[{"content":"█████╗ ██████╗ █████╗ ███╗ ██╗ █████╗ ██╗ ██╗ ██╔══██╗██╔══██╗██╔══██╗████╗ ██║██╔══██╗╚██╗ ██╔╝ ██████╔╝██████╔╝███████║██╔██╗ ██║███████║ ╚████╔╝ ██╔═══╝ ██╔══██╗██╔══██║██║╚██╗██║██╔══██║ ╚██╔╝ ██║ ██║ ██║██║ ██║██║ ╚████║██║ ██║ ██║ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═╝ Whoami? I’m Pranay Nidhi! # A Cybersecurity Student and Ethical Hacking Enthusiast currently pursuing my B.Sc. (Hons) in Ethical Hacking and Cybersecurity at Softwarica College of IT and E-Commerce, Nepal. I’m passionate about breaking things (ethically, of course) and building secure systems to protect the digital world.\nWhat I Do 💻 # Ethical Hacking: Rooting machines on Hack The Box and TryHackMe. Digital Forensics: Finding clues in the digital world. Automation: Writing scripts to make my life easier (and then debugging them for hours). Learning: Constantly leveling up my skills in cybersecurity and beyond. Certifications 🏅 # ISC2 Certified in Cybersecurity (Jan 2024 - Feb 2027) Certified Network Security Practitioner (CNSP) by The SecOps Group (Jun 2024) Google Cybersecurity Certificate by Coursera (Aug 2023) Let’s Connect 🌐 # GitHub: pranaynidhi TryHackMe: pranaynidhi Hack The Box: pranaynidhi LinkedIn: Pranay Nidhi Twitter: pranay_nidhi ASCII Art Because Why Not 🎨 # _ _ ____ _ __ __ _____ _ _ | | | | / ___|| |/ / \\ \\ / /_ _| \\ | | | |_| | | | | \u0026#39; / \\ \\ /\\ / / | || \\| | | _ | | |___ | . \\ \\ V V / | || |\\ | |_| |_| \\____||_|\\_\\ \\_/\\_/ |___|_| \\_| { H A C K T H E P L A N E T ! } _______ _______ _/ \\_ _/ \\_ / | | \\~~~/ | | \\ ~~~~~ ~~~ ~~~~ ~~~ ~~~~~~ | | | | | | | |_______| | |_______| |_________| |_________| [ Access Granted! ] ","externalUrl":null,"permalink":"/whoami/","section":"Pranay Nidhi's Bunker","summary":"","title":"","type":"page"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"Capture the Flag (CTF) in computer security is an exercise in which participants attempt to find text strings, called “flags”, which are secretly hidden in purposefully-vulnerable programs or websites.\n","externalUrl":null,"permalink":"/writeups/ctf/","section":"Writeups","summary":"","title":"CTF Writeups","type":"writeups"},{"content":"Hello, this is a write-up for forensics challenges in TUCTF 2025. I am part of the NCA@Nepal team, and we got 40th place in the event.\nLink to TUCTF 2025\nScoreboard We solved all the challenges given in the forensics category and got a total of 430 points from them.\nLet’s move on to them.\n1. Mysterious Presentation: 50 Points # Challenge Description In this challenge, a .pptx file was provided to us named ‘quantum_propulsion_via_dank_memes.pptx.’\nAs soon as I saw it was a pptx, I tried unzipping it as it’s for a forensics challenge.\nunzip quantum_propulsion_via_dank_memes.pptx After the pptx is unzipped, we obtain these files.\nUnzipped Files As you may have already noticed, there is a 7z archive named ‘secret_data’.\nAfter extracting it using 7z,\n7z x secret_data.7z Nice! We get a folder named secret_data, which contains a txt file named flag.txt\nFlag Flag: TUCTF{p01yg10+_fi1e5_hiddin9_in_p1@in_5i9h+} # 2. Security Rocks: 50 Points # Challenge Description In this challenge, we are given a .cap file to check. Let’s dive deep into this.\nAfter opening the file in Wireshark, we see that it is encrypted IEEE 802.11 captures.\nWireshark View To decrypt the captured data, we need to add the wpa-pwd key in Wireshark preferences for IEEE 802.11.\nI had some encounters with captures like this previously, so I was prepared for this.\nWe need to use aircrack-ng along with the rockyou wordlist as suggested by the name to get the wpa-pwd.\naircrack-ng -w dump_05.cap rockyou.txt I found the key after some time. It is youwontguessit92\nNow, let’s add the key to Wireshark.\nWe know the SSID from the first beacon frame. It is securityRocks.\nTo add the key, we will go to Edit \u0026gt; Preferences \u0026gt; Protocols \u0026gt; IEEE 802.11 \u0026gt; Decryption Keys, or you can just use the shortcut Ctrl+Shift+P to get to preferences.\nWireshark Preferences After adding the key as shown below,\nAdding Key We can get the decrypted data.\nNow let’s look for TCP streams. We can add the ’tcp’ filter for this. Let’s follow these streams.\nIn TCP stream 1, we get the following data:\nTCP Stream 1 It is encoded using base62. I used dcode.fr for this.\nBase62 Decoding And we get the flag.\nFlag: TUCTF{w1f1_15_d3f1n173ly_53cure3} # 3. Packet Detection: 50 Points # Challenge Description This challenge had a .pcap file given to us. We need to analyze it to get the flag.\nThis challenge was pretty easy.\nIf we check the protocol hierarchy statistics, we get the following:\nProtocol Hierarchy As shown above, there are some data packets. So, I checked it first using the ‘data’ filter.\nData Packets There are only 9 packets with data.\nThe last one contains the following:\nFlag Packet This matches the flag format given to us. We got the flag.\nFlag: TUCTF{N3tw0rk_M4st3r} # 4. Bunker: 280 Points # Challenge Description This challenge had given us a .7z archive, which contained two files:\nFiles in Archive Using the ‘file’ command, let us attempt to determine what these files are:\nFile Command Output One is a KeePass password database, while the other is a Mini DuMP crash report.\nI had seen an article where you can extract the KeePass DB master key using the memory dump of the time when the password was entered. I have linked the GitHub repo of the researcher who found this.\nvdohney/keepass-password-dumper Original PoC for CVE-2023-32784 C# 651 60 The Python implementation of this exact CVE was done by this developer:\nmatro7sh/keepass-dump-masterkey Script to retrieve the master password of a keepass database \u0026lt;= 2.53.1 Python 116 17 I used the original PoC with the dump file provided to us. You need dotnet installed on your machine to run this:\ndotnet run ../Bunker_DMP ../Bunker_DB Dotnet Output It gave us a possible password, with the first character unidentified and the second character being one of the 11 characters listed inside {}.\nAfter that, I asked ChatGPT to create a Python script to brute force the password.\nThis is the script:\nfrom pykeepass import PyKeePass import string # Define the range of possible characters second_characters = [\u0026#39;L\u0026#39;, \u0026#39;Ï\u0026#39;, \u0026#39;§\u0026#39;, \u0026#39;y\u0026#39;, \u0026#39;H\u0026#39;, \u0026#39;q\u0026#39;, \u0026#39;$\u0026#39;, \u0026#39;W\u0026#39;, \u0026#39;A\u0026#39;] first_characters = \u0026#39;\u0026#39;.join(chr(i) for i in range(32, 256)) # Extended ASCII known_characters = \u0026#39;0Ry_2_M4nk1Nd!_Y0RH4\u0026#39; # Path to your KeePass database db_path = \u0026#34;Bunker_DB\u0026#34; # Brute-force loop for first_char in first_characters: for second_char in second_characters: password = first_char + second_char + known_characters try: kp = PyKeePass(db_path, password=password) print(f\u0026#34;Success! The password is: {password}\u0026#34;) exit(0) except Exception as e: pass # Ignore incorrect passwords print(\u0026#34;Password not found.\u0026#34;) This uses the ‘pykeepass’ library. So we need to get it using pip or apt:\npip install pykeepass # OR sudo apt install python3-pykeepass After running the script for some time, we get the key.\nBrute Force Success Now, let’s open it. I am using KeePassXC for this.\nKeePassXC View Checking the recycle bin, we see this:\nRecycle Bin But it shows redacted. Let’s check more thoroughly.\nIf we double-click on the entry, the record window opens, and we have some notes.\nRecord Notes After combining all the parts and checking on CyberChef, it shows that it is in hex.\nHex to Text Let’s translate it.\nTranslation The challenge creator is really unhappy with humanity. 👹\nLet’s look back into the KeePass record.\nAfter scrolling down on the left pane, we see a history tab. Clicking on it, we see that the record was modified.\nHistory Tab Let’s check this out. Double-click on it and unhide the password field.\nUnhide Password Yay! We got the flag.\nFlag: TUCTF{Th1s_C4nn0T_ConT1nu3} # Conclusion # The TUCTF 2025 Forensics Challenges provided an exciting opportunity to apply real-world forensic techniques in a competitive setting. From uncovering hidden files in a PowerPoint presentation to decrypting network traffic and extracting passwords from memory dumps, each challenge required a combination of analytical thinking, technical expertise, and creative problem-solving.\nOur team, NCA@Nepal, secured 40th place, successfully solving all forensic challenges and earning 430 points. While the competition tested our knowledge of file forensics, network analysis, cryptography, and memory forensics, it also highlighted the importance of automation, scripting, and efficient forensic methodologies.\nI hope to see even more diverse and complex forensic challenges in future CTFs, including digital forensics and incident response (DFIR), malware analysis, and steganography. The experience reinforced our passion for cybersecurity, and we look forward to tackling even more advanced challenges in the next competition! 🚀🔍\n","externalUrl":null,"permalink":"/writeups/ctf/tuctf-2025/","section":"Writeups","summary":"","title":"Forensics Challenges from TUCTF 2025","type":"writeups"},{"content":" pranaynidhi/malware_packaging_suite Python 0 0 pranaynidhi/microhire-frontend Frontend for MicroHire Platform JavaScript 0 0 pranaynidhi/microhire-backend Backend for the MicroHire Platform JavaScript 0 0 pranaynidhi/4061CEM-Coursework1 C 0 0 pranaynidhi/4061CEM-Coursework2 Python 1 0 ","externalUrl":null,"permalink":"/projects/","section":"My Projects","summary":"","title":"My Projects","type":"projects"},{"content":"","externalUrl":null,"permalink":"/","section":"Pranay Nidhi's Bunker","summary":"","title":"Pranay Nidhi's Bunker","type":"page"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":"","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"A stash of write-ups dissecting challenges, exploits, and machines—sorted by the platforms they were dropped on.\n","externalUrl":null,"permalink":"/writeups/","section":"Writeups","summary":"","title":"Writeups","type":"writeups"}]