Intro to Cybersecurity Bootcamp CTF Assessment
Last updated
Last updated
A concerted effort between CyberTalents and Trend Micro to provide a free introductory cybersecurity training program to students and fresh graduates who are looking to enhance their technical skills and start their careers as cybersecurity professionals.
There were many lessons during the bootcamp that covered many areas of information security such as web security, network security and digital forensics and Cryptography.
Also Me and @sl4x0 with @Mohamedkashik made a Notion note to summarize bootcamp Tools & Topics.
Description:
A malicious program that is primarily spread through spam emails. The infection may arrive either via malicious script, macro-enabled document files, or malicious link.
Flag:
Emotet
Emotet is a Trojan that is primarily spread through spam emails. The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies.
Description
Just like onion , flag in format flag{}
Walkthrough:
In this challenge we got a secret_onions.xcf
file to download
first we gonna run file
command to know what type file is this
by using exiftool
we got our first part of the flag
from file
command to notice that there is data inside this file, So we gonna extract it with binwalk
This file type was DATA, So let us read it with strings and grep
some interesting words
Now we got the two parts of the flag.
in this challenge we got a bin file and we need to dig in it to find Eliot Secrets.
Walkthrough:
after downloading bin file, we need to figure out what file-type is it. so running
file elliot_secrets.bin
it`s an ELF file, So we may execute it in terminal.
Yup, That`s for sure :)
Now, i tried to extract any data embedded in this file with binwalk
sadly this folder contained the same bin file inside. So i thought about give it one more shot with another tool. i used Foremost at this time and i got some interesting output
foremost extracted a wav file which immediately came to mind to pass it to something like Audacity or Sonic Visualiser to see if this file have hidden data but i got noting back :(
The last tool came into my mind which can be used with wav files is Deep Sound
This a steganography tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks.
so after passing the wav file to this tool it asked me for a password!!!
At this point i was relived as i knew i was walking at the right path. after sometime of googling i found this Python script [ deepsound2john ] which we can use it to convert wav file to hash, then crack this hash with john
then crack this hash $dynamic_1529$ea007a659e8e59ba2cb9d8fb5119413b718c5517
john successfully cracked our hash ragerocks123
. go to deepsound to extract data from wav file.
We got a pdf file extracted with this image inside
Running strings on this pdf to see if we miss anything
I used this site to beautify this JS code [ https://beautifier.io/ ]
there was an interesting function at the end of this code function hi()
which was having intersting chars, So i deleted everything else and wanted to see these separated chars
The final result was IZWGCZ33IFZGKVKMN5ZXIP3
which was encoded with base32. after decoding it.
And we got Eliot`s Flag!!
FLAG: Flag{AreULost?}
Description
Your typical php challenge!
Walkthrough:
After visit challenge link wo got this php code viewed
This php code is vulnerable to OS command injection and setting http parameter echo
which we gonna use the it to retrieve flag file on this server.
let`s fire-up our burpsuit and try to inject anything at first like echo=1
now let`s try with this payload echo=1;id
and see if we got OS Command Injection?
indeed the id
command was executed, so we need to find where is the flag file
Moving backwards with this payload ?echo=1;ls+../../../
to root dir we found our flag
Description:
who can I trust?
Walkthrough:
This one was simple to solve but a little challenging. Depended on some encryption.
To begin the challenge, you will get the following page:
After launching our burp proxy, load this website and quickly notice the http requests.
As you can see the cookies was very interesting to play with. the very first part of the cookie was flag=who_has_gohn_cookie
moving to second part of cookie i noticed at once that was base64 encoded because of %3D
at the end.
so after decrypting all this cookie parts using cyberchef and Hashes.com you will get:
I still didn`t watch HunterxHunter anime 😅 But i can tell that satotz
is what we need. So i changed flag=who_has_gohn_cookie
with flag=satotz
. and it worked!!
FLAG: flag{Always_Trust_Your_Fr13nds}
Walkthrough:
Unfortunately I haven't taken any screenshots of this challenge. This challenge was an image upload website which was vulnerable to XSS, with only one input field for the picture url you want to download.
when you put the url of the image url you want to download. a J.S function was made to create anchor element and take your input inside it. now if you tried to put this link http://www.link.com/ onload="alert(1)"
this will fire-up XSS alert(1) and we will have our flag.
Flag: flag{loOks_You_ar3_xSs_mast3r_1337}
This was network security challenge with pcap file to dig in.
Walkthrough:
we got pcap file to download so after open it with Wireshark we see a lot of traffic
when playing any network security CTF i used to use Wireshark tools power to make it easy win
using credentials from tools bar to extract any CRED though FTP or HTTP traffic. And we got some credentials from it.
Also from go to Statistics > Protocol Hierarchy. This will show you most used protocols within the traffic
found 2 Data Packets which maybe something very interesting to see. after navigating to them we can see it is a .zip file (i can tell it is a .zip file from PK header value)
Moreover, while navigating within the pcap file streams i got this stream which confirm that we have a .zip file
So without wasting time i extracted this .zip file. But when i tried to open/unzip it asked for a password.
I tried to bruteforce this .zip file with tools like fcrackzip but got nothing :/
Then i remembered that i know a little wireshark magic power to give it a try
using export objects to see any interesting files through HTTP traffic
And we got many jpg files
if you noticed that there is a pattern in files name, But i did not notice this until downloaded them and opened folder
As you can see. If you collect the letters together you will find it mean something
Password ==> iamsupersecretpasswordgood4uthefinding
So let`s grap that flag
These was Cryptography challenges and Both can be easily solved using CyberChef
Thanks For Reading