Don't be Jon Snow !!! We must Know everything !!! Flags are coming !!! Ctf Challenges, Writeups, News, Promoting Nepal's Security, CTF Events, CTF News ...... https://blog.ctfnepal.org/

Monday 30 January 2017

CTF Challenges | The HackBack | SOLUTIONS

30 January ,

There are altogether Nine challenges right now . I like to thanks  @TheNittam for giving me ideas , @rigotechnology for bringing up the challenges. 
The Flag have a structure of Hack{flag_is_here}Back. I request to you that, please first visit the ctf url and play it, and then come back here :)

#spoilerfreezone 
"This is the writeups of  the solution of nepal's first ethical hacking competition --> The hackback #hackback "

CTF URL : 


http://0xctf.blogspot.com/2017/01/ctf-challenges-hackback.html

SOLUTION : Guess the flag !!! (10 pts) :

Hint : You know who is the best hacker in the World? , The one that guess passwords correctly.















No chances of brute forcing the flags , and then i manually tried to submit the flags using some common passwords.

  • Hack{admin}Back
  • Hack{admin123}Back
  • Hack{root}Back
  • Hack{toor}Back
  • Hack{hackback}Back
  • Hack{hackback123}Back

And yes, the flag is : Hack{hackback123}Back


SOLUTION : Client Side Verification Sucks (10pts) :






















 After browsing : ctffiles.bughunters.club , there is a form where we need to submit the correct value and after seeing the source code we get to know that, the value is stored in solve variable.



































I open the console :










 after inputting the solve value in the form ,



















 voila !!! the flag is : hack{client_s1de_not_sO_good}back


SOLUTION : Easy Peasy (10pts) :

































So, as you can see the flag is hidden in pyc file. 
Python automatically compiles your script to compiled code, so called byte code, before running it. When a module is imported for the first time, or when the source is more recent than the current compiled file, a .pyc file containing the compiled code will usually be created in the same directory as the .py file.


I found that this .pyc file is generated from .py file using python 3.x , and the best friend of hacker is google . I search about decompiling the python compiled code and i found this git.

C++ python bytecode disassembler and decompiler
https://github.com/zrax/pycdc 




If you have problem , don't to how to make this work : 

>   apt-get install cmake
>   cmake  ~/git/pycdc
>   make
>   ./pycdc ~/Documents/analysis/hackback/easypeasy.pyc  >> easypeasy.py

then view the code : yes, you will find the flag there :)


Flag is : hack{f@c3b00k|-|ack3r}back

 MYTH - Obfuscation helps prevent Hackers (50pts)





Seriously at first this challenge was pain in the ass to me because i am just now learning js , I loved to thanks @thenittam for giving me hints here. 

view-source:https://hackback.bughunters.club/login/login.js



and the flag is : hack{help_tonseod_noitacsufbo}back




SOLUTION : Christmas is not over yet (100pts) :




















There is two forms, login and signing up.
First i signup without tampering the data and what i got is :
"BABA JI KA THULLU"
(A slang)
Now i tried to figure out what is happening here and i fire up the burp suite and intercept the register page and find out that there is u_roles param, which determines what type of user is signing up,  Back there, when i logged in with normal user, i got ..!.. baba ji ka thullu ..!.. , and i thought let's see what would happen if  i change param u_roles : admin, will i get the flag ?










 And yes, after logged in  , i can see the flag in secret.php











Flag is : hack{well_done_!!00@@}back




SOLUTION : Swag is the gateway to Swagi-Land (50pts) :


Hint : This is a personal website of Snoop-Kukur(i.e:Snoop-Dog). Everyone knows how swaggy is snoop kukur. Reveal all the swags of snoop-kukur for gatway to swagi-land.

PS: No offence to weed lovers <3 , Hail weed !!!




Thanks to @abralxhrextha for clearing me out where the flag is located , this challenge seems hard but kind of noob and a logical one.
There are like 3 images on the page and at first thought it was stenography, tried different methods and being failed. 
http://ctffiles.bughunters.club/rappershub/index.php?image=1.gif
Seeing image= , i thought may be chances of lfi and tried methods like manually and using fuzzer , but still cannot get, and i leave it and planned to solve it later.

 *le me after a day : The main challenge is where the images are loaded from , because while doing view image or trying to see the image link, you'll find something like : 
data:image/png;base64,encodedcodes

It's the raw PNG data that is encoded in Base64, right ? But wait, here comes the redirection path. Everytime , the /rappershub/ get redirect to index.php?image=1.gif










Using No-Redirect addons, i got the path :
source/includes/files/img/

And yes, the 1.gif is being loaded from  :


http://ctffiles.bughunters.club/rappershub/source/includes/files/img/flag.png

But now what? here comes the handy part. As we did in solution1 , we need to guess the flag. Thanks  @abralxhrextha here :)

 USING BRAIN : Flag is located here : /source/includes/flag.png 

Flag is : hack{snoop_doge_lion_rocks!!@@}back





SOLUTION : Upcoming (Underconstructionpts) :


 Player :
/// 0xctf ///


Posted by at 30 January
Labels: ,

1 comment:

Subscribe to: Post Comments (Atom)

whoami

Recent

Random