Round 1 CTF Write Up

Contest Date: — 13th December 2025

Hello All, My name is Annette George. I’m currently in my final year, pursuing Computer Science and Engineering (Cyber Security).

In this blog, I share my personal experience and preparation strategies for TCS HackQuest Season 10 an ethical hacking CTF and cybersecurity competition, for students in India

This blog includes the detailed write up for TCS Hackquest Season 10 Round 1.

Round 1 Summary :

• Challenges Solved: 7
• Total Points: 1100
• CTF Duration: 4 hours
• Report Writing: 2 hours

The Challenges :

The CTF started with a total of 10 challenges, although a few were added and removed during the competition. I was able to solve 7 challenges in total.

1. Challenge Title: AREA 64 -100

Flag: HQX{70c5d525cacbb107fa1872a49bf4ccf8}

Approach (Step by Step): 1. By the name of the challenge “Area 64” the hint was clear about its connection to Base64 encoding.

2. After opening the file I found the encrypted string and copied it.

3. The extracted string was then analyzed using the online tool Cyberchef to convert from base64 and this successfully revealed the Flag.

2. Challenge Title: Hidden Layers

Flag: HQX{24c0ce09e0662622ec3089439d1d48f0}

Approach (Step by Step): 1. Analyzing the provided clue indicated that the challenge might involve a steganography-based technique.

2.The given file was downloaded and identified as an image file.

3. Then I used an online steganography tool ‘https://stylesuxx.github.io/steganography/’, uploaded the image in the decode section.

4. The breakthrough came when checking the Least Significant Bits (LSB). This resulted in receiving the flag in the hidden messages section.

Alternate approach- Use command ‘zsteg’

3. Challenge Title: SMALL- E

Flag: HQX{36b8682966e55faf9601803f687a77ff}

Approach (Step by Step): 1. The challenge description clearly mentioned RSA crytography.

1. Upon examining the provided script, it was observed that:

2. The values of n (modulus) and ct (ciphertext) were provided..

3. After examining the script, I noticed that the public exponent (e) was very small, specifically e = 3. This immediately suggested a potential RSA small-exponent vulnerability.

Since the plaintext raised to the power of e was smaller than n, the ciphertext effectively became: ct=m^e instead of ct = m^e mod n.

The extracted RSA parameters (n, e, and ct) were then supplied to an online decoding tool dCode — RSA Decoder that supports the Small-e attack.. The ciphertext was successfully decrypted without requiring the private key.

1. The decrypted output revealed the plaintext message, which contained the flag, thereby completing the challenge.

4. Challenge Title: SEEDS of Time

Flag: HQX{c126bb454b4b5166928af2f0729fbd08}

By now few hours passed and the pressure creeped in which is why unfortunately I missed out on taking screenshots of the Challenges and their descriptions.

Approach (Step by Step): 1. Analyzing the provided encoder code showed that the flag was encrypted using XOR with a keystream generated from Python’s random module.

2. Observing that the random number generator was seeded using the Unix timestamp (int(time.time())) indicated that the seed was predictable.

3. Since timestamps have a limited range, I assumed the seed would be close to the challenge creation time.

4. With the help of AI I wrote a script to brute-force possible timestamp seeds within a small time window.

5. For each seed, the keystream was regenerated using random.random() and XORed with the given ciphertext.

6. The decrypted output was checked for a valid flag format (HQX{…} with printable characters).

7. When a valid output was found, the correct seed was identified and the flag was successfully recovered.

5. Challenge Title: Paper Scripts

Flag: HQX{2e05d5c636b11e3bced2d58f266cfb0c}

Approach (Step by Step): 1. After analyzing the provided file, I noticed it was a PDF document, not a normal text or image file.

2. As it was given in the clue that hidden or embedded content was present, I inspected the PDF using the strings command where I found the keyword — Javascript giving a clue that it might have embedded JavaScript

3. Then using the pdfinfo -js command checked for embedded JavaScript. The output revealed obfuscated JavaScript code containing hexadecimal escape sequences and encoded strings.

4. The obfuscation was reversed by interpreting the hex-encoded characters.

5. The Hex Characters were copied and pasted in Cyberchef to check for decryption From Hex and it worked!

6. The extracted value confirmed it as the correct flag.

6. Challenge Title: UNFAIR FLIP

Flag: HQX{5c4e92253474fc9d769c200950e86a41}

Approach (Step by Step):

1. The Challenge led to a website. Analyzing the provided clue indicated that the challenge involved manipulating client-side runtime using the console of the browser.
2. Inspecting the page source and console revealed a JavaScript function and a global window.coins array that controlled the coin-flip result and the hidden flag logic.
3. Then by manually setting window.coins = [‘H’,’H’,’H’]; in the console and calling window.coin again invoked the hidden flag function and the challenge page displayed the flag.
4. The revealed flag was then submitted which validated it successfully completing the challenge.

7. Challenge Title: ChatOps

Flag: HQX{07acc3d5c164f541bab2b0ebf2bdf2fc}

Approach (Step by Step):

NOTE: This challenge is where I wasted a lot of my time, the site was extremely slow to load and hence to work around this I tried opening multiple tabs, switched browsers, at the end I was able to complete the Challenge and get the flag but on submission it said that the flag was invalid and so I retried doing the challenge but found the same error message.

1. The challenge involved interacting with a chatbot to uncover hidden admin access details.
2. I tried various urls and subdomains such as /hidden, /admin=page, /url but nothing worked. At the same time I was querying the ChatOps bot continuously and since the site was too slow , I opened multiple tabs. I queried the bot with the prompt asking for the hidden portal ID, which triggered the bot to respond with a /login-<id> path.
3. Visiting this hidden login endpoint and continuing the conversation with the bot revealed an admin unlock URL containing a key=flag parameter along with an administrator password.
4. Using the provided unlock URL and password on the admin login screen successfully authenticated as the administrator and displayed the final flag, which was then submitted but unfortunately received an error message stating the flag was invalid and in some attempts that the flag was expired.

After 4 hours the CTF time had come to an end and now we were supposed to write the report with detailed approach for all the challenges solved.

The report format was provided on the TCS HackQuest platform, and we had to submit the completed report before 4 PM.

Overall Round 1 went pretty well for me, I believe for someone who has a basic background in cybersecurity would be able to get through the challenges. The hardest part, however, was maintaining focus and thinking critically throughout the entire six-hour duration of the competition. One tip I’d suggest is to take screenshots and write the report alongside solving challenges to not miss out on any details.

About 20 days later, I received an email informing me that I had cleared Round 1 and qualified for Round 2. After this I began preparing for Round 2 with renewed motivation to do my best, little did I know that I was about to face unfortunate situations, but in the end everything worked out :)

Stay Tuned for Round 2 and Interview Experience! 😊

Connect with me — linkedin.annette