From the very begginng I realized that "r0t" was a hint to rot13 or similar.
Viewing page source we see this suspicious line.
incognitoctf hint
Cookie manipulation
When we check if the site has any cookies, we find an "admin". As we put "incognitoctf" as the value and test it using BurpSuite, we get this response indicating ROT26 in the title tags:
rot26
If we try to ROT-bruteforce "incognitoctf" as the cookie value, we get various responses. After some trials, I found that the correct rotation was ROT23.
rot23
1. Analyze the .mp3
After downloading the .mp3 file from the google drive link, I opened it in Audacity. Initially, I suspected a spectrogram-based message, but the real hint was in the audio itself.
However, the audio needed to be slowed down. I used the speed/pitch change settings to reduce speed. You can find them in Effects -> Pitch and Tempo -> Change Pitch and Speed
good settings
You have to apply these settings twice.
Now we can clearly hear the Indian guy say:
2. ROT it
Since this is a rot-based challenge, we ROT14 the phrase and obtain:
Which clearly points to the size of the .mp3 file itself: 52712 bytes.
