Instruo CTF 2025 - Solved Solutions & Writeups

Comprehensive writeups and solutions for the Instruo 2025 CTF Competition

🌐 View Website • 📚 Challenges • 🛠️ Tools

📋 About

Welcome to the IIEST Instruo CTF 2025 Solutions repository! This comprehensive collection contains detailed writeups, methodologies, and solutions for all challenges from the Instruo 2025 Capture The Flag competition organized by IIEST (Indian Institute of Engineering Science and Technology).

Each writeup includes:

✅ Step-by-step solution methodology
🔧 Tools and techniques used
💡 Key insights and learning points
📝 Complete command sequences
🎯 Alternative solution methods

Perfect for both beginners learning CTF techniques and experienced players looking for advanced problem-solving approaches.

🎯 Challenge Categories

The challenges span 7 major cybersecurity domains:

Category	Description	Challenges
🔍 Steganography	Hidden data extraction, file analysis, metadata forensics	5
🔧 Reverse Engineering	Binary analysis, decompilation, algorithm reconstruction	2
🌐 Web	Web recon, hidden resources, client-side analysis	2
🔐 Cryptography	Ciphers, encoding, cryptanalysis	2
🕵️ OSINT	Open-source intelligence, profile tracking	2
📋 General	Mandatory challenges, documentation	1

📚 Challenges

🟢 Easy Challenges (150 pts each)

#	Challenge Name	Category	Flag	Writeup	HTML
1	Welcome Everyone	Web	`EOF{f0und_m3_f!nally}`	📖 MD	🌐 HTML
2	Sanity Check ⚠️	General (Mandatory)	`EOF{h3r3_w3_90_4941n}`	📖 MD	🌐 HTML
3	Hiding in Plain Sight	Steganography	`EOF{u_r_@_ch!ck3n}`	📖 MD	🌐 HTML
4	Wrong Number	Crypto, Misc	`EOF{4nd4n_w4_d1nw4v4w}`	📖 MD	🌐 HTML
5	A Noob's First Milestone	OSINT	`EOF{script_kiddie@eofool.com}`	📖 MD	🌐 HTML
6	Timeless Melodies	Cryptography	`EOF{decrypted_text}`	📖 MD	🌐 HTML

🟡 Medium Challenges (200 pts)

#	Challenge Name	Category	Flag	Writeup	HTML
7	Random Gibberish	Misc, Crypto, Steg	`EOF{@stley}`	📖 MD	🌐 HTML
8	Banananana	Steganography	`EOF{hidden_among_bananananananana}`	📖 MD	🌐 HTML
11	Cannon Ball	Web, Steganography	`EOF{F0und_!t}`	📖 MD	🌐 HTML
12	Amen	Reverse Engineering	`EOF{wh3r3_ar3_my_po1n+5}`	📖 MD	🌐 HTML

🔴 Hard & Expert Challenges (300-600 pts)

#	Challenge Name	Category	Difficulty	Flag	Writeup	HTML
9	Recursive Hell	Steganography	Expert	`EOF{its_a_damn_loop}`	📖 MD	🌐 HTML
10	Apples	OSINT	Hard (300 pts)	`EOF{apples_apples_everywhere_raaaah}`	📖 MD	🌐 HTML
15	Like Finding a Needle in the Hay Stack	Steganography	Hard (500 pts)	`EOF{b3war3_!t$_c0m!ng_f0r_u}`	📖 MD	🌐 HTML
16	Fooled	Reverse Engineering	Hard (600 pts)	`EOF{not_a_foolish_person_ig}`	📖 MD	🌐 HTML

🔥 Featured Challenges

🎯 Welcome Everyone (Challenge 1)

Category: Web | Difficulty: Easy | Points: 150

Your first CTF challenge! Find the flag hidden in the Instruo website's JavaScript bundle.

Key Techniques:

Web source code inspection
JavaScript bundle analysis
React SPA reconnaissance

Flag: EOF{f0und_m3_f!nally}

📖 Full Writeup | 🌐 HTML Version

🔁 Recursive Hell (Challenge 9)

Category: Steganography | Difficulty: Expert

The ultimate recursion nightmare! Navigate through 68 nested ZIP files and 48 layers of Base64 encoding (116 total iterations!) to find the flag.

Key Techniques:

Binwalk for embedded file detection
Automated bash scripting for recursion
Base64 multi-layer decoding
Pattern recognition

Flag: EOF{its_a_damn_loop}

📖 Full Writeup | 🌐 HTML Version

🎭 Random Gibberish (Challenge 7)

Category: Misc, Crypto, Steganography | Difficulty: Medium | Points: 200

An elaborate rickroll-themed challenge involving the esoteric NGFYU programming language!

Key Techniques:

NGFYU (Never Gonna Give You Up) language recognition
Base64-encoded URL extraction (lines 509 & 1751)
Google Drive file downloads
Brightness/contrast image manipulation

Flag: EOF{@stley} (Rick Astley reference!)

📖 Full Writeup | 🌐 HTML Version

🪡 Like Finding a Needle in the Hay Stack (Challenge 15)

Category: Steganography | Difficulty: Hard | Points: 500 | Solves: 0 ⭐

The hardest steganography challenge with multiple fake flags!

Key Techniques:

PNG structure analysis (data after IEND marker)
MP3 extraction with binwalk
Metadata analysis with exiftool (critical: "Needle" field)
Caesar cipher (+1 shift) with noise obfuscation

Real Flag: EOF{b3war3_!t$_c0m!ng_f0r_u} (Beware, it's coming for you)

Fake Flags:

❌ EOF{this_is_not_a_real_flag}
❌ EOF{F00l'$_3rr@nd} (Fool's Errand)

📖 Full Writeup | 🌐 HTML Version

👨‍💻 Fooled (Challenge 16)

Category: Reverse Engineering | Difficulty: Hard | Points: 600 | Solves: 1 ⭐

The hardest reverse engineering challenge requiring deep binary analysis!

Key Techniques:

ELF binary decompilation with Ghidra
Custom encryption algorithm reverse engineering
Binary-to-decimal conversion logic
ASCII hint interpretation (E=69)
Base64 decoding of flag parts

Flag: EOF{not_a_foolish_person_ig}

📖 Full Writeup | 🌐 HTML Version

🛠️ Tools & Prerequisites

📦 Essential Tools

Steganography & Forensics

sudo apt install binwalk exiftool steghide zsteg

binwalk - Detect and extract embedded files
exiftool - Metadata analysis for images/audio
steghide - Hide/extract data in images
zsteg - PNG/BMP LSB steganography detection

Reverse Engineering

# Ghidra (Download from NSA official site)
# https://ghidra-sre.org/

sudo apt install gdb radare2 objdump ltrace strace

Ghidra - GUI decompiler and disassembler
GDB - GNU debugger
radare2 - Command-line reverse engineering framework

Cryptography

sudo apt install hashcat john openssl
pip install pycryptodome

CyberChef - Web-based crypto Swiss Army knife
hashcat - Password cracking
john - John the Ripper password cracker

Web & Network

sudo apt install curl wget nmap nikto sqlmap

curl/wget - HTTP clients
Browser DevTools - JavaScript debugging
Burp Suite - Web proxy and security testing

General Utilities

sudo apt install file strings hexdump xxd dd unzip 7zip

file - File type identification
strings - Extract printable strings
hexdump/xxd - Hex viewers
dd - Binary data extraction

🐍 Python Libraries

pip install requests pillow pycryptodome

📚 Installation Script

#!/bin/bash
# Install all CTF tools at once

sudo apt update
sudo apt install -y binwalk exiftool steghide file strings hexdump \
    xxd dd unzip p7zip-full curl wget python3 python3-pip \
    gdb radare2 hashcat openssl nmap

pip3 install requests pillow pycryptodome base64

📖 Learning Resources

🎓 Steganography

🔧 Reverse Engineering

🔐 Cryptography

🌐 Web Security

📈 Statistics

Metric	Value
Total Challenges	14
Categories Covered	7
Total Points	3,900+
Tools Used	25+
Lines of Writeups	5,000+
HTML Pages	14

🏅 Difficulty Breakdown

Easy     (150 pts): ████████ 8 challenges
Medium   (200 pts): ████ 4 challenges
Hard  (300-600 pts): ██ 2 challenges
Expert:              █ 1 challenge (Recursive Hell)

🌐 Website

Visit our interactive website to explore all challenges with beautiful UI:

🔗 https://gradientgeeks.github.io/instruo-ctf/

Features:

🎨 Beautiful glassmorphism UI
📱 Fully responsive design
🔍 Syntax-highlighted code blocks
📊 Challenge statistics
🏷️ Category badges
💾 Downloadable writeups

🤝 Contributing

Found an alternative solution? Want to add a challenge? Contributions are welcome!

Fork the repository
Create a feature branch (git checkout -b feature/new-challenge)
Commit your changes (git commit -m 'Add new challenge writeup')
Push to the branch (git push origin feature/new-challenge)
Open a Pull Request

📜 License

This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Disclaimer

These writeups are for educational purposes only.

Always follow responsible disclosure practices
Respect CTF rules and intellectual property
Do not use these techniques for unauthorized access
CTF skills should be used ethically and legally

🙏 Acknowledgments

IIEST (Indian Institute of Engineering Science and Technology) - For organizing Instruo 2025
CTF Challenge Creators - For designing engaging and educational challenges
Gradient Geeks - For maintaining this repository
Open Source Community - For providing amazing tools like Ghidra, binwalk, and more

📞 Contact

GitHub: @gradientgeeks
Website: https://gradientgeeks.github.io/instruo-ctf/

Made with ❤️ by Gradient Geeks

⭐ Star this repo if you found it helpful!

🔝 Back to Top

Name		Name	Last commit message	Last commit date
Latest commit History 38 Commits
src		src
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
absolutely-normal(15).md		absolutely-normal(15).md
amen(12).md		amen(12).md
apples(10).md		apples(10).md
banananana(8).md		banananana(8).md
cannon-ball(11).md		cannon-ball(11).md
fooled(16).md		fooled(16).md
gitlab-repo(5).md		gitlab-repo(5).md
index.html		index.html
nothing-hidden-inside(3).md		nothing-hidden-inside(3).md
random-gibberish(7).md		random-gibberish(7).md
recursive-hell(9).md		recursive-hell(9).md
sanity-check(2).md		sanity-check(2).md
timeless-melodies(6).md		timeless-melodies(6).md
weclome-everyone(1).md		weclome-everyone(1).md
wrong-number(p4).md		wrong-number(p4).md

Folders and files

Latest commit

History

Repository files navigation

Instruo CTF 2025 - Solved Solutions & Writeups

📋 About

🎯 Challenge Categories

📚 Challenges

🟢 Easy Challenges (150 pts each)

🟡 Medium Challenges (200 pts)

🔴 Hard & Expert Challenges (300-600 pts)

🔥 Featured Challenges

🎯 Welcome Everyone (Challenge 1)

🔁 Recursive Hell (Challenge 9)

🎭 Random Gibberish (Challenge 7)

🪡 Like Finding a Needle in the Hay Stack (Challenge 15)

👨‍💻 Fooled (Challenge 16)

🛠️ Tools & Prerequisites

📦 Essential Tools

Steganography & Forensics

Reverse Engineering

Cryptography

Web & Network

General Utilities

🐍 Python Libraries

📚 Installation Script

📖 Learning Resources

🎓 Steganography

🔧 Reverse Engineering

🔐 Cryptography

🌐 Web Security

📈 Statistics

🏅 Difficulty Breakdown

🌐 Website

🤝 Contributing

📜 License

⚠️ Disclaimer

🙏 Acknowledgments

📞 Contact

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages