHub Personal Access Token (PAT) exposure
• Naive MAC implementation (SHA-1 instead of HMAC)
• File format corruption and repair
• Multi-layer steganographic hiding

⚠️ Disclaimer

These writeups are provided for educational purposes only. The techniques demonstrated should only be used in authorized penetration testing, CTF competitions, or educational environments. The authors take no responsibility for any misuse of this information.

---

🛠 Tools Used

• OSINT: GitHub API, curl, Reddit investigation
• Cryptography: Python, socket programming, manual SHA-1 implementation
• Forensics: xxd, hexedit, file header analysis
• Steganography: steghide, multi-layer extraction
• Decryption: Morse code, ROT13 cipher, CyberChef

---

👤 Author

Security Researcher
BSc Computer Science | CTF & Security Enthusiast