Cracking hashes like there’s no tomorrow.
Hello, world!
Mini Compiler
“Remote code execution as a service.”. Reminded me of my freshman year’s moodle exploitation :lol:.
Ez Web
The statement
duh.
Solution
Inspect the html and find js file.
Find this encoded string in js file.
JS
| |
Decode it
$_ base64 -d «< cm9vdEBsb2NhbGhvc3R7VGhlX3dlYl9jaGFsbF9pc19lYXN5fQ==
root@localhost{The_web_chall_is_easy}
Flag: root@localhost{The_web_chall_is_easy}
Pixel Secrets
The statement
Decode the hidden message embedded in this image. Use steganographic techniques to uncover the flag that lies beneath the pixels!
Solution
Should be pretty self explanatory. Classic steganography bruteforce.
$_ docker run –rm -it -v ‘$(pwd):/steg’ rickdejager/stegseek steg1.jpg password.txt
Unable to find image ‘rickdejager/stegseek:latest’ locally
latest: Pulling from rickdejager/stegseek
a70d879fa598: Pull complete
c4394a92d1f8: Pull complete
10e6159c56c0: Pull complete
2a9284816e0c: Pull complete
da918f5114c3: Pull complete
172662ab993b: Pull complete
Digest: sha256:a3c6a82d5b7dd94dc49098c5080a70da8103b7ed3b3718423b3a70d4b43c9a8a
Status: Downloaded newer image for rickdejager/stegseek:latest
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek
Hidden Truth
The statement
A hidden message lies concealed within a jumble of characters and numbers. Can you crack the code and reveal the secret? The mystery is waiting for you to uncover it.
Solution
Strings on the file gives a base64 string.
$_ strings -n 65 challenge.png
<x:xmpmeta xmlns:x=‘adobe:ns:meta/’ x:xmptk=‘Image::ExifTool 12.76’>
<rdf:RDF xmlns:rdf=‘http://www.w3.org/1999/02/22-rdf-syntax-ns#'>
Attrib:ExtId03825ccf-d796-4baa-8dda-96a2acd20326</Attrib:ExtId>
<rdf:li xml:lang=‘x-default’>cm9vdEBsb2NhbGhvc3R7QzBuZ3JAdCRfWTB1X0YwdW5kX1RoM19NeXN0M3J5X04wd30=</rdf:li>
cm9vdEBsb2NhbGhvc3R7QzBuZ3JAdCRfWTB1X0YwdW5kX1RoM19NeXN0M3J5X04wd30=
Decode it to get flag
Echo of Time
The statement
You found an audio file named ab Somewhere within this audio lies a crucial piece of information: a year that marks a significant event. Extract the year hidden in the audio using steganography techniques.
Solution
Open the given file in audacity, and view it as spectogram.
Flag: r00t@localhost{2025}
Play With Qr
You don’t need A GUI FOR SORTING FILES BY SIZE.
Silent Courier
The statement
A mysterious file is being secretly transferred between servers. Your task is to intercept the transfer and uncover the hidden secret. Can you track it down before it’s too late?
Solution
File is analyzed using apacket.
The zip file is encrypted.
$_ unzip protected.zip
Archive: protected.zip
[protected.zip] secret.zip password: %
Crack it with johntheripper
$_ zip2john protected.zip > zip.hash
ver 2.0 Scanning for EOD… FOUND Extended local header
protected.zip/secret.zip PKZIP Encr: cmplen=137, decmplen=178, crc=13905395
The Great Login Heist
The statement
In a daring attempt at digital mischief, a crafty threat actor tried to break into Cybertown Tech Solutions’ secure web interface. Their sneaky login attempts were caught red-handed in a PCAP file, thanks to our vigilant network monitoring.
flag format :root@localhost{username_password}
Solution
The pcapng file has the following string, which contains the username and password. ez win
**Flag: root@localhost{Liam_24_P%40ssw0rd!2024}**
Quirks
I thought the password (P%40ssw0rd!2024) was meant to be Base64URLdecoded, but the organizers thought otherwise 😅.
Javascript Is Not The Answer
During the last three weeks, javascript has been the reason for all of my misery. The more javascript i write, the more i wonder ‘Who put this piece of shit on the server!’ Even though it has always given me problems, there’s two problems that made me (almost) physically abuse my keyboard.
No, i won’t be talking about what {} - [] results in, why spend time thinking about things that you will never use?