Information#
Version#
By | Version | Comment |
---|---|---|
noraj | 1.0 | Creation |
CTF#
- Name : Egypt & UAE National Cyber Security CTF Quals 2017
- Website : cybertalents.com
- Type : Online
- Format : Jeopardy
- CTF Time : link
25 - G&P List - Digital Forensics#
Just Open the File and Capture the flag . Submission in MD5
Challenge Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/G%26P+lists.docx
1 | $ strings G\&P+lists.docx | grep -i flag noraj@noraj-pc |
You can see the flag right here between Flag.txt
and PK
. But you can extract the dock
as an archive and just read the Flag.txt
content.
25 - Hidden Message - Digital Forensics#
A cyber Criminal is hiding information in the below file . capture the flag ? submit Flag in MD5 Format
Challenge Link: https://s3-eu-west-1.amazonaws.com/talentchallenges/Forensics/hidden_message.jpg
Let's see exif metadata:
1 | $ exiftool hidden_message.jpg | grep -i Notice noraj@noraj-pc |
25 - Crack the Hash - Cryptography#
A hacker leaked the below hash online.Can you crack it to know the password of the CEO? 1ab566b9fa5c0297295743e7c2a6ec27
1 | $ hashid 1ab566b9fa5c0297295743e7c2a6ec27 |
It must be a MD5 hash. I used the findmyhash
script but had no result. Then I tried online on hashkiller.
The flag was Iamtheflag
.
50 - Admin has the power - Web Security#
If we take a look at the source code we can see:
1 | <!-- TODO: remove this line , for maintenance purpose use this info (user:support password:x34245323)--> |
And if we login as the support
user we get the following message:
1 | Hi support |
Our cookie look likes this: PHPSESSID=uq82s6g3kdbknicsj8eb040pj0; role=support
. Maybe we can change the role
.
We just used burp as proxy to intercept our request and change our cookie to PHPSESSID=uq82s6g3kdbknicsj8eb040pj0; role=admin
.
The result is:
1 | Hi admin |
50 - Cypher Anxiety - Digital Forensics#
Warning: We get the picture but we didn't get the right flag.
1 | $ strings find\ the\ image.pcap| head -11 |
So they use cryptcat over the port 7070 with the secret key P@ssawordaya
.
With wireshark let's filter tcp.port == 7070
, then flow TCP stream and save it as raw file.
Then open a netcat client on localhost: netcat localhost 7070 < crypted.file
.
And open a cryptcat listener on localhost: cryptcat -l -k P@ssawordaya -p 7070 > decrypted.file
.
1 | $ file decrypted.jpeg noraj@noraj-pc |
Both submiting md5 hash of the picture or the thumbnail failed. We didn't get the flag.